From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chasel.chiu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.115; helo=mga14.intel.com;
 envelope-from=chasel.chiu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6A11921184AA8
 for <edk2-devel@lists.01.org>; Sun, 28 Oct 2018 18:18:00 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 28 Oct 2018 18:18:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,438,1534834800"; d="scan'208";a="95788600"
Received: from cchiu4-mobl1.gar.corp.intel.com ([10.5.240.24])
 by orsmga003.jf.intel.com with ESMTP; 28 Oct 2018 18:17:58 -0700
From: "Chasel, Chiu" <chasel.chiu@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <Jiewen.yao@intel.com>,
 Desimone Nathaniel L <nathaniel.l.desimone@intel.com>,
 Chasel Chiu <chasel.chiu@intel.com>
Date: Mon, 29 Oct 2018 09:17:35 +0800
Message-Id: <20181029011735.1608-1-chasel.chiu@intel.com>
X-Mailer: git-send-email 2.13.3.windows.1
Subject: [PATCH v2] IntelFsp2Pkg: Fixed potentially NULL pointer accessing
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 01:18:00 -0000

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1280

When copying IDT table in SecMain, the pointer might be
NULL so added the check to fix it.

Test: Verified on internal platform and boots successfully.

Cc: Jiewen Yao <Jiewen.yao@intel.com>
Cc: Desimone Nathaniel L <nathaniel.l.desimone@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
---
 IntelFsp2Pkg/FspSecCore/SecMain.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/IntelFsp2Pkg/FspSecCore/SecMain.c b/IntelFsp2Pkg/FspSecCore/SecMain.c
index f319c68cc5..70460a3c8b 100644
--- a/IntelFsp2Pkg/FspSecCore/SecMain.c
+++ b/IntelFsp2Pkg/FspSecCore/SecMain.c
@@ -100,7 +100,7 @@ SecStartup (
   // |-------------------|---->  TempRamBase
   IdtTableInStack.PeiService  = NULL;
   AsmReadIdtr (&IdtDescriptor);
-  if ((IdtDescriptor.Base == 0) && (IdtDescriptor.Limit == 0xFFFF)) {
+  if (IdtDescriptor.Base == 0) {
     ExceptionHandler = FspGetExceptionHandler(mIdtEntryTemplate);
     for (Index = 0; Index < FixedPcdGet8(PcdFspMaxInterruptSupported); Index ++) {
       CopyMem ((VOID*)&IdtTableInStack.IdtTable[Index], (VOID*)&ExceptionHandler, sizeof (UINT64));
@@ -113,8 +113,9 @@ SecStartup (
       // ERROR: IDT table size from boot loader is larger than FSP can support, DeadLoop here!
       //
       CpuDeadLoop();
+    } else {
+      CopyMem ((VOID *) (UINTN) &IdtTableInStack.IdtTable, (VOID *) IdtDescriptor.Base, IdtSize);
     }
-    CopyMem ((VOID *) (UINTN) &IdtTableInStack.IdtTable, (VOID *) IdtDescriptor.Base, IdtSize);
   }
   IdtDescriptor.Base  = (UINTN) &IdtTableInStack.IdtTable;
   IdtDescriptor.Limit = (UINT16)(IdtSize - 1);
-- 
2.13.3.windows.1