git: 23605a8e5124 - main - loader.efi: efi_redirect_exceptions does use uninitialized pointer

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Toomas Soome <tsoome_at_FreeBSD.org>
Date: Sat, 21 Feb 2026 15:29:25 UTC

The branch main has been updated by tsoome:

URL: https://cgit.FreeBSD.org/src/commit/?id=23605a8e5124dcbd27aa3a8bfbca20ee2b179361

commit 23605a8e5124dcbd27aa3a8bfbca20ee2b179361
Author:     Toomas Soome <tsoome@FreeBSD.org>
AuthorDate: 2026-02-21 15:27:35 +0000
Commit:     Toomas Soome <tsoome@FreeBSD.org>
CommitDate: 2026-02-21 15:27:35 +0000

    loader.efi: efi_redirect_exceptions does use uninitialized pointer
    
    loader_idt.rd_base is not set when we are attempting to bcopy(),
    resulting to data stored to page 0 and therefore corrupting it.
    
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D55180
---
 stand/efi/loader/arch/amd64/trap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/stand/efi/loader/arch/amd64/trap.c b/stand/efi/loader/arch/amd64/trap.c
index ffd84db40a3a..3fe86f7b1924 100644
--- a/stand/efi/loader/arch/amd64/trap.c
+++ b/stand/efi/loader/arch/amd64/trap.c
@@ -266,6 +266,7 @@ efi_redirect_exceptions(void)
 		return (0);
 	}
 	loader_idt.rd_limit = fw_idt.rd_limit;
+	loader_idt.rd_base = lidt_pa;
 	bcopy((void *)fw_idt.rd_base, (void *)loader_idt.rd_base,
 	    loader_idt.rd_limit);
 	bzero(ist_use_table, sizeof(ist_use_table));