diff options
author | John Zhao <john.zhao@intel.com> | 2019-05-28 16:48:14 -0700 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2019-06-05 11:43:39 +0000 |
commit | 2ba303e49d03b3e0a77a6b2adde07e38a3aa5c1a (patch) | |
tree | 1f9adeadc87fb2c9a1b9917c638c57a53b4180a1 /src | |
parent | 742df5ad34c0ad4d2bae2373ace6440c4cb6b792 (diff) | |
download | coreboot-2ba303e49d03b3e0a77a6b2adde07e38a3aa5c1a.tar.xz |
src/arch/x86: Prevent attack on null pointer dereference
Clang Static Analyzer version 8.0.0 detects null pointer argument
in call to memory copy function. Add sanity check for pointer header
to prevent null pointer dereference.
TEST=Built and boot up to kernel.
Change-Id: I7027b7cae3009a5481048bfa0536a6cbd9bef683
Signed-off-by: John Zhao <john.zhao@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33051
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/arch/x86/acpi.c | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/src/arch/x86/acpi.c b/src/arch/x86/acpi.c index d1dcd03652..bf9813cbfe 100644 --- a/src/arch/x86/acpi.c +++ b/src/arch/x86/acpi.c @@ -218,6 +218,9 @@ void acpi_create_madt(acpi_madt_t *madt) memset((void *)madt, 0, sizeof(acpi_madt_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "APIC", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -248,6 +251,9 @@ void acpi_create_mcfg(acpi_mcfg_t *mcfg) memset((void *)mcfg, 0, sizeof(acpi_mcfg_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "MCFG", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -302,6 +308,9 @@ static void acpi_create_tcpa(acpi_tcpa_t *tcpa) if (!lasa) return; + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "TCPA", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -361,6 +370,9 @@ static void acpi_create_tpm2(acpi_tpm2_t *tpm2) if (!lasa) tpm2_log_len = 0; + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "TPM2", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -481,6 +493,9 @@ void acpi_create_srat(acpi_srat_t *srat, memset((void *)srat, 0, sizeof(acpi_srat_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "SRAT", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -508,6 +523,9 @@ void acpi_create_dmar(acpi_dmar_t *dmar, enum dmar_flags flags, memset((void *)dmar, 0, sizeof(acpi_dmar_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "DMAR", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -669,6 +687,9 @@ void acpi_create_slit(acpi_slit_t *slit, memset((void *)slit, 0, sizeof(acpi_slit_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "SLIT", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -694,6 +715,9 @@ void acpi_create_hpet(acpi_hpet_t *hpet) memset((void *)hpet, 0, sizeof(acpi_hpet_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "HPET", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -728,6 +752,9 @@ void acpi_create_vfct(struct device *device, memset((void *)vfct, 0, sizeof(struct acpi_vfct)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "VFCT", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -754,6 +781,9 @@ void acpi_create_ivrs(acpi_ivrs_t *ivrs, memset((void *)ivrs, 0, sizeof(acpi_ivrs_t)); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "IVRS", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -807,6 +837,10 @@ void acpi_create_dbg2(acpi_dbg2_header_t *dbg2, current = (uintptr_t)dbg2; memset(dbg2, 0, sizeof(acpi_dbg2_header_t)); header = &(dbg2->header); + + if (!header) + return; + header->revision = get_acpi_table_revision(DBG2); memcpy(header->signature, "DBG2", 4); memcpy(header->oem_id, OEM_ID, 6); @@ -926,6 +960,9 @@ static void acpi_write_rsdt(acpi_rsdt_t *rsdt, char *oem_id, char *oem_table_id) { acpi_header_t *header = &(rsdt->header); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "RSDT", 4); memcpy(header->oem_id, oem_id, 6); @@ -946,6 +983,9 @@ static void acpi_write_xsdt(acpi_xsdt_t *xsdt, char *oem_id, char *oem_table_id) { acpi_header_t *header = &(xsdt->header); + if (!header) + return; + /* Fill out header fields. */ memcpy(header->signature, "XSDT", 4); memcpy(header->oem_id, oem_id, 6); @@ -1046,7 +1086,8 @@ unsigned long acpi_create_hest_error_source(acpi_hest_t *hest, memcpy(pos, data, data_len); len += data_len; - header->length += len; + if (header) + header->length += len; return len; } @@ -1059,6 +1100,9 @@ void acpi_write_hest(acpi_hest_t *hest, memset(hest, 0, sizeof(acpi_hest_t)); + if (!header) + return; + memcpy(header->signature, "HEST", 4); memcpy(header->oem_id, OEM_ID, 6); memcpy(header->oem_table_id, ACPI_TABLE_CREATOR, 8); @@ -1080,6 +1124,9 @@ void acpi_write_bert(acpi_bert_t *bert, uintptr_t region, size_t length) memset(bert, 0, sizeof(acpi_bert_t)); + if (!header) + return; + memcpy(header->signature, "BERT", 4); memcpy(header->oem_id, OEM_ID, 6); memcpy(header->oem_table_id, ACPI_TABLE_CREATOR, 8); @@ -1101,6 +1148,10 @@ void acpi_create_fadt(acpi_fadt_t *fadt, acpi_facs_t *facs, void *dsdt) acpi_header_t *header = &(fadt->header); memset((void *) fadt, 0, sizeof(acpi_fadt_t)); + + if (!header) + return; + memcpy(header->signature, "FACP", 4); header->length = sizeof(acpi_fadt_t); header->revision = get_acpi_table_revision(FADT); |