From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id EBF2B74003A for ; Fri, 10 Nov 2023 05:22:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=T4sXrB/ii/v+sPRqnQBEXUmgaNRXNDQrU3nYfOOoDPE=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1699593759; v=1; b=bCfQNHPUjiaLV1oqSm9bhnZJCqs1fcZFjg5P3/XgVFrYbroJ7XfIASHj5tYuhD8rWQz6RY+n 1X+DsSQOXHGF0JpQ70Q/Mecdo5BLs1ymqf0RmMbalOnYvYyH2cXtwwUQUKf4NZN8RvIcX53R7/W RNUXiNnF1FaJ8c/uuEX3ziXo= X-Received: by 127.0.0.2 with SMTP id HhEFYY7687511x3TnzpV4tZ8; Thu, 09 Nov 2023 21:22:39 -0800 X-Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web11.22095.1699593758820102548 for ; Thu, 09 Nov 2023 21:22:38 -0800 X-Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-6ba54c3ed97so1718769b3a.2 for ; Thu, 09 Nov 2023 21:22:38 -0800 (PST) X-Gm-Message-State: CTt5xSPAMocHwK9B3kKzpFZ4x7686176AA= X-Google-Smtp-Source: AGHT+IFdyUbKSfRPmnzBhmVM7Z9wnOIszaCiCUFjZPAfrtrQdjpIlttUaIl70RVBWJY3YZIvOMrDNg== X-Received: by 2002:a05:6a20:8e10:b0:183:c7ea:bb52 with SMTP id y16-20020a056a208e1000b00183c7eabb52mr8274413pzj.30.1699593757959; Thu, 09 Nov 2023 21:22:37 -0800 (PST) X-Received: from user-Latitude-5420.. ([2401:4900:1f24:28fe:9291:5de9:ca67:1893]) by smtp.gmail.com with ESMTPSA id a13-20020a170902b58d00b001c9db5e2929sm4467064pls.93.2023.11.09.21.22.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Nov 2023 21:22:37 -0800 (PST) From: "Ranbir Singh" To: devel@edk2.groups.io, rsingh@ventanamicro.com Cc: Ray Ni , Veeresh Sangolli Subject: [edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Pci/XhciDxe: Fix FORWARD_NULL Coverity issues Date: Fri, 10 Nov 2023 10:52:30 +0530 Message-Id: <20231110052231.447797-2-rsingh@ventanamicro.com> In-Reply-To: <20231110052231.447797-1-rsingh@ventanamicro.com> References: <20231110052231.447797-1-rsingh@ventanamicro.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=bCfQNHPU; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Ranbir Singh The functions UsbHcGetHostAddrForPciAddr, UsbHcGetPciAddrForHostAddr and UsbHcFreeMem do have ASSERT ((Block !=3D NULL)); statements after for loop, but these are applicable only in DEBUG mode. In RELEASE mode, if for whatever reasons there is no match inside for loop and the loop exits because of Block !=3D NULL; condition, then there is no "Block" NULL pointer check afterwards and the code proceeds to do dereferencing "Block" which will lead to CRASH. Hence, for safety add NULL pointer checks always. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4221 Cc: Ray Ni Co-authored-by: Veeresh Sangolli Signed-off-by: Ranbir Singh Signed-off-by: Ranbir Singh --- MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c | 29 ++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c b/MdeModulePkg/Bus/Pci= /XhciDxe/UsbHcMem.c index b54187ec228e..597cbe4646e8 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c @@ -267,6 +267,16 @@ UsbHcGetPciAddrForHostAddr ( }=0D =0D ASSERT ((Block !=3D NULL));=0D +=0D + if (Block =3D=3D NULL) {=0D + //=0D + // Should never be here=0D + //=0D + DEBUG ((DEBUG_ERROR, "UsbHcGetPciAddrForHostAddr: Invalid host memory = pointer passed\n"));=0D + CpuDeadLoop ();=0D + return 0;=0D + }=0D +=0D //=0D // calculate the pci memory address for host memory address.=0D //=0D @@ -322,6 +332,16 @@ UsbHcGetHostAddrForPciAddr ( }=0D =0D ASSERT ((Block !=3D NULL));=0D +=0D + if (Block =3D=3D NULL) {=0D + //=0D + // Should never be here=0D + //=0D + DEBUG ((DEBUG_ERROR, "UsbHcGetHostAddrForPciAddr: Invalid pci memory p= ointer passed\n"));=0D + CpuDeadLoop ();=0D + return 0;=0D + }=0D +=0D //=0D // calculate the pci memory address for host memory address.=0D //=0D @@ -603,6 +623,15 @@ UsbHcFreeMem ( //=0D ASSERT (Block !=3D NULL);=0D =0D + if (Block =3D=3D NULL) {=0D + //=0D + // Should never be here=0D + //=0D + DEBUG ((DEBUG_ERROR, "UsbHcFreeMem: Invalid memory pointer passed\n"))= ;=0D + CpuDeadLoop ();=0D + return;=0D + }=0D +=0D //=0D // Release the current memory block if it is empty and not the head=0D //=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111012): https://edk2.groups.io/g/devel/message/111012 Mute This Topic: https://groups.io/mt/102502055/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-