[coreboot-gerrit] Change in ...coreboot[master]: Fix potential NULL pointer dereferences and memory leak.

Francois Toguo Fotso (Code Review) gerrit at coreboot.org
Fri Dec 7 05:01:53 CET 2018 

Francois Toguo Fotso has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30098


Change subject: Fix potential NULL pointer dereferences and memory leak.
......................................................................

Fix potential NULL pointer dereferences and memory leak.

Found-by: Klockwork
BUG=None
TEST=Boot to OS

Change-Id: I38a8910e68b7a8ce0e97ca4cdb9ef7f595c0e319
Signed-off-by: Francois Toguo <francois.toguo.fotso at intel.com>
---
M src/arch/x86/acpi_device.c
M src/arch/x86/acpigen.c
M src/include/nhlt.h
M src/lib/nhlt.c
M src/soc/intel/common/nhlt.c
5 files changed, 17 insertions(+), 20 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/98/30098/1

diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c
index 48b7fee..12bd1ad 100644
--- a/src/arch/x86/acpi_device.c
+++ b/src/arch/x86/acpi_device.c
@@ -635,8 +635,10 @@
 	char *dp_count, *prop_count;
 	int child_count = 0;
 
-	if (!table || table->type != ACPI_DP_TYPE_TABLE)
+	if (!table || table->type != ACPI_DP_TYPE_TABLE) {
+		acpi_dp_free(table);
 		return;
+	}
 
 	/* Name (name) */
 	acpigen_write_name(table->name);
diff --git a/src/arch/x86/acpigen.c b/src/arch/x86/acpigen.c
index 290893d..00aec60 100644
--- a/src/arch/x86/acpigen.c
+++ b/src/arch/x86/acpigen.c
@@ -286,6 +286,13 @@
 	int dotcount = 0, i;
 	int dotpos = 0;
 
+	/* If we have a null pointer. Then we need to put a null
+	   name (0x00). */
+	if (!namepath) {
+		acpigen_emit_byte(ZERO_OP);
+		return;
+	}
+
 	/* We can start with a '\'. */
 	if (namepath[0] == '\\') {
 		acpigen_emit_byte('\\');
@@ -369,23 +376,6 @@
 	acpigen_pop_len();
 }
 
-/* Method to notify all CPU cores */
-void acpigen_write_processor_cnot(const unsigned int number_of_cores)
-{
-	int core_id;
-
-	acpigen_write_method("\\_PR.CNOT", 1);
-	for (core_id = 0; core_id < number_of_cores; core_id++) {
-		char buffer[DEVICE_PATH_MAX];
-		snprintf(buffer, sizeof(buffer), CONFIG_ACPI_CPU_STRING,
-			 core_id);
-		acpigen_emit_byte(NOTIFY_OP);
-		acpigen_emit_namestring(buffer);
-		acpigen_emit_byte(ARG0_OP);
-	}
-	acpigen_pop_len();
-}
-
 /*
  * Generate ACPI AML code for OperationRegion
  * Arg0: Pointer to struct opregion opreg = OPREGION(rname, space, offset, len)
diff --git a/src/include/nhlt.h b/src/include/nhlt.h
index a361ed8..5fdb191 100644
--- a/src/include/nhlt.h
+++ b/src/include/nhlt.h
@@ -57,6 +57,9 @@
 /* Return the size of the NHLT table including APCI header. */
 size_t nhlt_current_size(struct nhlt *nhlt);
 
+/* Frees the allocated resources/memory for NHLT table */
+void nhlt_free_resources(struct nhlt *nhlt);
+
 /*
  * Helper functions for adding NHLT devices utilizing an nhlt_endp_descriptor
  * to drive the logic.
diff --git a/src/lib/nhlt.c b/src/lib/nhlt.c
index 5001c38..0db5f7d 100644
--- a/src/lib/nhlt.c
+++ b/src/lib/nhlt.c
@@ -279,7 +279,7 @@
 	return calc_size(nhlt) + sizeof(acpi_header_t);
 }
 
-static void nhlt_free_resources(struct nhlt *nhlt)
+void nhlt_free_resources(struct nhlt *nhlt)
 {
 	int i;
 	int j;
diff --git a/src/soc/intel/common/nhlt.c b/src/soc/intel/common/nhlt.c
index a268ea6..5ecb641 100644
--- a/src/soc/intel/common/nhlt.c
+++ b/src/soc/intel/common/nhlt.c
@@ -30,8 +30,10 @@
 
 	gnvs = cbmem_find(CBMEM_ID_ACPI_GNVS);
 
-	if (gnvs == NULL)
+	if (gnvs == NULL) {
+		nhlt_free_resources(nhlt);
 		return acpi_addr;
+	}
 
 	/* Update NHLT GNVS Data */
 	gnvs->nhla = (uintptr_t)acpi_addr;

-- 
To view, visit https://review.coreboot.org/c/coreboot/+/30098
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I38a8910e68b7a8ce0e97ca4cdb9ef7f595c0e319
Gerrit-Change-Number: 30098
Gerrit-PatchSet: 1
Gerrit-Owner: Francois Toguo Fotso <francois.toguo.fotso at intel.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181207/0ec021fe/attachment.html>

More information about the coreboot-gerrit mailing list