From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+110993+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 3C7CBD80061
	for <rebecca@openfw.io>; Thu,  9 Nov 2023 17:39:21 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=2QOfRkeRtO8jh5enUO+ILWL5/Fij8rdAEV9JPQ7/05U=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1699551559; v=1;
 b=exJ8qtt1jXkcvzjE9TH9kB4vknsVW/SMDHBo7ApPZ0PwpB3uHWJbBe/S3uOX8aXImq8H/UOa
 9A2fLR9da4PzPvd1y6omlkNIx8K/5N+HZUEZpAVWG+Vl6e8v3E+7C4CmemiHP/ldROCTOv3CgQZ
 C3Y+DIgAiJVpNwSiM+E+6zh4=
X-Received: by 127.0.0.2 with SMTP id aVgAYY7687511xEZh738tOh3; Thu, 09 Nov 2023 09:39:19 -0800
X-Received: from mail-io1-f48.google.com (mail-io1-f48.google.com [209.85.166.48])
 by mx.groups.io with SMTP id smtpd.web11.206.1699551559178419138
 for <devel@edk2.groups.io>;
 Thu, 09 Nov 2023 09:39:19 -0800
X-Received: by mail-io1-f48.google.com with SMTP id ca18e2360f4ac-7a6acc8e222so42234139f.0
        for <devel@edk2.groups.io>; Thu, 09 Nov 2023 09:39:18 -0800 (PST)
X-Gm-Message-State: 3HPSnUSspzE74xTq9p0vvGAix7686176AA=
X-Google-Smtp-Source: AGHT+IHrT11r8muITuSVcN4ii+BXPDQO3IVyLSixniBAag0R/Uv9t2JW/I83qLrzggEmPwXrfnmQ3w==
X-Received: by 2002:a6b:7f01:0:b0:792:70c2:9db1 with SMTP id l1-20020a6b7f01000000b0079270c29db1mr2288633ioq.1.1699551558047;
        Thu, 09 Nov 2023 09:39:18 -0800 (PST)
X-Received: from user-Latitude-5420.dc1.ventanamicro.com ([2401:4900:1f24:28fe:87c2:d0fc:f722:4f0d])
        by smtp.gmail.com with ESMTPSA id ei14-20020a05663829ae00b0045c1fcf2ef7sm3876355jab.37.2023.11.09.09.39.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Nov 2023 09:39:17 -0800 (PST)
From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: devel@edk2.groups.io,
	rsingh@ventanamicro.com
Cc: Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: [edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Pci/PciHostBridgeDxe: Fix OVERRUN Coverity issues
Date: Thu,  9 Nov 2023 23:09:06 +0530
Message-Id: <20231109173908.364630-2-rsingh@ventanamicro.com>
In-Reply-To: <20231109173908.364630-1-rsingh@ventanamicro.com>
References: <20231109173908.364630-1-rsingh@ventanamicro.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=exJ8qtt1;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=none

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The function NotifyPhase has a check

    ASSERT (Index < TypeMax);

but this comes into play only in DEBUG mode. In Release mode, there is
no handling if the Index value is within array limits or not. If for
whatever reasons, the Index does not get re-assigned to Index2 at line
937, then it remains at TypeMax as assigned earlier at line 929. This
poses array overrun risk at lines 942 and 943. It is better to deploy
a safety check on Index limit before accessing array elements.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4212

Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
---
 MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c b/MdeMod=
ulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
index d573e532bac8..c2c143068cd2 100644
--- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
+++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c
@@ -939,6 +939,11 @@ NotifyPhase (
             }=0D
 =0D
             ASSERT (Index < TypeMax);=0D
+=0D
+            if (Index =3D=3D TypeMax) {=0D
+              CpuDeadLoop ();=0D
+            }=0D
+=0D
             ResNodeHandled[Index] =3D TRUE;=0D
             Alignment             =3D RootBridge->ResAllocNode[Index].Alig=
nment;=0D
             BitsOfAlignment       =3D LowBitSet64 (Alignment + 1);=0D
--=20
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110993): https://edk2.groups.io/g/devel/message/110993
Mute This Topic: https://groups.io/mt/102490513/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-