[edk2-devel] [PATCH] EmbeddedPkg/NonCoherentDmaLib: avoid dereferencing bogus buffer address
Ard Biesheuvel
ard.biesheuvel at arm.com
Wed Jun 17 15:38:24 UTC 2020
The bounce buffering code in NonCoherentDmaLib copies data into the
bounce buffer using CopyMem(), but passes Map->HostAddress as the
source of the copy before it has been assigned its correct value.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel at arm.com>
---
EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c
index 115345765435..9c8ef5bfb533 100644
--- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c
+++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c
@@ -225,8 +225,7 @@ DmaMap (
}
if (Map->Operation == MapOperationBusMasterRead) {
- CopyMem (Map->BufferAddress, (VOID *)(UINTN)Map->HostAddress,
- *NumberOfBytes);
+ CopyMem (Map->BufferAddress, (VOID *)(UINTN)HostAddress, *NumberOfBytes);
}
mCpu->FlushDataCache (mCpu, (UINTN)Map->BufferAddress, AllocSize,
EfiCpuFlushTypeWriteBack);
--
2.27.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#61421): https://edk2.groups.io/g/devel/message/61421
Mute This Topic: https://groups.io/mt/74939973/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list