<div>The function NotifyPhase has a check</div> <div> </div> <div> ASSERT (Index < TypeMax);</div> <div> </div> <div>but this comes into play only in DEBUG mode. In Release mode, there is</div> <div>no handling if the Index value is within array limits or not. If for</div> <div>whatever reasons, the Index does not get re-assigned to Index2 at line</div> <div>137, then it remains at TypeMax as assigned earlier at line 929. This</div> <div>poses array overrun risk at lines 942 and 943. It is better to deploy</div> <div>a safety check before line 942 as</div> <div> </div> <div> if (Index >= TypeMax) {</div> <div> continue;</div> <div> }</div> <div> </div> <div>The function SubmitResources has a switch-case code in which the</div> <div>case ACPI_ADDRESS_SPACE_TYPE_MEM: which falls through to</div> <div>case ACPI_ADDRESS_SPACE_TYPE_IO: if there is no scenario of</div> <div>return EFI_INVALID_PARAMETER;</div> <div> </div> <div>While this may be intentional, it is not evident to any general code</div> <div>reader as well as any static analyzer tool. Just adding</div> <div> </div> <div>// No break; here as this is an intentional fallthrough.</div> <div> </div> <div>as comment in between makes any reader as well as Coverity happy.</div> <div> </div> <div>REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4212</div> <div>Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com></div> <div>---</div> <div> MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c | 9 +++++++++</div> <div> 1 file changed, 9 insertions(+)</div> <div> </div> <div>diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c</div> <div>index b20bcd310a..83f1ad450f 100644</div> <div>--- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c</div> <div>+++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c</div> <div>@@ -939,6 +939,11 @@ NotifyPhase (</div> <div> }</div> <div> </div> <div> ASSERT (Index < TypeMax);</div> <div>+</div> <div>+ if (Index >= TypeMax) {</div> <div>+ continue;</div> <div>+ }</div> <div>+</div> <div> ResNodeHandled[Index] = TRUE;</div> <div> Alignment = RootBridge->ResAllocNode[Index].Alignment;</div> <div> BitsOfAlignment = LowBitSet64 (Alignment + 1);</div> <div>@@ -1526,6 +1531,10 @@ SubmitResources (</div> <div> return EFI_INVALID_PARAMETER;</div> <div> }</div> <div> </div> <div>+ //</div> <div>+ // No break; here as this is an intentional fall through.</div> <div>+ //</div> <div>+</div> <div> case ACPI_ADDRESS_SPACE_TYPE_IO:</div> <div> //</div> <div> // Check aligment, it should be of the form 2^n-1</div> <div>--</div> <div>2.36.1.windows.1</div> <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/97917">View/Reply Online (#97917)</a> | | <a target="_blank" href="https://groups.io/mt/96046026/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>