From: "Ni, Ray" <ray.ni@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Gao, Zhichao" <zhichao.gao@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: Jonathan O'Neal <jko@piquantinnovation.com>
Subject: Re: EDK2 bug report
Date: Tue, 19 Nov 2019 07:58:56 +0000 [thread overview]
Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C364D29@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <ffefa25c-8d52-b6c7-c3f7-7718b71f8e2a@piquantinnovation.com>
[-- Attachment #1: Type: text/plain, Size: 1833 bytes --]
+ Zhichao, Mike and mailing list.
In general, if the code does contain bug handling UGA but isn't found until now, I think we are safe to remove the UGA support now.
From: Jonathan O'Neal <jko@piquantinnovation.com>
Sent: Monday, November 18, 2019 4:52 AM
To: Ni, Ray <ray.ni@intel.com>
Subject: EDK2 bug report
Hi - sorry to email you directly, but I couldn't find an address for a relevant mailing list, and I wasn't sure how else to report this.
In trying to understand the EDK2 Graphics Console, I think I found an ugly bug (which I might have also encountered in a UGA runtime environment). In MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c,
GraphicsConsoleControllerDriverStart() does the following circa line 436:
if (Private->GraphicsOutput != NULL) {
// console is GOP, handle as GOP
// ...
} else {
// console is UGA
Status = CheckModeSupported(Private->GraphicsOutput, ...);
// !! note that Private->GraphicsOutput is known to be NULL here
// ...
}
Then, in CheckModeSupported(), circa line 773, the GraphicsOutput pointer is dereferenced without a NULL check:
MaxMode = GraphicsOutput->Mode->MaxMode;
It appears that CheckModeSupported()only supports GOP, not UGA. Therefore, GraphicsConsoleControllerDriverStart() should not be calling it when the output device is known to be UGA - and/or, CheckModeSupported() should contain a defensive NULL check prior to dereferencing the GraphicsOutput pointer.
(I realize that UGA is deprecated, but if some level of UGA support remains in the code, it seems like it shouldn't dereference a NULL pointer.)
Sorry if emailing you directly was inappropriate; if it was, please let me know whom I should contact.
Thanks for your work on EDK.
-Jonathan O'Neal
[-- Attachment #2: Type: text/html, Size: 7394 bytes --]
next parent reply other threads:[~2019-11-19 7:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <ffefa25c-8d52-b6c7-c3f7-7718b71f8e2a@piquantinnovation.com>
2019-11-19 7:58 ` Ni, Ray [this message]
2019-11-19 16:46 ` EDK2 bug report Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=734D49CCEBEEF84792F5B80ED585239D5C364D29@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox