[PATCH] MdeModulePkg/UdfDxe: Resolve potential NULL pointer dereference

[PATCH] MdeModulePkg/UdfDxe: Resolve potential NULL pointer dereference

[Hao Wu]

Within function GetAllocationDescriptorLsn():

The call to GetPdFromLongAd() may return NULL and it will be later
dereferenced in GetShortAdLsn().

This commit adds ASSERT to resolve the potential NULL pointer
dereference.

Cc: Paulo Alcantara <pcacjr@zytor.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
index b336ffc553..e048d95d31 100644
--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
+++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
@@ -748,12 +748,17 @@ GetAllocationDescriptorLsn (
   IN VOID                            *Ad
   )
 {
+  UDF_PARTITION_DESCRIPTOR *PartitionDesc;
+
   if (RecordingFlags == LongAdsSequence) {
     return GetLongAdLsn (Volume, (UDF_LONG_ALLOCATION_DESCRIPTOR *)Ad);
   } else if (RecordingFlags == ShortAdsSequence) {
+    PartitionDesc = GetPdFromLongAd (Volume, ParentIcb);
+    ASSERT (PartitionDesc != NULL);
+
     return GetShortAdLsn (
       Volume,
-      GetPdFromLongAd (Volume, ParentIcb),
+      PartitionDesc,
       (UDF_SHORT_ALLOCATION_DESCRIPTOR *)Ad
       );
   }
-- 
2.12.0.windows.1

Re: [PATCH] MdeModulePkg/UdfDxe: Resolve potential NULL pointer dereference

[Paulo Alcantara]

On September 25, 2017 10:36:48 PM GMT-03:00, Hao Wu <hao.a.wu@intel.com> wrote:
>Within function GetAllocationDescriptorLsn():
>
>The call to GetPdFromLongAd() may return NULL and it will be later
>dereferenced in GetShortAdLsn().
>
>This commit adds ASSERT to resolve the potential NULL pointer
>dereference.
>
>Cc: Paulo Alcantara <pcacjr@zytor.com>
>Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>Cc: Star Zeng <star.zeng@intel.com>
>Cc: Eric Dong <eric.dong@intel.com>
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Hao Wu <hao.a.wu@intel.com>
>---
> MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
>diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
>b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
>index b336ffc553..e048d95d31 100644
>--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
>+++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
>@@ -748,12 +748,17 @@ GetAllocationDescriptorLsn (
>   IN VOID                            *Ad
>   )
> {
>+  UDF_PARTITION_DESCRIPTOR *PartitionDesc;
>+
>   if (RecordingFlags == LongAdsSequence) {
>    return GetLongAdLsn (Volume, (UDF_LONG_ALLOCATION_DESCRIPTOR *)Ad);
>   } else if (RecordingFlags == ShortAdsSequence) {
>+    PartitionDesc = GetPdFromLongAd (Volume, ParentIcb);
>+    ASSERT (PartitionDesc != NULL);
>+
>     return GetShortAdLsn (
>       Volume,
>-      GetPdFromLongAd (Volume, ParentIcb),
>+      PartitionDesc,
>       (UDF_SHORT_ALLOCATION_DESCRIPTOR *)Ad
>       );
>   }

Reviewed-by: Paulo Alcantara <pcacjr@zytor.com>

Thanks!
Paulo

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.