Potential null pointer dereference on pointer Token (Bugzilla Bug 2286)

[tianocore-issues]

This issue was created automatically with bugzilla2github

Bugzilla Bug 2286

Date: 2019-10-18T05:19:44+00:00
From: Colin Ian King <<colin.king>>
To: newexplorerj
CC: guomin.jiang, nobody

Last updated: 2020-03-26T21:58:58+00:00

[tianocore-issues]

Comment 10098

Date: 2019-10-18 05:19:44 +0000
From: Colin Ian King <<colin.king>>

• Industry Specification: ---
• Target OS: ---
• Bugzilla Assignee(s): newexplorerj

In source MdeModulePkg/Bus/Sd/SdDxe/SdBlockIo.c, function SdEraseBlocks there is a potential null pointer dereference on pointer Token:

The following code checks if Token is potentially null, implying that it could possibly be null:

1349 if ((Token != NULL) && (Token->Event != NULL)) {
1350 Token->TransactionStatus = EFI_SUCCESS;
1351 }

and later, the potentially null Token pointer is being dereferenced:

1370 DEBUG ((EFI_D_ERROR, "SdEraseBlocks(): Lba 0x%x BlkNo 0x%x Event %p with %r\n", Lba, BlockNum, Token->Event, Status));

Either Token can never be NULL and the sanity check on line 1349 is not required, or Token can potentially be NULL in which case a null pointer dereference occurs when accessing Token->Event.

[tianocore-issues]

Comment 10274

Date: 2019-11-01 02:57:43 +0000
From: nobody <>

Shenglei: please check it.

[tianocore-issues]

Comment 11325

Date: 2020-02-19 22:23:03 +0000
From: shenglei.zhang

Liming will take it.

[tianocore-issues]

Comment 11336

Date: 2020-02-20 09:35:27 +0000
From: nobody <>

Guomin will check it.

[tianocore-issues]

Comment 11523

Date: 2020-03-04 04:57:29 +0000
From: newexplorerj

Have comment at https://edk2.groups.io/g/devel/message/55377, waiting for reviewing.

[tianocore-issues]

Comment 11868

Date: 2020-03-26 21:58:58 +0000
From: guomin.jiang

Fixed in 695d90b