ArmPkg/Drivers/CpuDxe: Check integer before conversion

GetNextEntryAttribute() assigns a 64-bit integer to 32-bit integers. This change checks that the value fits in a 32-bit integer and fixes the following Visual Studio compiler warning: '=': conversion from 'UINT64' to 'UINT32', possible loss of data Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
microsoft · Nov 17, 2023 · f8bea42 · f8bea42
1 parent 3e5f1f8
commit f8bea42
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
@@ -11,6 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 --*/
 
 #include <Library/MemoryAllocationLib.h>
+#include <Library/SafeIntLib.h>         // MU_CHANGE: Convert integers safely
+#include <Chipset/AArch64Mmu.h>         // MU_CHANGE: Include header used in file
 #include "CpuDxe.h"
 
 #define INVALID_ENTRY  ((UINT32)~0)
@@ -148,17 +150,34 @@ GetNextEntryAttribute (
   // Get the memory space map from GCD
   MemorySpaceMap = NULL;
   Status         = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemorySpaceMap);
-  ASSERT_EFI_ERROR (Status);
+  // MU_CHANGE [BEGIN]: Check if the memory space map is valid
+  if (EFI_ERROR (Status)) {
+    // This function needs to define what is returned when an error occurs.
+    // Callers need to actually check the return value and add error handling.
+    ASSERT_EFI_ERROR (Status);
+    return 0;
+  }
+
+  // MU_CHANGE [END]: Check if the memory space map is valid
 
   // We cannot get more than 3-level page table
   ASSERT (TableLevel <= 3);
 
   // While the top level table might not contain TT_ENTRY_COUNT entries;
   // the subsequent ones should be filled up
   for (Index = 0; Index < EntryCount; Index++) {
-    Entry          = TableAddress[Index];
-    EntryType      = Entry & TT_TYPE_MASK;
-    EntryAttribute = Entry & TT_ATTRIBUTES_MASK;  // MU_CHANGE: Return all attributes from page table
+    Entry = TableAddress[Index];
+
+    // MU_CHANGE [BEGIN]: Convert integers safely
+    Status = SafeUint64ToUint32 (Entry, &EntryType);
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "[%a] - Table address entry exceeds 32-bit.\n", __func__));
+      return 0;
+    }
+
+    EntryAttribute = EntryType & TT_ATTRIBUTES_MASK;  // MU_CHANGE: Return all attributes from page table
+    EntryType     &= TT_TYPE_MASK;
+    // MU_CHANGE [END]: Convert integers safely
 
     // If Entry is a Table Descriptor type entry then go through the sub-level table
     if ((EntryType == TT_TYPE_BLOCK_ENTRY) ||

diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
@@ -50,6 +50,7 @@
   HobLib
   MemoryAllocationLib
   PeCoffGetEntryPointLib
+  SafeIntLib                # MU_CHANGE: Convert integers safely
   UefiDriverEntryPoint
   UefiLib
   DxeMemoryProtectionHobLib # MU_CHANGE