[edk2-devel] [PATCH v3 0/2] BZ 4222: Fix MdeModulePkg/Bus/Usb/UsbMouseDxe issues pointed by Coverity

[edk2-devel] [PATCH v3 0/2] BZ 4222: Fix MdeModulePkg/Bus/Usb/UsbMouseDxe issues pointed by Coverity

[Ranbir Singh]

v2 -> v3:
  - Dropped the ASSERT wrt REVERSE_INULL issue as suggested
  - Added Reviewed-by: tags
  - Rebased to latest master HEAD

v1 -> v2:
  - Rebased to latest master HEAD
  - Changed the solution wrt MISSING_BREAK issues

Ranbir Singh (2):
  MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix REVERSE_INULL Coverity issue
  MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix MISSING_BREAK Coverity issues

 MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c | 6 ++++++
 MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110802): https://edk2.groups.io/g/devel/message/110802
Mute This Topic: https://groups.io/mt/102437985/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix REVERSE_INULL Coverity issue

[Ranbir Singh]

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The function USBMouseDriverBindingStart do have

    ASSERT (UsbMouseDevice != NULL);

after AllocateZeroPool, but it is applicable only in DEBUG mode.
In RELEASE mode, if for whatever reasons UsbMouseDevice is NULL
at this point, the code proceeds to dereference "UsbMouseDevice"
afterwards which will lead to CRASH.

Hence, for safety add NULL pointer checks always.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4222

Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
index 451d4b934f4c..67072d476196 100644
--- a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
+++ b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
@@ -160,7 +160,10 @@ USBMouseDriverBindingStart (
   }
 
   UsbMouseDevice = AllocateZeroPool (sizeof (USB_MOUSE_DEV));
-  ASSERT (UsbMouseDevice != NULL);
+  if (UsbMouseDevice == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto ErrorExit;
+  }
 
   UsbMouseDevice->UsbIo     = UsbIo;
   UsbMouseDevice->Signature = USB_MOUSE_DEV_SIGNATURE;
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110803): https://edk2.groups.io/g/devel/message/110803
Mute This Topic: https://groups.io/mt/102437986/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 2/2] MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix MISSING_BREAK Coverity issues

[Ranbir Singh]

The function GetNextHidItem has a switch-case block in which the case 1:
falls through to case 2: and then case 2: falls through to case 3:.

There is no possibility of the if blocks within case 2: and case 3: to
succeed later and not succeed in the original case and hence the fall
throughs even if it hypothetically happens are redundant as the code
still will eventually return NULL only at the function end point.

Better introduce straight forward break; statement within actual cases.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4222

Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c b/MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c
index acc19acd98e0..f07e48774a34 100644
--- a/MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c
+++ b/MdeModulePkg/Bus/Usb/UsbMouseDxe/MouseHid.c
@@ -89,6 +89,8 @@ GetNextHidItem (
           return StartPos;
         }
 
+        break;
+
       case 2:
         //
         // 2-byte data
@@ -99,6 +101,8 @@ GetNextHidItem (
           return StartPos;
         }
 
+        break;
+
       case 3:
         //
         // 4-byte data, adjust size
@@ -109,6 +113,8 @@ GetNextHidItem (
           StartPos += 4;
           return StartPos;
         }
+
+        break;
     }
   }
 
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110804): https://edk2.groups.io/g/devel/message/110804
Mute This Topic: https://groups.io/mt/102437987/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix REVERSE_INULL Coverity issue

[Laszlo Ersek]

On 11/7/23 06:38, Ranbir Singh wrote:
> From: Ranbir Singh <Ranbir.Singh3@Dell.com>
> 
> The function USBMouseDriverBindingStart do have
> 
>     ASSERT (UsbMouseDevice != NULL);
> 
> after AllocateZeroPool, but it is applicable only in DEBUG mode.
> In RELEASE mode, if for whatever reasons UsbMouseDevice is NULL
> at this point, the code proceeds to dereference "UsbMouseDevice"
> afterwards which will lead to CRASH.
> 
> Hence, for safety add NULL pointer checks always.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4222
> 
> Cc: Ray Ni <ray.ni@intel.com>
> Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
> Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
> Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
> index 451d4b934f4c..67072d476196 100644
> --- a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
> +++ b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
> @@ -160,7 +160,10 @@ USBMouseDriverBindingStart (
>    }
>  
>    UsbMouseDevice = AllocateZeroPool (sizeof (USB_MOUSE_DEV));
> -  ASSERT (UsbMouseDevice != NULL);
> +  if (UsbMouseDevice == NULL) {
> +    Status = EFI_OUT_OF_RESOURCES;
> +    goto ErrorExit;
> +  }
>  
>    UsbMouseDevice->UsbIo     = UsbIo;
>    UsbMouseDevice->Signature = USB_MOUSE_DEV_SIGNATURE;

Reviewed-by: Laszlo Ersek <lersek@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110858): https://edk2.groups.io/g/devel/message/110858
Mute This Topic: https://groups.io/mt/102437986/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Usb/UsbMouseDxe: Fix REVERSE_INULL Coverity issue

[Laszlo Ersek]

On 11/7/23 16:52, Laszlo Ersek wrote:
> On 11/7/23 06:38, Ranbir Singh wrote:
>> From: Ranbir Singh <Ranbir.Singh3@Dell.com>
>>
>> The function USBMouseDriverBindingStart do have
>>
>>     ASSERT (UsbMouseDevice != NULL);
>>
>> after AllocateZeroPool, but it is applicable only in DEBUG mode.
>> In RELEASE mode, if for whatever reasons UsbMouseDevice is NULL
>> at this point, the code proceeds to dereference "UsbMouseDevice"
>> afterwards which will lead to CRASH.
>>
>> Hence, for safety add NULL pointer checks always.
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4222
>>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
>> Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
>> Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
>> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>  MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
>> index 451d4b934f4c..67072d476196 100644
>> --- a/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
>> +++ b/MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouse.c
>> @@ -160,7 +160,10 @@ USBMouseDriverBindingStart (
>>    }
>>  
>>    UsbMouseDevice = AllocateZeroPool (sizeof (USB_MOUSE_DEV));
>> -  ASSERT (UsbMouseDevice != NULL);
>> +  if (UsbMouseDevice == NULL) {
>> +    Status = EFI_OUT_OF_RESOURCES;
>> +    goto ErrorExit;
>> +  }
>>  
>>    UsbMouseDevice->UsbIo     = UsbIo;
>>    UsbMouseDevice->Signature = USB_MOUSE_DEV_SIGNATURE;
> 
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> 

sorry I missed that I gave R-b for this previously, and that you had
picked it up already!



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110859): https://edk2.groups.io/g/devel/message/110859
Mute This Topic: https://groups.io/mt/102437986/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-