[edk2-devel] [PATCH 06/10] OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer

Fri, 12 Apr 2019 16:32:14 -0700 

The real mode interrupt vector table, which we modify for the sake of
Windows 7, starts at address 0, which happens to be the representation of
null pointers on all edk2 architectures. A null pointer may never undergo
pointer arithmetic, and RH covscan justifiedly reports:

> Error: CPPCHECK_WARNING (CWE-682):
> edk2-89910a39dcfd/OvmfPkg/QemuVideoDxe/VbeShim.c:105:
> error[nullPointerArithmetic]: Pointer addition with NULL pointer.
> #  103|     //
> #  104|     Segment0Pages = 1;
> #  105|->   Int0x10       = (IVT_ENTRY *)(UINTN)Segment0 + 0x10;
> #  106|     Segment0AllocationStatus = gBS->AllocatePages (
> #  107|                                       AllocateAddress,

Fix this by calculating the EFI_PHYSICAL_ADDRESS of IVT entry 0x10 first,
and by casting the address to the right type second.

Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
Cc: Jordan Justen <jordan.l.jus...@intel.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710
Issue: scan-1002.txt
Signed-off-by: Laszlo Ersek <ler...@redhat.com>
---
 OvmfPkg/QemuVideoDxe/VbeShim.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.c b/OvmfPkg/QemuVideoDxe/VbeShim.c
index 69081f09e630..c23dc984d453 100644
--- a/OvmfPkg/QemuVideoDxe/VbeShim.c
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.c
@@ -91,17 +91,17 @@ InstallVbeShim (
   // Attempt to cover the real mode IVT with an allocation. This is a UEFI
   // driver, hence the arch protocols have been installed previously. Among
   // those, the CPU arch protocol has configured the IDT, so we can overwrite
   // the IVT used in real mode.
   //
   // The allocation request may fail, eg. if LegacyBiosDxe has already run.
   //
   Segment0Pages = 1;
-  Int0x10       = (IVT_ENTRY *)(UINTN)Segment0 + 0x10;
+  Int0x10       = (IVT_ENTRY *)(UINTN)(Segment0 + 0x10 * sizeof (IVT_ENTRY));
   Segment0AllocationStatus = gBS->AllocatePages (
                                     AllocateAddress,
                                     EfiBootServicesCode,
                                     Segment0Pages,
                                     &Segment0
                                     );
 
   if (EFI_ERROR (Segment0AllocationStatus)) {
-- 
2.19.1.3.g30247aa5d201



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#38991): https://edk2.groups.io/g/devel/message/38991
Mute This Topic: https://groups.io/mt/31070306/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to