From 52d229238b2d3a24347d1ff9c2c3f884e51a3e1c Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Fri, 12 Apr 2019 16:13:48 +0200 Subject: OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer The real mode interrupt vector table, which we modify for the sake of Windows 7, starts at address 0, which happens to be the representation of null pointers on all edk2 architectures. A null pointer may never undergo pointer arithmetic, and RH covscan justifiedly reports: > Error: CPPCHECK_WARNING (CWE-682): > edk2-89910a39dcfd/OvmfPkg/QemuVideoDxe/VbeShim.c:105: > error[nullPointerArithmetic]: Pointer addition with NULL pointer. > # 103| // > # 104| Segment0Pages = 1; > # 105|-> Int0x10 = (IVT_ENTRY *)(UINTN)Segment0 + 0x10; > # 106| Segment0AllocationStatus = gBS->AllocatePages ( > # 107| AllocateAddress, Fix this by calculating the EFI_PHYSICAL_ADDRESS of IVT entry 0x10 first, and by casting the address to the right type second. Cc: Ard Biesheuvel Cc: Jordan Justen Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710 Issue: scan-1002.txt Signed-off-by: Laszlo Ersek Acked-by: Ard Biesheuvel --- OvmfPkg/QemuVideoDxe/VbeShim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OvmfPkg') diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.c b/OvmfPkg/QemuVideoDxe/VbeShim.c index 69081f09e6..c23dc984d4 100644 --- a/OvmfPkg/QemuVideoDxe/VbeShim.c +++ b/OvmfPkg/QemuVideoDxe/VbeShim.c @@ -96,7 +96,7 @@ InstallVbeShim ( // The allocation request may fail, eg. if LegacyBiosDxe has already run. // Segment0Pages = 1; - Int0x10 = (IVT_ENTRY *)(UINTN)Segment0 + 0x10; + Int0x10 = (IVT_ENTRY *)(UINTN)(Segment0 + 0x10 * sizeof (IVT_ENTRY)); Segment0AllocationStatus = gBS->AllocatePages ( AllocateAddress, EfiBootServicesCode, -- cgit v1.2.3