From nobody Thu May 9 07:40:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94847+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94847+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1665305750; cv=none; d=zohomail.com; s=zohoarc; b=DIA7v7pn3/a6PPFQQworEfk7Vgh3OotmfTvJeJif7G0ywHgiE1PwmRADpwNwVJ4HQtVQlRFZN+ty7ci6KdnKR2NKvpyY6BIgONlyjZip5rIYOeRuNUX3al8qUCX8voocxIoKapcpk0gMGl7ipbiVYt4P+vs8JH3klJwvw1sa00o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665305750; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=v4AlhOPXpkzg7eVFPdOuadAanpldom8UhctXhnxpSi0=; b=PTAiXn2X5KR+H88OdIdlA+YI/iHwzKr7VYW+Vjoe/+3toPXiCSYnz6euIoE5875JsRuNPFQODCUUCpLlOy3pFS7LyZqW+/X/14Us+RZpAlHH9d8g5PbhkVJ3+nbDQ4pySzxnpeLL9Hwh0/dsOOmSSHri4ODiMqF9El/CY2uM8qs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94847+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1665305749925807.0038704500453; Sun, 9 Oct 2022 01:55:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KkFqYY1788612xdUYVkAP55r; Sun, 09 Oct 2022 01:55:49 -0700 X-Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by mx.groups.io with SMTP id smtpd.web12.834.1665305748293072304 for ; Sun, 09 Oct 2022 01:55:49 -0700 X-Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4MlbRc4T57zrS7l; Sun, 9 Oct 2022 16:53:16 +0800 (CST) X-Received: from kwepemm600004.china.huawei.com (7.193.23.242) by dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 16:55:45 +0800 X-Received: from kwephisprg16640.huawei.com (10.247.83.252) by kwepemm600004.china.huawei.com (7.193.23.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 9 Oct 2022 16:55:44 +0800 From: "wenyi,xie via groups.io" To: , , , CC: , Subject: [edk2-devel] [PATCH EDK2 v1 1/1] MdePkg/UefiDevicePathLib:Add NULL point check Date: Sun, 9 Oct 2022 16:55:30 +0800 Message-ID: <20221009085530.2443273-2-xiewenyi2@huawei.com> In-Reply-To: <20221009085530.2443273-1-xiewenyi2@huawei.com> References: <20221009085530.2443273-1-xiewenyi2@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.247.83.252] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemm600004.china.huawei.com (7.193.23.242) X-CFilter-Loop: Reflected Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,xiewenyi2@huawei.com X-Gm-Message-State: nrqLc3AVXJRvhmC8xdeGhkvex1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1665305749; bh=M5F/IOPeNx80IYSlU73Obcv1qfPE8ewB5+3jGfIZD/s=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=PcaqzBieUz1/bNFaYA0+7fyXT16lSgPjgbIlf/+DUVnfWXUxISnrmGzy/LwRpTf+O40 i8T3732U1VJvjQklyrCi4JREJbzvLc7QuB5DL+YnaJN5A7DR7cdkLKCZMd3ERY03bW5WT Y9a0zUcC36oAfGJzFVpGmMrE9+EPr7DTm8c= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1665305750392100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4060 Function CreateDeviceNode may return NULL point when NodeLength is smaller than a device path header or there is not enough memory to allocate. But after calling CreateDeviceNode, the pointer is dereferenced without checking its value. So is it nessary to check the value of point before using. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Wenyi Xie --- MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c | 240 ++++++++++++++= ++++++ 1 file changed, 240 insertions(+) diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c b/MdePkg= /Library/UefiDevicePathLib/DevicePathFromText.c index 1aaa968d6fb5..702b4ad74b30 100644 --- a/MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c +++ b/MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c @@ -388,6 +388,10 @@ DevPathFromTextGenericPath ( (UINT16)(sizeof (EFI_DEVICE_PATH_PROTOCOL) + DataLength) ); =20 + if (Node =3D=3D NULL) { + return NULL; + } + StrHexToBytes (DataStr, DataLength * 2, (UINT8 *)(Node + 1), DataLength); return Node; } @@ -453,6 +457,10 @@ DevPathFromTextPci ( (UINT16)sizeof (PCI_DEVICE_PATH) ); =20 + if (Pci =3D=3D NULL) { + return NULL; + } + Pci->Function =3D (UINT8)Strtoi (FunctionStr); Pci->Device =3D (UINT8)Strtoi (DeviceStr); =20 @@ -482,6 +490,10 @@ DevPathFromTextPcCard ( (UINT16)sizeof (PCCARD_DEVIC= E_PATH) ); =20 + if (Pccard =3D=3D NULL) { + return NULL; + } + Pccard->FunctionNumber =3D (UINT8)Strtoi (FunctionNumberStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Pccard; @@ -514,6 +526,10 @@ DevPathFromTextMemoryMapped ( (UINT16)sizeof (MEMMAP_DEVI= CE_PATH) ); =20 + if (MemMap =3D=3D NULL) { + return NULL; + } + MemMap->MemoryType =3D (UINT32)Strtoi (MemoryTypeStr); Strtoi64 (StartingAddressStr, &MemMap->StartingAddress); Strtoi64 (EndingAddressStr, &MemMap->EndingAddress); @@ -559,6 +575,10 @@ ConvertFromTextVendor ( (UINT16)(sizeof (VENDOR_DEVICE_PATH) + = Length) ); =20 + if (Vendor =3D=3D NULL) { + return NULL; + } + StrToGuid (GuidStr, &Vendor->Guid); StrHexToBytes (DataStr, Length * 2, (UINT8 *)(Vendor + 1), Length); =20 @@ -607,6 +627,11 @@ DevPathFromTextCtrl ( HW_CONTROLLER_DP, (UINT16)sizeof (CONTROLLER_D= EVICE_PATH) ); + + if (Controller =3D=3D NULL) { + return NULL; + } + Controller->ControllerNumber =3D (UINT32)Strtoi (ControllerStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Controller; @@ -637,6 +662,10 @@ DevPathFromTextBmc ( (UINT16)sizeof (BMC_DEVICE_PATH) ); =20 + if (BmcDp =3D=3D NULL) { + return NULL; + } + BmcDp->InterfaceType =3D (UINT8)Strtoi (InterfaceTypeStr); WriteUnaligned64 ( (UINT64 *)(&BmcDp->BaseAddress), @@ -706,6 +735,10 @@ DevPathFromTextAcpi ( (UINT16)sizeof (ACPI_HID_DEVICE_PATH) ); =20 + if (Acpi =3D=3D NULL) { + return NULL; + } + Acpi->HID =3D EisaIdFromText (HIDStr); Acpi->UID =3D (UINT32)Strtoi (UIDStr); =20 @@ -737,6 +770,10 @@ ConvertFromTextAcpi ( (UINT16)sizeof (ACPI_HID_DEVICE_PATH) ); =20 + if (Acpi =3D=3D NULL) { + return NULL; + } + Acpi->HID =3D EFI_PNP_ID (PnPId); Acpi->UID =3D (UINT32)Strtoi (UIDStr); =20 @@ -878,6 +915,10 @@ DevPathFromTextAcpiEx ( Length ); =20 + if (AcpiEx =3D=3D NULL) { + return NULL; + } + AcpiEx->HID =3D EisaIdFromText (HIDStr); AcpiEx->CID =3D EisaIdFromText (CIDStr); AcpiEx->UID =3D (UINT32)Strtoi (UIDStr); @@ -920,6 +961,10 @@ DevPathFromTextAcpiExp ( Length ); =20 + if (AcpiEx =3D=3D NULL) { + return NULL; + } + AcpiEx->HID =3D EisaIdFromText (HIDStr); // // According to UEFI spec, the CID parametr is optional and has a defaul= t value of 0. @@ -1040,6 +1085,10 @@ DevPathFromTextAta ( (UINT16)sizeof (ATAPI_DEVICE_PATH) ); =20 + if (Atapi =3D=3D NULL) { + return NULL; + } + PrimarySecondaryStr =3D GetNextParamStr (&TextDeviceNode); SlaveMasterStr =3D GetNextParamStr (&TextDeviceNode); LunStr =3D GetNextParamStr (&TextDeviceNode); @@ -1090,6 +1139,10 @@ DevPathFromTextScsi ( (UINT16)sizeof (SCSI_DEVICE_PATH) ); =20 + if (Scsi =3D=3D NULL) { + return NULL; + } + Scsi->Pun =3D (UINT16)Strtoi (PunStr); Scsi->Lun =3D (UINT16)Strtoi (LunStr); =20 @@ -1121,6 +1174,10 @@ DevPathFromTextFibre ( (UINT16)sizeof (FIBRECHANNEL_DEVI= CE_PATH) ); =20 + if (Fibre =3D=3D NULL) { + return NULL; + } + Fibre->Reserved =3D 0; Strtoi64 (WWNStr, &Fibre->WWN); Strtoi64 (LunStr, &Fibre->Lun); @@ -1153,6 +1210,10 @@ DevPathFromTextFibreEx ( (UINT16)sizeof (FIBRECHANNELEX= _DEVICE_PATH) ); =20 + if (FibreEx =3D=3D NULL) { + return NULL; + } + FibreEx->Reserved =3D 0; Strtoi64 (WWNStr, (UINT64 *)(&FibreEx->WWN)); Strtoi64 (LunStr, (UINT64 *)(&FibreEx->Lun)); @@ -1186,6 +1247,10 @@ DevPathFromText1394 ( (UINT16)sizeof (F1394_DEVICE_PATH) ); =20 + if (F1394DevPath =3D=3D NULL) { + return NULL; + } + F1394DevPath->Reserved =3D 0; F1394DevPath->Guid =3D StrHexToUint64 (GuidStr); =20 @@ -1217,6 +1282,10 @@ DevPathFromTextUsb ( (UINT16)sizeof (USB_DEVICE_PATH) ); =20 + if (Usb =3D=3D NULL) { + return NULL; + } + Usb->ParentPortNumber =3D (UINT8)Strtoi (PortStr); Usb->InterfaceNumber =3D (UINT8)Strtoi (InterfaceStr); =20 @@ -1246,6 +1315,10 @@ DevPathFromTextI2O ( (UINT16)sizeof (I2O_DEVICE_PATH) ); =20 + if (I2ODevPath =3D=3D NULL) { + return NULL; + } + I2ODevPath->Tid =3D (UINT32)Strtoi (TIDStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)I2ODevPath; @@ -1282,6 +1355,10 @@ DevPathFromTextInfiniband ( (UINT16)sizeof (INFINIBAND_DEVI= CE_PATH) ); =20 + if (InfiniBand =3D=3D NULL) { + return NULL; + } + InfiniBand->ResourceFlags =3D (UINT32)Strtoi (FlagsStr); StrToGuid (GuidStr, (EFI_GUID *)InfiniBand->PortGid); Strtoi64 (SidStr, &InfiniBand->ServiceId); @@ -1331,6 +1408,11 @@ DevPathFromTextVenPcAnsi ( MSG_VENDOR_DP, (UINT16)sizeof (VENDOR_DEVICE_PATH) ); + + if (Vendor =3D=3D NULL) { + return NULL; + } + CopyGuid (&Vendor->Guid, &gEfiPcAnsiGuid); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vendor; @@ -1356,6 +1438,11 @@ DevPathFromTextVenVt100 ( MSG_VENDOR_DP, (UINT16)sizeof (VENDOR_DEVICE_PATH) ); + + if (Vendor =3D=3D NULL) { + return NULL; + } + CopyGuid (&Vendor->Guid, &gEfiVT100Guid); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vendor; @@ -1381,6 +1468,11 @@ DevPathFromTextVenVt100Plus ( MSG_VENDOR_DP, (UINT16)sizeof (VENDOR_DEVICE_PATH) ); + + if (Vendor =3D=3D NULL) { + return NULL; + } + CopyGuid (&Vendor->Guid, &gEfiVT100PlusGuid); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vendor; @@ -1406,6 +1498,11 @@ DevPathFromTextVenUtf8 ( MSG_VENDOR_DP, (UINT16)sizeof (VENDOR_DEVICE_PATH) ); + + if (Vendor =3D=3D NULL) { + return NULL; + } + CopyGuid (&Vendor->Guid, &gEfiVTUTF8Guid); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vendor; @@ -1434,6 +1531,10 @@ DevPathFromTextUartFlowCtrl ( (UINT16)sizeof (UAR= T_FLOW_CONTROL_DEVICE_PATH) ); =20 + if (UartFlowControl =3D=3D NULL) { + return NULL; + } + CopyGuid (&UartFlowControl->Guid, &gEfiUartDevicePathGuid); if (StrCmp (ValueStr, L"XonXoff") =3D=3D 0) { UartFlowControl->FlowControlMap =3D 2; @@ -1485,6 +1586,10 @@ DevPathFromTextSAS ( (UINT16)sizeof (SAS_DEVICE_PATH) ); =20 + if (Sas =3D=3D NULL) { + return NULL; + } + CopyGuid (&Sas->Guid, &gEfiSasDevicePathGuid); Strtoi64 (AddressStr, &Sas->SasAddress); Strtoi64 (LunStr, &Sas->Lun); @@ -1580,6 +1685,10 @@ DevPathFromTextSasEx ( (UINT16)sizeof (SASEX_DEVICE_PATH) ); =20 + if (SasEx =3D=3D NULL) { + return NULL; + } + Strtoi64 (AddressStr, &SasAddress); Strtoi64 (LunStr, &Lun); WriteUnaligned64 ((UINT64 *)&SasEx->SasAddress, SwapBytes64 (SasAddress)= ); @@ -1663,6 +1772,10 @@ DevPathFromTextNVMe ( (UINT16)sizeof (NVME_= NAMESPACE_DEVICE_PATH) ); =20 + if (Nvme =3D=3D NULL) { + return NULL; + } + Nvme->NamespaceId =3D (UINT32)Strtoi (NamespaceIdStr); Uuid =3D (UINT8 *)&Nvme->NamespaceUuid; =20 @@ -1699,6 +1812,10 @@ DevPathFromTextUfs ( (UINT16)sizeof (UFS_DEVICE_PATH) ); =20 + if (Ufs =3D=3D NULL) { + return NULL; + } + Ufs->Pun =3D (UINT8)Strtoi (PunStr); Ufs->Lun =3D (UINT8)Strtoi (LunStr); =20 @@ -1728,6 +1845,10 @@ DevPathFromTextSd ( (UINT16)sizeof (SD_DEVICE_PATH) ); =20 + if (Sd =3D=3D NULL) { + return NULL; + } + Sd->SlotNumber =3D (UINT8)Strtoi (SlotNumberStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Sd; @@ -1756,6 +1877,10 @@ DevPathFromTextEmmc ( (UINT16)sizeof (EMMC_DEVICE_PATH) ); =20 + if (Emmc =3D=3D NULL) { + return NULL; + } + Emmc->SlotNumber =3D (UINT8)Strtoi (SlotNumberStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Emmc; @@ -1782,6 +1907,10 @@ DevPathFromTextDebugPort ( (UINT16)sizeof (VENDOR_DEVICE_PATH) ); =20 + if (Vend =3D=3D NULL) { + return NULL; + } + CopyGuid (&Vend->Guid, &gEfiDebugPortProtocolGuid); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vend; @@ -1813,6 +1942,10 @@ DevPathFromTextMAC ( (UINT16)sizeof (MAC_ADDR_DEVICE_P= ATH) ); =20 + if (MACDevPath =3D=3D NULL) { + return NULL; + } + MACDevPath->IfType =3D (UINT8)Strtoi (IfTypeStr); =20 Length =3D sizeof (EFI_MAC_ADDRESS); @@ -1882,6 +2015,10 @@ DevPathFromTextIPv4 ( (UINT16)sizeof (IPv4_DEVICE_PATH) ); =20 + if (IPv4 =3D=3D NULL) { + return NULL; + } + StrToIpv4Address (RemoteIPStr, NULL, &IPv4->RemoteIpAddress, NULL); IPv4->Protocol =3D (UINT16)NetworkProtocolFromText (ProtocolStr); if (StrCmp (TypeStr, L"Static") =3D=3D 0) { @@ -1938,6 +2075,10 @@ DevPathFromTextIPv6 ( (UINT16)sizeof (IPv6_DEVICE_PATH) ); =20 + if (IPv6 =3D=3D NULL) { + return NULL; + } + StrToIpv6Address (RemoteIPStr, NULL, &IPv6->RemoteIpAddress, NULL); IPv6->Protocol =3D (UINT16)NetworkProtocolFromText (ProtocolStr); if (StrCmp (TypeStr, L"Static") =3D=3D 0) { @@ -1992,6 +2133,10 @@ DevPathFromTextUart ( (UINT16)sizeof (UART_DEVICE_PATH) ); =20 + if (Uart =3D=3D NULL) { + return NULL; + } + if (StrCmp (BaudStr, L"DEFAULT") =3D=3D 0) { Uart->BaudRate =3D 115200; } else { @@ -2072,6 +2217,10 @@ ConvertFromTextUsbClass ( (UINT16)sizeof (USB_CLASS_DEVICE_P= ATH) ); =20 + if (UsbClass =3D=3D NULL) { + return NULL; + } + VIDStr =3D GetNextParamStr (&TextDeviceNode); PIDStr =3D GetNextParamStr (&TextDeviceNode); if (UsbClassText->ClassExist) { @@ -2513,6 +2662,11 @@ DevPathFromTextUsbWwid ( MSG_USB_WWID_DP, (UINT16)(sizeof (USB_WWID_DEVICE_PAT= H) + SerialNumberStrLen * sizeof (CHAR16)) ); + + if (UsbWwid =3D=3D NULL) { + return NULL; + } + UsbWwid->VendorId =3D (UINT16)Strtoi (VIDStr); UsbWwid->ProductId =3D (UINT16)Strtoi (PIDStr); UsbWwid->InterfaceNumber =3D (UINT16)Strtoi (InterfaceNumStr); @@ -2553,6 +2707,10 @@ DevPathFromTextUnit ( (UINT16)sizeof (DEVIC= E_LOGICAL_UNIT_DEVICE_PATH) ); =20 + if (LogicalUnit =3D=3D NULL) { + return NULL; + } + LogicalUnit->Lun =3D (UINT8)Strtoi (LunStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)LogicalUnit; @@ -2596,6 +2754,10 @@ DevPathFromTextiSCSI ( (UINT16)(sizeof (IS= CSI_DEVICE_PATH_WITH_NAME) + StrLen (NameStr)) ); =20 + if (ISCSIDevPath =3D=3D NULL) { + return NULL; + } + AsciiStr =3D ISCSIDevPath->TargetName; StrToAscii (NameStr, &AsciiStr); =20 @@ -2657,6 +2819,10 @@ DevPathFromTextVlan ( (UINT16)sizeof (VLAN_DEVICE_PATH) ); =20 + if (Vlan =3D=3D NULL) { + return NULL; + } + Vlan->VlanId =3D (UINT16)Strtoi (VlanStr); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Vlan; @@ -2684,6 +2850,11 @@ DevPathFromTextBluetooth ( MSG_BLUETOOTH_DP, (UINT16)sizeof (BLUETOOTH_DEVI= CE_PATH) ); + + if (BluetoothDp =3D=3D NULL) { + return NULL; + } + StrHexToBytes ( BluetoothStr, sizeof (BLUETOOTH_ADDRESS) * 2, @@ -2718,6 +2889,10 @@ DevPathFromTextWiFi ( (UINT16)sizeof (WIFI_DEVICE_PATH) ); =20 + if (WiFiDp =3D=3D NULL) { + return NULL; + } + if (NULL !=3D SSIdStr) { DataLen =3D StrLen (SSIdStr); if (StrLen (SSIdStr) > 32) { @@ -2757,6 +2932,10 @@ DevPathFromTextBluetoothLE ( (UINT16)sizeof (B= LUETOOTH_LE_DEVICE_PATH) ); =20 + if (BluetoothLeDp =3D=3D NULL) { + return NULL; + } + BluetoothLeDp->Address.Type =3D (UINT8)Strtoi (BluetoothLeAddrTypeStr); StrHexToBytes ( BluetoothLeAddrStr, @@ -2883,6 +3062,10 @@ DevPathFromTextUri ( (UINT16)(sizeof (URI_DEVICE_PATH) + Uri= Length) ); =20 + if (Uri =3D=3D NULL) { + return NULL; + } + while (UriLength-- !=3D 0) { Uri->Uri[UriLength] =3D (CHAR8)UriStr[UriLength]; } @@ -2938,6 +3121,10 @@ DevPathFromTextHD ( (UINT16)sizeof (HARDDRIVE_DEVI= CE_PATH) ); =20 + if (Hd =3D=3D NULL) { + return NULL; + } + Hd->PartitionNumber =3D (UINT32)Strtoi (PartitionStr); =20 ZeroMem (Hd->Signature, 16); @@ -2991,6 +3178,10 @@ DevPathFromTextCDROM ( (UINT16)sizeof (CDROM_DEVICE_PATH) ); =20 + if (CDROMDevPath =3D=3D NULL) { + return NULL; + } + CDROMDevPath->BootEntry =3D (UINT32)Strtoi (EntryStr); Strtoi64 (StartStr, &CDROMDevPath->PartitionStart); Strtoi64 (SizeStr, &CDROMDevPath->PartitionSize); @@ -3039,6 +3230,10 @@ DevPathFromTextFilePath ( (UINT16)(sizeof (FILEPATH_DEVICE_PATH) = + StrLen (TextDeviceNode) * 2) ); =20 + if (File =3D=3D NULL) { + return NULL; + } + StrCpyS (File->PathName, StrLen (TextDeviceNode) + 1, TextDeviceNode); =20 return (EFI_DEVICE_PATH_PROTOCOL *)File; @@ -3067,6 +3262,10 @@ DevPathFromTextMedia ( (UINT16)sizeof (MEDIA_PROTOCOL= _DEVICE_PATH) ); =20 + if (Media =3D=3D NULL) { + return NULL; + } + StrToGuid (GuidStr, &Media->Protocol); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Media; @@ -3095,6 +3294,10 @@ DevPathFromTextFv ( (UINT16)sizeof (MEDIA_FW_VOL_DEV= ICE_PATH) ); =20 + if (Fv =3D=3D NULL) { + return NULL; + } + StrToGuid (GuidStr, &Fv->FvName); =20 return (EFI_DEVICE_PATH_PROTOCOL *)Fv; @@ -3123,6 +3326,10 @@ DevPathFromTextFvFile ( (UINT16)sizeof (MEDIA_F= W_VOL_FILEPATH_DEVICE_PATH) ); =20 + if (FvFile =3D=3D NULL) { + return NULL; + } + StrToGuid (GuidStr, &FvFile->FvFileName); =20 return (EFI_DEVICE_PATH_PROTOCOL *)FvFile; @@ -3153,6 +3360,10 @@ DevPathFromTextRelativeOffsetRange ( (UINT16= )sizeof (MEDIA_RELATIVE_OFFSET_RANGE_DEVICE_PATH) ); =20 + if (Offset =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingOffsetStr, &Offset->StartingOffset); Strtoi64 (EndingOffsetStr, &Offset->EndingOffset); =20 @@ -3190,6 +3401,10 @@ DevPathFromTextRamDisk ( (UINT16)sizeof (MEDIA_= RAM_DISK_DEVICE_PATH) ); =20 + if (RamDisk =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingAddrStr, &StartingAddr); WriteUnaligned64 ((UINT64 *)&(RamDisk->StartingAddr[0]), StartingAddr); Strtoi64 (EndingAddrStr, &EndingAddr); @@ -3230,6 +3445,10 @@ DevPathFromTextVirtualDisk ( (UINT16)sizeof (MEDIA_RAM_DISK= _DEVICE_PATH) ); =20 + if (RamDisk =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingAddrStr, &StartingAddr); WriteUnaligned64 ((UINT64 *)&(RamDisk->StartingAddr[0]), StartingAddr); Strtoi64 (EndingAddrStr, &EndingAddr); @@ -3270,6 +3489,10 @@ DevPathFromTextVirtualCd ( (UINT16)sizeof (MEDIA_RAM_DISK= _DEVICE_PATH) ); =20 + if (RamDisk =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingAddrStr, &StartingAddr); WriteUnaligned64 ((UINT64 *)&(RamDisk->StartingAddr[0]), StartingAddr); Strtoi64 (EndingAddrStr, &EndingAddr); @@ -3310,6 +3533,10 @@ DevPathFromTextPersistentVirtualDisk ( (UINT16)sizeof (MEDIA_RAM_DISK= _DEVICE_PATH) ); =20 + if (RamDisk =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingAddrStr, &StartingAddr); WriteUnaligned64 ((UINT64 *)&(RamDisk->StartingAddr[0]), StartingAddr); Strtoi64 (EndingAddrStr, &EndingAddr); @@ -3350,6 +3577,10 @@ DevPathFromTextPersistentVirtualCd ( (UINT16)sizeof (MEDIA_RAM_DISK= _DEVICE_PATH) ); =20 + if (RamDisk =3D=3D NULL) { + return NULL; + } + Strtoi64 (StartingAddrStr, &StartingAddr); WriteUnaligned64 ((UINT64 *)&(RamDisk->StartingAddr[0]), StartingAddr); Strtoi64 (EndingAddrStr, &EndingAddr); @@ -3404,6 +3635,10 @@ DevPathFromTextBBS ( (UINT16)(sizeof (BBS_BBS_DEVICE_PATH= ) + StrLen (IdStr)) ); =20 + if (Bbs =3D=3D NULL) { + return NULL; + } + if (StrCmp (TypeStr, L"Floppy") =3D=3D 0) { Bbs->DeviceType =3D BBS_TYPE_FLOPPY; } else if (StrCmp (TypeStr, L"HD") =3D=3D 0) { @@ -3455,6 +3690,11 @@ DevPathFromTextSata ( MSG_SATA_DP, (UINT16)sizeof (SATA_DEVICE_PATH) ); + + if (Sata =3D=3D NULL) { + return NULL; + } + Sata->HBAPortNumber =3D (UINT16)Strtoi (Param1); =20 // --=20 2.20.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94847): https://edk2.groups.io/g/devel/message/94847 Mute This Topic: https://groups.io/mt/94213463/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-