<p>Francois Toguo Fotso has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/c/coreboot/+/30098">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">Fix potential NULL pointer dereferences and memory leak.<br><br>Found-by: Klockwork<br>BUG=None<br>TEST=Boot to OS<br><br>Change-Id: I38a8910e68b7a8ce0e97ca4cdb9ef7f595c0e319<br>Signed-off-by: Francois Toguo <francois.toguo.fotso@intel.com><br>---<br>M src/arch/x86/acpi_device.c<br>M src/arch/x86/acpigen.c<br>M src/include/nhlt.h<br>M src/lib/nhlt.c<br>M src/soc/intel/common/nhlt.c<br>5 files changed, 17 insertions(+), 20 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/30098/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c</span><br><span>index 48b7fee..12bd1ad 100644</span><br><span>--- a/src/arch/x86/acpi_device.c</span><br><span>+++ b/src/arch/x86/acpi_device.c</span><br><span>@@ -635,8 +635,10 @@</span><br><span>       char *dp_count, *prop_count;</span><br><span>         int child_count = 0;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-        if (!table || table->type != ACPI_DP_TYPE_TABLE)</span><br><span style="color: hsl(120, 100%, 40%);">+   if (!table || table->type != ACPI_DP_TYPE_TABLE) {</span><br><span style="color: hsl(120, 100%, 40%);">+         acpi_dp_free(table);</span><br><span>                 return;</span><br><span style="color: hsl(120, 100%, 40%);">+       }</span><br><span> </span><br><span>        /* Name (name) */</span><br><span>    acpigen_write_name(table->name);</span><br><span>diff --git a/src/arch/x86/acpigen.c b/src/arch/x86/acpigen.c</span><br><span>index 290893d..00aec60 100644</span><br><span>--- a/src/arch/x86/acpigen.c</span><br><span>+++ b/src/arch/x86/acpigen.c</span><br><span>@@ -286,6 +286,13 @@</span><br><span>      int dotcount = 0, i;</span><br><span>         int dotpos = 0;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+   /* If we have a null pointer. Then we need to put a null</span><br><span style="color: hsl(120, 100%, 40%);">+         name (0x00). */</span><br><span style="color: hsl(120, 100%, 40%);">+    if (!namepath) {</span><br><span style="color: hsl(120, 100%, 40%);">+              acpigen_emit_byte(ZERO_OP);</span><br><span style="color: hsl(120, 100%, 40%);">+           return;</span><br><span style="color: hsl(120, 100%, 40%);">+       }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span>  /* We can start with a '\'. */</span><br><span>       if (namepath[0] == '\\') {</span><br><span>           acpigen_emit_byte('\\');</span><br><span>@@ -369,23 +376,6 @@</span><br><span>      acpigen_pop_len();</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-/* Method to notify all CPU cores */</span><br><span style="color: hsl(0, 100%, 40%);">-void acpigen_write_processor_cnot(const unsigned int number_of_cores)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">-   int core_id;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-    acpigen_write_method("\\_PR.CNOT", 1);</span><br><span style="color: hsl(0, 100%, 40%);">-        for (core_id = 0; core_id < number_of_cores; core_id++) {</span><br><span style="color: hsl(0, 100%, 40%);">-            char buffer[DEVICE_PATH_MAX];</span><br><span style="color: hsl(0, 100%, 40%);">-           snprintf(buffer, sizeof(buffer), CONFIG_ACPI_CPU_STRING,</span><br><span style="color: hsl(0, 100%, 40%);">-                         core_id);</span><br><span style="color: hsl(0, 100%, 40%);">-              acpigen_emit_byte(NOTIFY_OP);</span><br><span style="color: hsl(0, 100%, 40%);">-           acpigen_emit_namestring(buffer);</span><br><span style="color: hsl(0, 100%, 40%);">-                acpigen_emit_byte(ARG0_OP);</span><br><span style="color: hsl(0, 100%, 40%);">-     }</span><br><span style="color: hsl(0, 100%, 40%);">-       acpigen_pop_len();</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /*</span><br><span>  * Generate ACPI AML code for OperationRegion</span><br><span>  * Arg0: Pointer to struct opregion opreg = OPREGION(rname, space, offset, len)</span><br><span>diff --git a/src/include/nhlt.h b/src/include/nhlt.h</span><br><span>index a361ed8..5fdb191 100644</span><br><span>--- a/src/include/nhlt.h</span><br><span>+++ b/src/include/nhlt.h</span><br><span>@@ -57,6 +57,9 @@</span><br><span> /* Return the size of the NHLT table including APCI header. */</span><br><span> size_t nhlt_current_size(struct nhlt *nhlt);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* Frees the allocated resources/memory for NHLT table */</span><br><span style="color: hsl(120, 100%, 40%);">+void nhlt_free_resources(struct nhlt *nhlt);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /*</span><br><span>  * Helper functions for adding NHLT devices utilizing an nhlt_endp_descriptor</span><br><span>  * to drive the logic.</span><br><span>diff --git a/src/lib/nhlt.c b/src/lib/nhlt.c</span><br><span>index 5001c38..0db5f7d 100644</span><br><span>--- a/src/lib/nhlt.c</span><br><span>+++ b/src/lib/nhlt.c</span><br><span>@@ -279,7 +279,7 @@</span><br><span>  return calc_size(nhlt) + sizeof(acpi_header_t);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static void nhlt_free_resources(struct nhlt *nhlt)</span><br><span style="color: hsl(120, 100%, 40%);">+void nhlt_free_resources(struct nhlt *nhlt)</span><br><span> {</span><br><span>         int i;</span><br><span>       int j;</span><br><span>diff --git a/src/soc/intel/common/nhlt.c b/src/soc/intel/common/nhlt.c</span><br><span>index a268ea6..5ecb641 100644</span><br><span>--- a/src/soc/intel/common/nhlt.c</span><br><span>+++ b/src/soc/intel/common/nhlt.c</span><br><span>@@ -30,8 +30,10 @@</span><br><span> </span><br><span>     gnvs = cbmem_find(CBMEM_ID_ACPI_GNVS);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-      if (gnvs == NULL)</span><br><span style="color: hsl(120, 100%, 40%);">+     if (gnvs == NULL) {</span><br><span style="color: hsl(120, 100%, 40%);">+           nhlt_free_resources(nhlt);</span><br><span>           return acpi_addr;</span><br><span style="color: hsl(120, 100%, 40%);">+     }</span><br><span> </span><br><span>        /* Update NHLT GNVS Data */</span><br><span>  gnvs->nhla = (uintptr_t)acpi_addr;</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/c/coreboot/+/30098">change 30098</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/c/coreboot/+/30098"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I38a8910e68b7a8ce0e97ca4cdb9ef7f595c0e319 </div>
<div style="display:none"> Gerrit-Change-Number: 30098 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Francois Toguo Fotso <francois.toguo.fotso@intel.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>