From c8ecaaf5e3d3f9b81d73f329501d3fa39739bd41 Mon Sep 17 00:00:00 2001
From: Ruiyu Ni <ruiyu.ni@intel.com>
Date: Tue, 26 Jul 2016 21:07:19 +0800
Subject: PcAtChipsetPkg/PcRtc: Fix a NULL pointer deference issue

When a platform which doesn't support ACPI 1.0 (no XSDT) and FADT
is not produced at the first time when ACPI table is published,
GetCenturyRtcAddress() unconditionally deference Rsdp->RsdtAddress
but Rsdp->RsdtAddress is 0 in this case.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
---
 PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c | 31 ++++++++++++----------
 1 file changed, 17 insertions(+), 14 deletions(-)

(limited to 'PcAtChipsetPkg')

diff --git a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c
index 40d2e49173..2bb41e7e81 100644
--- a/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c
+++ b/PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c
@@ -1250,8 +1250,6 @@ GetCenturyRtcAddress (
 {
   EFI_STATUS                                    Status;
   EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER  *Rsdp;
-  EFI_ACPI_DESCRIPTION_HEADER                   *Rsdt;
-  EFI_ACPI_DESCRIPTION_HEADER                   *Xsdt;
   EFI_ACPI_2_0_FIXED_ACPI_DESCRIPTION_TABLE     *Fadt;
 
   Status = EfiGetSystemConfigurationTable (&gEfiAcpiTableGuid, (VOID **) &Rsdp);
@@ -1259,27 +1257,32 @@ GetCenturyRtcAddress (
     Status = EfiGetSystemConfigurationTable (&gEfiAcpi10TableGuid, (VOID **) &Rsdp);
   }
 
-  if (EFI_ERROR (Status)) {
+  if (EFI_ERROR (Status) || (Rsdp == NULL)) {
     return 0;
   }
 
-  ASSERT (Rsdp != NULL);
+  Fadt = NULL;
 
   //
   // Find FADT in XSDT
   //
-  Fadt = NULL;
-  if (Rsdp->Revision >= EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER_REVISION) {
-    Xsdt = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) Rsdp->XsdtAddress;
-    Fadt = ScanTableInSDT (Xsdt, EFI_ACPI_2_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE, sizeof (UINTN));
+  if (Rsdp->Revision >= EFI_ACPI_2_0_ROOT_SYSTEM_DESCRIPTION_POINTER_REVISION && Rsdp->XsdtAddress != 0) {
+    Fadt = ScanTableInSDT (
+             (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) Rsdp->XsdtAddress,
+             EFI_ACPI_2_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
+             sizeof (UINTN)
+             );
   }
 
-  if (Fadt == NULL) {
-    //
-    // Find FADT in RSDT
-    //
-    Rsdt = (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) Rsdp->RsdtAddress;
-    Fadt = ScanTableInSDT (Rsdt, EFI_ACPI_2_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE, sizeof (UINT32));
+  //
+  // Find FADT in RSDT
+  //
+  if (Fadt == NULL && Rsdp->RsdtAddress != 0) {
+    Fadt = ScanTableInSDT (
+             (EFI_ACPI_DESCRIPTION_HEADER *) (UINTN) Rsdp->RsdtAddress,
+             EFI_ACPI_2_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
+             sizeof (UINT32)
+             );
   }
 
   if ((Fadt != NULL) &&
-- 
cgit v1.2.3