summaryrefslogtreecommitdiff
path: root/src/arch/x86
diff options
context:
space:
mode:
authorJohn Zhao <john.zhao@intel.com>2019-05-28 16:48:14 -0700
committerFelix Held <felix-coreboot@felixheld.de>2019-06-05 11:43:39 +0000
commit2ba303e49d03b3e0a77a6b2adde07e38a3aa5c1a (patch)
tree1f9adeadc87fb2c9a1b9917c638c57a53b4180a1 /src/arch/x86
parent742df5ad34c0ad4d2bae2373ace6440c4cb6b792 (diff)
downloadcoreboot-2ba303e49d03b3e0a77a6b2adde07e38a3aa5c1a.tar.xz
src/arch/x86: Prevent attack on null pointer dereference
Clang Static Analyzer version 8.0.0 detects null pointer argument in call to memory copy function. Add sanity check for pointer header to prevent null pointer dereference. TEST=Built and boot up to kernel. Change-Id: I7027b7cae3009a5481048bfa0536a6cbd9bef683 Signed-off-by: John Zhao <john.zhao@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33051 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Diffstat (limited to 'src/arch/x86')
-rw-r--r--src/arch/x86/acpi.c53
1 files changed, 52 insertions, 1 deletions
diff --git a/src/arch/x86/acpi.c b/src/arch/x86/acpi.c
index d1dcd03652..bf9813cbfe 100644
--- a/src/arch/x86/acpi.c
+++ b/src/arch/x86/acpi.c
@@ -218,6 +218,9 @@ void acpi_create_madt(acpi_madt_t *madt)
memset((void *)madt, 0, sizeof(acpi_madt_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "APIC", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -248,6 +251,9 @@ void acpi_create_mcfg(acpi_mcfg_t *mcfg)
memset((void *)mcfg, 0, sizeof(acpi_mcfg_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "MCFG", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -302,6 +308,9 @@ static void acpi_create_tcpa(acpi_tcpa_t *tcpa)
if (!lasa)
return;
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "TCPA", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -361,6 +370,9 @@ static void acpi_create_tpm2(acpi_tpm2_t *tpm2)
if (!lasa)
tpm2_log_len = 0;
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "TPM2", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -481,6 +493,9 @@ void acpi_create_srat(acpi_srat_t *srat,
memset((void *)srat, 0, sizeof(acpi_srat_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "SRAT", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -508,6 +523,9 @@ void acpi_create_dmar(acpi_dmar_t *dmar, enum dmar_flags flags,
memset((void *)dmar, 0, sizeof(acpi_dmar_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "DMAR", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -669,6 +687,9 @@ void acpi_create_slit(acpi_slit_t *slit,
memset((void *)slit, 0, sizeof(acpi_slit_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "SLIT", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -694,6 +715,9 @@ void acpi_create_hpet(acpi_hpet_t *hpet)
memset((void *)hpet, 0, sizeof(acpi_hpet_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "HPET", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -728,6 +752,9 @@ void acpi_create_vfct(struct device *device,
memset((void *)vfct, 0, sizeof(struct acpi_vfct));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "VFCT", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -754,6 +781,9 @@ void acpi_create_ivrs(acpi_ivrs_t *ivrs,
memset((void *)ivrs, 0, sizeof(acpi_ivrs_t));
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "IVRS", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -807,6 +837,10 @@ void acpi_create_dbg2(acpi_dbg2_header_t *dbg2,
current = (uintptr_t)dbg2;
memset(dbg2, 0, sizeof(acpi_dbg2_header_t));
header = &(dbg2->header);
+
+ if (!header)
+ return;
+
header->revision = get_acpi_table_revision(DBG2);
memcpy(header->signature, "DBG2", 4);
memcpy(header->oem_id, OEM_ID, 6);
@@ -926,6 +960,9 @@ static void acpi_write_rsdt(acpi_rsdt_t *rsdt, char *oem_id, char *oem_table_id)
{
acpi_header_t *header = &(rsdt->header);
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "RSDT", 4);
memcpy(header->oem_id, oem_id, 6);
@@ -946,6 +983,9 @@ static void acpi_write_xsdt(acpi_xsdt_t *xsdt, char *oem_id, char *oem_table_id)
{
acpi_header_t *header = &(xsdt->header);
+ if (!header)
+ return;
+
/* Fill out header fields. */
memcpy(header->signature, "XSDT", 4);
memcpy(header->oem_id, oem_id, 6);
@@ -1046,7 +1086,8 @@ unsigned long acpi_create_hest_error_source(acpi_hest_t *hest,
memcpy(pos, data, data_len);
len += data_len;
- header->length += len;
+ if (header)
+ header->length += len;
return len;
}
@@ -1059,6 +1100,9 @@ void acpi_write_hest(acpi_hest_t *hest,
memset(hest, 0, sizeof(acpi_hest_t));
+ if (!header)
+ return;
+
memcpy(header->signature, "HEST", 4);
memcpy(header->oem_id, OEM_ID, 6);
memcpy(header->oem_table_id, ACPI_TABLE_CREATOR, 8);
@@ -1080,6 +1124,9 @@ void acpi_write_bert(acpi_bert_t *bert, uintptr_t region, size_t length)
memset(bert, 0, sizeof(acpi_bert_t));
+ if (!header)
+ return;
+
memcpy(header->signature, "BERT", 4);
memcpy(header->oem_id, OEM_ID, 6);
memcpy(header->oem_table_id, ACPI_TABLE_CREATOR, 8);
@@ -1101,6 +1148,10 @@ void acpi_create_fadt(acpi_fadt_t *fadt, acpi_facs_t *facs, void *dsdt)
acpi_header_t *header = &(fadt->header);
memset((void *) fadt, 0, sizeof(acpi_fadt_t));
+
+ if (!header)
+ return;
+
memcpy(header->signature, "FACP", 4);
header->length = sizeof(acpi_fadt_t);
header->revision = get_acpi_table_revision(FADT);