From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+106997+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 0DCB7D80FDE
	for <rebecca@openfw.io>; Tue, 18 Jul 2023 09:02:10 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=xS0mgfjKOWDjRX2L5RmRTDEF7emrNcXQMYRu93krsj8=;
 c=relaxed/simple; d=groups.io;
 h=X-Received:X-Received:X-Received:X-Gm-Message-State:X-Google-Smtp-Source:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:Content-Transfer-Encoding;
 s=20140610; t=1689670929; v=1;
 b=jst9vDn75n7hN8FPev0kg4v9EBJAkJhL78hQv3UEQTZF/KN1kRxk3bNkYtfDNpKdUkE1g4QH
 d6Gyz3QNw49rMBVnghmIg2eDlJ38JAkLOvHX+G7TG97RGGskN4T6rquZ8BZ68S8dXQ21YEdWf4R
 MZAGq4bOSkElub8ff02R8hGc=
X-Received: by 127.0.0.2 with SMTP id tMkCYY7687511xvERvAqvZEq; Tue, 18 Jul 2023 02:02:09 -0700
X-Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web10.5994.1689593985214362788
 for <devel@edk2.groups.io>;
 Mon, 17 Jul 2023 04:39:45 -0700
X-Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6686a05bc66so3082833b3a.1
        for <devel@edk2.groups.io>; Mon, 17 Jul 2023 04:39:45 -0700 (PDT)
X-Gm-Message-State: DSzQwcYJzPTmwYVgeKFYG1Dgx7686176AA=
X-Google-Smtp-Source: APBJJlHfsdECUygM6Qpu9+h79Tt2H7uJ/8dRvd1cDm9xGUAGsaZvErXJvc5hw4rksD//9z1zohTm2A==
X-Received: by 2002:a17:902:e852:b0:1ba:1704:8a12 with SMTP id t18-20020a170902e85200b001ba17048a12mr12273114plg.45.1689593984521;
        Mon, 17 Jul 2023 04:39:44 -0700 (PDT)
X-Received: from user-Latitude-5420.dc1.ventanamicro.com ([2401:4900:1cbd:8dd2:c2bf:93e0:5979:e5e0])
        by smtp.gmail.com with ESMTPSA id h10-20020a170902748a00b001b830d8bc40sm12539292pll.74.2023.07.17.04.39.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 17 Jul 2023 04:39:44 -0700 (PDT)
From: Ranbir Singh <rsingh@ventanamicro.com>
To: devel@edk2.groups.io,
	rsingh@ventanamicro.com
Cc: Hao A Wu <hao.a.wu@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Bus/Pci/PciHostBridgeDxe: Fix OVERRUN Coverity issues
Date: Mon, 17 Jul 2023 17:09:36 +0530
Message-Id: <20230717113937.2290931-2-rsingh@ventanamicro.com>
In-Reply-To: <20230717113937.2290931-1-rsingh@ventanamicro.com>
References: <20230717113937.2290931-1-rsingh@ventanamicro.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=jst9vDn7;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=none

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The function NotifyPhase has a check

    ASSERT (Index < TypeMax);

but this comes into play only in DEBUG mode. In Release mode, there is
no handling if the Index value is within array limits or not. If for
whatever reasons, the Index does not get re-assigned to Index2 at line
137, then it remains at TypeMax as assigned earlier at line 929. This
poses array overrun risk at lines 942 and 943. It is better to deploy
a safety check on Index limit before accessing array elements.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4212

Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
---
 MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c b/MdeMod=
ulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
index d573e532bac8..519e1369f85e 100644
--- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
+++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
@@ -939,6 +939,11 @@ NotifyPhase (
             }=0D
 =0D
             ASSERT (Index < TypeMax);=0D
+=0D
+            if (Index >=3D TypeMax) {=0D
+                continue;=0D
+            }=0D
+=0D
             ResNodeHandled[Index] =3D TRUE;=0D
             Alignment             =3D RootBridge->ResAllocNode[Index].Alig=
nment;=0D
             BitsOfAlignment       =3D LowBitSet64 (Alignment + 1);=0D
--=20
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106997): https://edk2.groups.io/g/devel/message/106997
Mute This Topic: https://groups.io/mt/100212112/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-