From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+107790+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 1E880AC09B7
	for <rebecca@openfw.io>; Wed, 16 Aug 2023 05:38:12 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=jOYhFSPMWLTkMk6oXSN40jEsOfqYdzvoWqNmM72BMaI=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1692164291; v=1;
 b=GlQdHJkUfI4hBFEpE3or20Xyo/wNp32lufVBZAbISHZqEMdnIyCv+VGDFvQN89HFmnja0Bjj
 JomZ8CV7P/VluIfftcxZleo/4G6HRmWGV4PyogKqXadzidJl8ExtASL6Rsmsj3BIlZEz1BlITe+
 UHD7M56lDHqLdzNhrHOwJUk4=
X-Received: by 127.0.0.2 with SMTP id NmJ3YY7687511x6sOUMd5Pjx; Tue, 15 Aug 2023 22:38:11 -0700
X-Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169])
 by mx.groups.io with SMTP id smtpd.web10.154871.1692164291253713529
 for <devel@edk2.groups.io>;
 Tue, 15 Aug 2023 22:38:11 -0700
X-Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-5650ec45a7cso3618502a12.3
        for <devel@edk2.groups.io>; Tue, 15 Aug 2023 22:38:11 -0700 (PDT)
X-Gm-Message-State: eUnFxRXwsVg6PoKGVoPBXKlux7686176AA=
X-Google-Smtp-Source: AGHT+IFHxVaMMdSw5+jpxOJNffi82b7LVlEARoB+4uXgNQm1K8csu0c0XOWpF5CmeD8bEpRzAqSP/Q==
X-Received: by 2002:a05:6a21:7781:b0:13b:7533:6839 with SMTP id bd1-20020a056a21778100b0013b75336839mr1090699pzc.29.1692164290531;
        Tue, 15 Aug 2023 22:38:10 -0700 (PDT)
X-Received: from user-Latitude-5420.dc1.ventanamicro.com ([106.51.83.242])
        by smtp.gmail.com with ESMTPSA id p2-20020aa78602000000b006889081281bsm424737pfn.138.2023.08.15.22.38.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 15 Aug 2023 22:38:10 -0700 (PDT)
From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: devel@edk2.groups.io,
	rsingh@ventanamicro.com
Cc: Hao A Wu <hao.a.wu@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: [edk2-devel] [PATCH v2 2/2] MdeModulePkg/Bus/Pci/UhciDxe: Fix FORWARD_NULL Coverity issues
Date: Wed, 16 Aug 2023 11:08:03 +0530
Message-Id: <20230816053803.1142517-3-rsingh@ventanamicro.com>
In-Reply-To: <20230816053803.1142517-1-rsingh@ventanamicro.com>
References: <20230816053803.1142517-1-rsingh@ventanamicro.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=GlQdHJkU;
	dmarc=none;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The function UsbHcGetPciAddressForHostMem has

  ASSERT ((Block !=3D NULL)); and

and the function UsbHcFreeMem has

  ASSERT (Block !=3D NULL);

statement after for loop, but these are applicable only in DEBUG mode.
In RELEASE mode, if for whatever reasons there is no match inside for
loop and the loop exits because of Block !=3D NULL; condition, then there
is no "Block" NULL pointer check afterwards and the code proceeds to do
dereferencing "Block" which will lead to CRASH.

Hence, for safety add NULL pointer checks always.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4211

Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
---
 MdeModulePkg/Bus/Pci/UhciDxe/UsbHcMem.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/UhciDxe/UsbHcMem.c b/MdeModulePkg/Bus/Pci=
/UhciDxe/UsbHcMem.c
index c3d46f60bed5..3794f888e132 100644
--- a/MdeModulePkg/Bus/Pci/UhciDxe/UsbHcMem.c
+++ b/MdeModulePkg/Bus/Pci/UhciDxe/UsbHcMem.c
@@ -250,6 +250,11 @@ UsbHcGetPciAddressForHostMem (
   }=0D
 =0D
   ASSERT ((Block !=3D NULL));=0D
+=0D
+  if (Block =3D=3D NULL) {=0D
+    return 0;=0D
+  }=0D
+=0D
   //=0D
   // calculate the pci memory address for host memory address.=0D
   //=0D
@@ -536,6 +541,10 @@ UsbHcFreeMem (
   //=0D
   ASSERT (Block !=3D NULL);=0D
 =0D
+  if (Block =3D=3D NULL) {=0D
+    return;=0D
+  }=0D
+=0D
   //=0D
   // Release the current memory block if it is empty and not the head=0D
   //=0D
--=20
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107790): https://edk2.groups.io/g/devel/message/107790
Mute This Topic: https://groups.io/mt/100774225/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-