From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+109273+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id C5C447803DE
	for <rebecca@openfw.io>; Tue,  3 Oct 2023 05:39:13 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=RcGL/6BDr7bl7iXdXiwwlqDk28Ye8wEG7mmhTQEuMAw=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1696311552; v=1;
 b=V5TSLNAbJVw10F628OhovqeViycnydGnLLggPcv0rzE+rWb+tDY7K1GDbTR41hiNqwm/ybOa
 dFoZOeUzxqrwPfq+O8UMqvU8FZ9bZ0qnjuIIOVlejPrDAfy0umKNYq09cgdnWE5t8PaxtGbwhtf
 ZITqwPeMimt6XAaIN4JRV388=
X-Received: by 127.0.0.2 with SMTP id Mui0YY7687511xIZLDzFapVc; Mon, 02 Oct 2023 22:39:12 -0700
X-Received: from mail-il1-f182.google.com (mail-il1-f182.google.com [209.85.166.182])
 by mx.groups.io with SMTP id smtpd.web11.102119.1696311551905780134
 for <devel@edk2.groups.io>;
 Mon, 02 Oct 2023 22:39:12 -0700
X-Received: by mail-il1-f182.google.com with SMTP id e9e14a558f8ab-3515694c6d0so1782885ab.3
        for <devel@edk2.groups.io>; Mon, 02 Oct 2023 22:39:11 -0700 (PDT)
X-Gm-Message-State: JwLYP2txr1dFe3WYQrcNeGg1x7686176AA=
X-Google-Smtp-Source: AGHT+IEAGaSsGg4l8nf+qesAODLFu+BpEBkki7SlVsOCx4oxePYNRYzfwB6Ywph8gdpcix7L890Utw==
X-Received: by 2002:a05:6e02:1c25:b0:34f:d822:baab with SMTP id m5-20020a056e021c2500b0034fd822baabmr15905659ilh.12.1696311550894;
        Mon, 02 Oct 2023 22:39:10 -0700 (PDT)
X-Received: from user-Latitude-5420.dc1.ventanamicro.com ([2401:4900:1f24:1bb6:6659:f2cc:738a:e8e1])
        by smtp.gmail.com with ESMTPSA id gj9-20020a0566386a0900b0041627abe120sm153973jab.160.2023.10.02.22.39.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 Oct 2023 22:39:10 -0700 (PDT)
From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: devel@edk2.groups.io,
	rsingh@ventanamicro.com
Cc: Hao A Wu <hao.a.wu@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Bus/Pci/XhciDxe: Fix FORWARD_NULL Coverity issues
Date: Tue,  3 Oct 2023 11:09:01 +0530
Message-Id: <20231003053902.27289-2-rsingh@ventanamicro.com>
In-Reply-To: <20231003053902.27289-1-rsingh@ventanamicro.com>
References: <20231003053902.27289-1-rsingh@ventanamicro.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=V5TSLNAb;
	dmarc=none;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The functions UsbHcGetHostAddrForPciAddr, UsbHcGetPciAddrForHostAddr
and UsbHcFreeMem do have

    ASSERT ((Block !=3D NULL));

statements after for loop, but these are applicable only in DEBUG mode.
In RELEASE mode, if for whatever reasons there is no match inside for
loop and the loop exits because of Block !=3D NULL; condition, then there
is no "Block" NULL pointer check afterwards and the code proceeds to do
dereferencing "Block" which will lead to CRASH.

Hence, for safety add NULL pointer checks always.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4221

Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
---
 MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c b/MdeModulePkg/Bus/Pci=
/XhciDxe/UsbHcMem.c
index b54187ec228e..b0654f148c4f 100644
--- a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c
+++ b/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c
@@ -267,6 +267,11 @@ UsbHcGetPciAddrForHostAddr (
   }=0D
 =0D
   ASSERT ((Block !=3D NULL));=0D
+=0D
+  if (Block =3D=3D NULL) {=0D
+    return 0;=0D
+  }=0D
+=0D
   //=0D
   // calculate the pci memory address for host memory address.=0D
   //=0D
@@ -322,6 +327,11 @@ UsbHcGetHostAddrForPciAddr (
   }=0D
 =0D
   ASSERT ((Block !=3D NULL));=0D
+=0D
+  if (Block =3D=3D NULL) {=0D
+    return 0;=0D
+  }=0D
+=0D
   //=0D
   // calculate the pci memory address for host memory address.=0D
   //=0D
@@ -603,6 +613,10 @@ UsbHcFreeMem (
   //=0D
   ASSERT (Block !=3D NULL);=0D
 =0D
+  if (Block =3D=3D NULL) {=0D
+    return;=0D
+  }=0D
+=0D
   //=0D
   // Release the current memory block if it is empty and not the head=0D
   //=0D
--=20
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109273): https://edk2.groups.io/g/devel/message/109273
Mute This Topic: https://groups.io/mt/101729056/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-