From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 54ABD222DDBEA for ; Sun, 14 Jan 2018 18:30:18 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jan 2018 18:35:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,361,1511856000"; d="scan'208";a="10160650" Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.158.46]) by fmsmga008.fm.intel.com with ESMTP; 14 Jan 2018 18:35:34 -0800 From: Star Zeng To: edk2-devel@lists.01.org Cc: Star Zeng , Jiewen Yao Date: Mon, 15 Jan 2018 10:35:23 +0800 Message-Id: <1515983723-14100-1-git-send-email-star.zeng@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 Subject: [PATCH] IntelSiliconPkg IntelVTdDxe: Fix potential NULL pointer dereference X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2018 02:30:18 -0000 The implementation of MdeModulePkg\Universal\Acpi\AcpiTableDxe reserves first entry of RSDT/XSDT to FADT, the first entry value is 0 when FADT is installed. So the RSDT/XSDT parsing code should check the entry value first before checking the table signature. Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng --- IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c index b981bcdb3aa0..342830a01fb0 100644 --- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c +++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -889,7 +889,7 @@ ScanTableInRSDT ( EntryPtr = &Rsdt->Entry; for (Index = 0; Index < EntryCount; Index ++, EntryPtr ++) { Table = (EFI_ACPI_DESCRIPTION_HEADER*)((UINTN)(*EntryPtr)); - if (Table->Signature == Signature) { + if ((Table != NULL) && (Table->Signature == Signature)) { return Table; } } @@ -923,7 +923,7 @@ ScanTableInXSDT ( for (Index = 0; Index < EntryCount; Index ++) { CopyMem (&EntryPtr, (VOID *)(BasePtr + Index * sizeof(UINT64)), sizeof(UINT64)); Table = (EFI_ACPI_DESCRIPTION_HEADER*)((UINTN)(EntryPtr)); - if (Table->Signature == Signature) { + if ((Table != NULL) && (Table->Signature == Signature)) { return Table; } } -- 2.7.0.windows.1