Skip to content
Permalink
Browse files
EmbeddedPkg/NonCoherentDmaLib: avoid dereferencing bogus buffer address
The bounce buffering code in NonCoherentDmaLib copies data into the
bounce buffer using CopyMem(), but passes Map->HostAddress as the
source of the copy before it has been assigned its correct value.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Andrei Warkentin <awarkentin@vmware.com>
  • Loading branch information
Ard Biesheuvel authored and mergify[bot] committed Jun 17, 2020
1 parent 2d233af commit 8f22a331b955bd3f8077c7fa83bafeec566d6718
Showing 1 changed file with 1 addition and 2 deletions.
@@ -225,8 +225,7 @@ DmaMap (
}

if (Map->Operation == MapOperationBusMasterRead) {
CopyMem (Map->BufferAddress, (VOID *)(UINTN)Map->HostAddress,
*NumberOfBytes);
CopyMem (Map->BufferAddress, (VOID *)(UINTN)HostAddress, *NumberOfBytes);
}
mCpu->FlushDataCache (mCpu, (UINTN)Map->BufferAddress, AllocSize,
EfiCpuFlushTypeWriteBack);

0 comments on commit 8f22a33

Please sign in to comment.