From nobody Sat Feb  7 10:16:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+111012+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+111012+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1699593759; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LkiRY0Vj+69qF7AOF1QRKHDdau3q2XbRao38O1qJQMMxLcgRnZI7N5tov/2/o7ronSQhBYDROd0ff251lS4qFaOodytVgqXVegWhMBzeqwxmcOr+5IC9Ge6qRZeOU1Atn7or5SAYzCPkeRj+bvVC3sCe7RFySkqqDlisZ6YkFwg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1699593759;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id;
	bh=ou0/wToHwNbyb3A609AnDyU6/rMyAhiIKwqLVEnbJV4=;
	b=Tb7VIDNqQ4R73jAGF8sl4I2VmA6DhWjiqoseNGqAVIRunirrrkmPpd/WVw2fJusqwCXMGqhiivAW8NEiZFoXGrQvvrqzzrpv97ZLtNWWYOfcHNuH6i90nZW7Fa9M4kCXNGdpm0sO2ellJ6stOnX7BRX3H15rkoMyjr0Qk1heOvI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+111012+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1699593759688802.6523920823955;
 Thu, 9 Nov 2023 21:22:39 -0800 (PST)
Return-Path: <bounce+27952+111012+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=vvp8oaFoDQvOrBvteq/NfH2ZioVO3t3M250NUDRor9c=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1699593759; v=1;
 b=erLEBnAO0KmDNwTA3nrOKJ/Kfwv/pI6VC83ULRJz5i59sQT6IP2kNqp4dZq0ou4FBauLXj4q
 53OMMrTqsEwMidRbuUsDFaQX2iZIV4h5i6sAM20wunvkFLPg3Yv0Z6tnOevmDhcOy3IsSrxFPL6
 ru+2HnrGy17iG+ITyBSpP7uU=
X-Received: by 127.0.0.2 with SMTP id pln0YY1788612xVAWmk2bZLP;
 Thu, 09 Nov 2023 21:22:39 -0800
X-Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web11.22095.1699593758820102548
 for <devel@edk2.groups.io>;
 Thu, 09 Nov 2023 21:22:38 -0800
X-Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-6ba54c3ed97so1718769b3a.2
        for <devel@edk2.groups.io>; Thu, 09 Nov 2023 21:22:38 -0800 (PST)
X-Gm-Message-State: O6dzCtbITMX9LdA53vpbHgrcx1787277AA=
X-Google-Smtp-Source: 
 AGHT+IFdyUbKSfRPmnzBhmVM7Z9wnOIszaCiCUFjZPAfrtrQdjpIlttUaIl70RVBWJY3YZIvOMrDNg==
X-Received: by 2002:a05:6a20:8e10:b0:183:c7ea:bb52 with SMTP id
 y16-20020a056a208e1000b00183c7eabb52mr8274413pzj.30.1699593757959;
        Thu, 09 Nov 2023 21:22:37 -0800 (PST)
X-Received: from user-Latitude-5420..
 ([2401:4900:1f24:28fe:9291:5de9:ca67:1893])
        by smtp.gmail.com with ESMTPSA id
 a13-20020a170902b58d00b001c9db5e2929sm4467064pls.93.2023.11.09.21.22.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Nov 2023 21:22:37 -0800 (PST)
From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: devel@edk2.groups.io,
	rsingh@ventanamicro.com
Cc: Ray Ni <ray.ni@intel.com>,
	Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: [edk2-devel] [PATCH v3 1/2] MdeModulePkg/Bus/Pci/XhciDxe: Fix
 FORWARD_NULL Coverity issues
Date: Fri, 10 Nov 2023 10:52:30 +0530
Message-Id: <20231110052231.447797-2-rsingh@ventanamicro.com>
In-Reply-To: <20231110052231.447797-1-rsingh@ventanamicro.com>
References: <20231110052231.447797-1-rsingh@ventanamicro.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,rsingh@ventanamicro.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1699593760674100005
Content-Type: text/plain; charset="utf-8"

From: Ranbir Singh <Ranbir.Singh3@Dell.com>

The functions UsbHcGetHostAddrForPciAddr, UsbHcGetPciAddrForHostAddr
and UsbHcFreeMem do have

    ASSERT ((Block !=3D NULL));

statements after for loop, but these are applicable only in DEBUG mode.
In RELEASE mode, if for whatever reasons there is no match inside for
loop and the loop exits because of Block !=3D NULL; condition, then there
is no "Block" NULL pointer check afterwards and the code proceeds to do
dereferencing "Block" which will lead to CRASH.

Hence, for safety add NULL pointer checks always.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4221

Cc: Ray Ni <ray.ni@intel.com>
Co-authored-by: Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c | 29 ++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c b/MdeModulePkg/Bus/Pci=
/XhciDxe/UsbHcMem.c
index b54187ec228e..597cbe4646e8 100644
--- a/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c
+++ b/MdeModulePkg/Bus/Pci/XhciDxe/UsbHcMem.c
@@ -267,6 +267,16 @@ UsbHcGetPciAddrForHostAddr (
   }
=20
   ASSERT ((Block !=3D NULL));
+
+  if (Block =3D=3D NULL) {
+    //
+    // Should never be here
+    //
+    DEBUG ((DEBUG_ERROR, "UsbHcGetPciAddrForHostAddr: Invalid host memory =
pointer passed\n"));
+    CpuDeadLoop ();
+    return 0;
+  }
+
   //
   // calculate the pci memory address for host memory address.
   //
@@ -322,6 +332,16 @@ UsbHcGetHostAddrForPciAddr (
   }
=20
   ASSERT ((Block !=3D NULL));
+
+  if (Block =3D=3D NULL) {
+    //
+    // Should never be here
+    //
+    DEBUG ((DEBUG_ERROR, "UsbHcGetHostAddrForPciAddr: Invalid pci memory p=
ointer passed\n"));
+    CpuDeadLoop ();
+    return 0;
+  }
+
   //
   // calculate the pci memory address for host memory address.
   //
@@ -603,6 +623,15 @@ UsbHcFreeMem (
   //
   ASSERT (Block !=3D NULL);
=20
+  if (Block =3D=3D NULL) {
+    //
+    // Should never be here
+    //
+    DEBUG ((DEBUG_ERROR, "UsbHcFreeMem: Invalid memory pointer passed\n"));
+    CpuDeadLoop ();
+    return;
+  }
+
   //
   // Release the current memory block if it is empty and not the head
   //
--=20
2.34.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111012): https://edk2.groups.io/g/devel/message/111012
Mute This Topic: https://groups.io/mt/102502055/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-