From nobody Sun May 19 07:31:38 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+97915+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+97915+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1672814536; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bQ7ZUHeH2zGVHLMnJgjin5hFJpeKSo7/VDgYDT6i4qLq/yGlIRq+ttGJXsEuIm+ZlJBCnkF8YPBVkMKeOzWlwGfy3R98REh3IYoeTPY3YOEPF69PuB+0jaAkSb/dvRI5yoZHrOWCll35iZ/tE6HYFPzoY0l6iBI8xZdiaLoxAHw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1672814536;
 h=Content-Type:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=fXDjELVWxCyNTg6lTBCjtWzH7M5ynMVIK0aCGAIUamw=;
	b=n2mWFdFQPh5xC5lw5glpmvVi5tPqTL2cpT9OZV7I5abY+RNHALmEvNd0k9BelW+DUDHkUPeHiafemJdsUstAaJoLt9DKjAARkqIQbc9oFkePJaLF7m5SlC0/d7ousJr/MaG4CS/KbcmgpM/74MlwZ+QdjEFrY2GjO9vEYHLtpUc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+97915+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1672814536005239.98054898745738;
 Tue, 3 Jan 2023 22:42:16 -0800 (PST)
Return-Path: <bounce+27952+97915+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 33MqYY1788612x54sLSPMV2q;
 Tue, 03 Jan 2023 22:42:15 -0800
Subject: [edk2-devel] [PATCH] MdeModulePkg/Bus/Pci/EhciDxe: Fix FORWARD_NULL
 Coverity issues
To: devel@edk2.groups.io
From: "Ranbir Singh via groups.io" <Ranbir.Singh3=Dell.com@groups.io>
X-Originating-Location: Bengaluru, Karnataka, IN (122.172.85.38)
X-Originating-Platform: Windows Chrome 108
User-Agent: GROUPS.IO Web Poster
MIME-Version: 1.0
Date: Tue, 03 Jan 2023 22:42:14 -0800
Message-ID: <yLAM.1672814534549024516.UWtb@groups.io>
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,Ranbir.Singh3@Dell.com
X-Gm-Message-State: TFBphMx0m264lJAcEZ33mh5lx1787277AA=
Content-Type: multipart/alternative; boundary="bFL0dCYWJCDI4DBu75g1"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1672814535;
 bh=rnH4lqhg7Inw67MQlyDJUZU3OZslZNRdrv1IOAecIL4=;
 h=Content-Type:Date:From:Reply-To:Subject:To;
 b=GtZpGVk4UWlSsRx90KozvNSdayWRjgDKMgIOeyUOYqTkB8j0e+jN1Ki6eBHuLuD0iJ0
 r3WR8WU6rPKz6qErh9b0e8sh/W9Vc6QIH0Z6IFHS1Yl58nirjC9HosYInMbJENTaL9BBs
 yYgK7NKLi3s+/kB4OTxH9+gi7d1rNmSXUbg=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1672814536403100001

--bFL0dCYWJCDI4DBu75g1
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

The functions UsbHcGetPciAddressForHostMem and UsbHcFreeMem do have

ASSERT ((Block !=3D NULL));

statements after for loop, but these are applicable only in DEBUG mode.
In RELEASE mode, if for whatever reasons there is no match inside for
loop and the loop exits because of Block !=3D NULL; condition, then there
is no "Block" NULL pointer check afterwards and the code proceeds to do
dereferencing "Block" which will lead to CRASH.

Hence, for safety add NULL pointer checks always.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4210
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
---
MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c b/MdeModulePkg/Bus/Pci=
/EhciDxe/UsbHcMem.c
index 0a3ceb9f71..79575b6f63 100644
--- a/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c
+++ b/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c
@@ -250,6 +250,11 @@ UsbHcGetPciAddressForHostMem (
}

ASSERT ((Block !=3D NULL));
+
+=C2=A0 if (Block =3D=3D NULL) {
+=C2=A0 =C2=A0 return 0;
+=C2=A0 }
+
//
// calculate the pci memory address for host memory address.
//
@@ -536,6 +541,10 @@ UsbHcFreeMem (
//
ASSERT (Block !=3D NULL);

+=C2=A0 if (Block =3D=3D NULL) {
+=C2=A0 =C2=A0 return;
+=C2=A0 }
+
//
// Release the current memory block if it is empty and not the head
//
--
2.36.1.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97915): https://edk2.groups.io/g/devel/message/97915
Mute This Topic: https://groups.io/mt/96045985/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


--bFL0dCYWJCDI4DBu75g1
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<div>The functions UsbHcGetPciAddressForHostMem and UsbHcFreeMem do have</d=
iv>
<div>&nbsp;</div>
<div>&nbsp; &nbsp; ASSERT ((Block !=3D NULL));</div>
<div>&nbsp;</div>
<div>statements after for loop, but these are applicable only in DEBUG mode=
.</div>
<div>In RELEASE mode, if for whatever reasons there is no match inside for<=
/div>
<div>loop and the loop exits because of Block !=3D NULL; condition, then th=
ere</div>
<div>is no "Block" NULL pointer check afterwards and the code proceeds to d=
o</div>
<div>dereferencing "Block" which will lead to CRASH.</div>
<div>&nbsp;</div>
<div>Hence, for safety add NULL pointer checks always.</div>
<div>&nbsp;</div>
<div>REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4210</div>
<div>Signed-off-by: Ranbir Singh &lt;Ranbir.Singh3@Dell.com&gt;</div>
<div>---</div>
<div>&nbsp;MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c | 9 +++++++++</div>
<div>&nbsp;1 file changed, 9 insertions(+)</div>
<div>&nbsp;</div>
<div>diff --git a/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c b/MdeModulePkg/Bu=
s/Pci/EhciDxe/UsbHcMem.c</div>
<div>index 0a3ceb9f71..79575b6f63 100644</div>
<div>--- a/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c</div>
<div>+++ b/MdeModulePkg/Bus/Pci/EhciDxe/UsbHcMem.c</div>
<div>@@ -250,6 +250,11 @@ UsbHcGetPciAddressForHostMem (</div>
<div>&nbsp; &nbsp;}</div>
<div>&nbsp;</div>
<div>&nbsp; &nbsp;ASSERT ((Block !=3D NULL));</div>
<div>+</div>
<div>+&nbsp; if (Block =3D=3D NULL) {</div>
<div>+&nbsp; &nbsp; return 0;</div>
<div>+&nbsp; }</div>
<div>+</div>
<div>&nbsp; &nbsp;//</div>
<div>&nbsp; &nbsp;// calculate the pci memory address for host memory addre=
ss.</div>
<div>&nbsp; &nbsp;//</div>
<div>@@ -536,6 +541,10 @@ UsbHcFreeMem (</div>
<div>&nbsp; &nbsp;//</div>
<div>&nbsp; &nbsp;ASSERT (Block !=3D NULL);</div>
<div>&nbsp;</div>
<div>+&nbsp; if (Block =3D=3D NULL) {</div>
<div>+&nbsp; &nbsp; return;</div>
<div>+&nbsp; }</div>
<div>+</div>
<div>&nbsp; &nbsp;//</div>
<div>&nbsp; &nbsp;// Release the current memory block if it is empty and no=
t the head</div>
<div>&nbsp; &nbsp;//</div>
<div>--</div>
<div>2.36.1.windows.1</div>


<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>
<hr>


Groups.io Links:<p>


 =20
    You receive all messages sent to this group.
 =20
 =20


<p>
<a target=3D"_blank" href=3D"https://edk2.groups.io/g/devel/message/97915">=
View/Reply Online (#97915)</a> |


 =20

|

  <a target=3D"_blank" href=3D"https://groups.io/mt/96045985/1787277">Mute =
This Topic</a>

| <a href=3D"https://edk2.groups.io/g/devel/post">New Topic</a><br>




<a href=3D"https://edk2.groups.io/g/devel/editsub/1787277">Your Subscriptio=
n</a> |
<a href=3D"mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |

<a href=3D"https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>

 [importer@patchew.org]<br>
<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>


--bFL0dCYWJCDI4DBu75g1--