From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received-SPF: Permerror (SPF Permanent Error: Void lookup limit of 2 exceeded)
 identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com;
 envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 54ABD222DDBEA
 for <edk2-devel@lists.01.org>; Sun, 14 Jan 2018 18:30:18 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 14 Jan 2018 18:35:35 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,361,1511856000"; d="scan'208";a="10160650"
Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.158.46])
 by fmsmga008.fm.intel.com with ESMTP; 14 Jan 2018 18:35:34 -0800
From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>
Date: Mon, 15 Jan 2018 10:35:23 +0800
Message-Id: <1515983723-14100-1-git-send-email-star.zeng@intel.com>
X-Mailer: git-send-email 2.7.0.windows.1
Subject: [PATCH] IntelSiliconPkg IntelVTdDxe: Fix potential NULL pointer dereference
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jan 2018 02:30:18 -0000

The implementation of MdeModulePkg\Universal\Acpi\AcpiTableDxe reserves
first entry of RSDT/XSDT to FADT, the first entry value is 0 when FADT
is installed. So the RSDT/XSDT parsing code should check the entry value
first before checking the table signature.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
 IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
index b981bcdb3aa0..342830a01fb0 100644
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
@@ -1,6 +1,6 @@
 /** @file
 
-  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -889,7 +889,7 @@ ScanTableInRSDT (
   EntryPtr = &Rsdt->Entry;
   for (Index = 0; Index < EntryCount; Index ++, EntryPtr ++) {
     Table = (EFI_ACPI_DESCRIPTION_HEADER*)((UINTN)(*EntryPtr));
-    if (Table->Signature == Signature) {
+    if ((Table != NULL) && (Table->Signature == Signature)) {
       return Table;
     }
   }
@@ -923,7 +923,7 @@ ScanTableInXSDT (
   for (Index = 0; Index < EntryCount; Index ++) {
     CopyMem (&EntryPtr, (VOID *)(BasePtr + Index * sizeof(UINT64)), sizeof(UINT64));
     Table = (EFI_ACPI_DESCRIPTION_HEADER*)((UINTN)(EntryPtr));
-    if (Table->Signature == Signature) {
+    if ((Table != NULL) && (Table->Signature == Signature)) {
       return Table;
     }
   }
-- 
2.7.0.windows.1