Solving potential null pointer dereference in SpiNorFlashJedecSfdp #10924
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
⚠ WARNING: Cannot add some reviewers: A user specified as a reviewer for this PR is not a collaborator of the repository. Please add them as a collaborator to the repository so they can be requested in the future. Non-collaborators requested: Attn Admins: Admin Instructions:
|
Contributor
|
@PaddyDengKC , please refer to https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format to update the commit message. |
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
2 times, most recently
from
34bc9ad to
a6bb5b8
Compare
Contributor
Author
@lgao4 Have updated the commit message. Sorry for the inconvenience. |
changab
reviewed
Apr 7, 2025
6 tasks
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
from
a6bb5b8 to
bb24abb
Compare
Contributor
Author
apop5
reviewed
Apr 24, 2025
Contributor
This comment was marked as abuse.
This comment was marked as abuse.
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
from
bb24abb to
edd74a3
Compare
Contributor
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
2 times, most recently
from
6014601 to
daf2892
Compare
Member
|
@apop5 , are you ok with the latest code change based on your feedback? |
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
2 times, most recently
from
7161e79 to
8fe13c9
Compare
apop5
approved these changes
May 2, 2025
Contributor
Yes, I'm okay with the latest. |
…ecSfdp
The pointer `Instance->SfdpBasicFlash` can be used before initializing.
Example code flow:
- CreateSpiNorFlashSfdpInstance: Allocate pool for `Instance`
- InitialSpiNorFlashSfdpInstance
- ReadSfdp
- ReadSfdpHeader
- FillWriteBuffer: Dereferencing
`Instance->SfdpBasicFlash`
- ReadSfdpBasicParameterTable: Allocate pool for
`Instance->SfdpBasicFlash`
Check both `Instance` and `Instance->SfdpBasicFlash` should have
a non null value before dereferencing it. Otherwise use the defaut
value 0.
Also terminate the function if `Instance` or `WriteBuffer` is NULL.
Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
PaddyDengKC
force-pushed
the
v-paddydeng/SpiNorFlashJedecSfdpNullDeref
branch
from
8fe13c9 to
be15dd0
Compare
lgao4
approved these changes
May 5, 2025
Contributor
PaddyDengKC
added a commit
to PaddyDengKC/edk2
that referenced
this pull request
May 9, 2025
Fix false positive assert added in tianocore#10924 Functon `FillWriteBuffer()` should able to accept NULL WriteBuffer when WriteBytes equals 0. Use case: ``` // Read Status register TransactionBufferLength = FillWriteBuffer ( Instance, SPI_FLASH_RDSR, SPI_FLASH_RDSR_DUMMY, SPI_FLASH_RDSR_ADDR_BYTES, FALSE, 0, 0, // WriteBytes = 0 NULL // WriteBuffer can be NULL ); ``` Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
3 tasks
mergify bot
pushed a commit
that referenced
this pull request
May 26, 2025
Fix false positive assert added in #10924 Functon `FillWriteBuffer()` should able to accept NULL WriteBuffer when WriteBytes equals 0. Use case: ``` // Read Status register TransactionBufferLength = FillWriteBuffer ( Instance, SPI_FLASH_RDSR, SPI_FLASH_RDSR_DUMMY, SPI_FLASH_RDSR_ADDR_BYTES, FALSE, 0, 0, // WriteBytes = 0 NULL // WriteBuffer can be NULL ); ``` Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
GowthamM9974
pushed a commit
to GowthamM9974/edk2
that referenced
this pull request
Jul 8, 2025
Fix false positive assert added in tianocore#10924 Functon `FillWriteBuffer()` should able to accept NULL WriteBuffer when WriteBytes equals 0. Use case: ``` // Read Status register TransactionBufferLength = FillWriteBuffer ( Instance, SPI_FLASH_RDSR, SPI_FLASH_RDSR_DUMMY, SPI_FLASH_RDSR_ADDR_BYTES, FALSE, 0, 0, // WriteBytes = 0 NULL // WriteBuffer can be NULL ); ``` Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
garybeihl
pushed a commit
to garybeihl/edk2
that referenced
this pull request
Aug 20, 2025
Fix false positive assert added in tianocore#10924 Functon `FillWriteBuffer()` should able to accept NULL WriteBuffer when WriteBytes equals 0. Use case: ``` // Read Status register TransactionBufferLength = FillWriteBuffer ( Instance, SPI_FLASH_RDSR, SPI_FLASH_RDSR_DUMMY, SPI_FLASH_RDSR_ADDR_BYTES, FALSE, 0, 0, // WriteBytes = 0 NULL // WriteBuffer can be NULL ); ``` Signed-off-by: Paddy Deng <v-paddydeng@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Instance->SfdpBasicFlashcan be used before initializing.Example code flow:
CreateSpiNorFlashSfdpInstance: Allocate pool for
InstanceInstance->SfdpBasicFlashInstance->SfdpBasicFlashBreaking change?
Impacts security?
Includes tests?
How This Was Tested
Test with NULL Detection feature enabled, an exception was fixed by this code change.
Integration Instructions
NA