From nobody Thu May 16 16:53:15 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+108149+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+108149+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1693414046; cv=none;
	d=zohomail.com; s=zohoarc;
	b=BRR16BoXu3mhqJAuiskNX1439fJLe7lZiKjidVTuvuWDeHplV3JodZiaLDildFIXjP7CHMc2ub1hhTJKoCFKAvOKpa09B9HH3GlzTXdzeM3ZgjqLwhNjWp2Vu3XpgdpXJSim05UUs3nPe7lDyuPOXh051DXsXFYdBxBjoa+yZWA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1693414046;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=EM9vcS24Bweq+EJYABjPnfmAb/CPNyQxrNUtRIjSMN8=;
	b=Ss7Fxwt1RO5y1UtWsR5DqDwwm8GjMNq5Lsf2DJWoZRi1cr9snCGrZWSxyGY1426RC4TYlh2NrpoluE9hQuY1QGmTaqZQoZJ7yMbld4TjognlI2wXV9PF2igZ7GRucgtS6W9Szhd5U8m9urQHKbAICi3IENwDssnzAXFaJH4Pkmw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+108149+1787277+3901457@groups.io;
	dmarc=fail header.from=<nathaniel.l.desimone@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1693414046416535.3318687606894;
 Wed, 30 Aug 2023 09:47:26 -0700 (PDT)
Return-Path: <bounce+27952+108149+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=TAzIUD7Y0tCdtO5ZQdRwJ8jMWJjA0uL8ZQxUtU5UN6E=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1693414046; v=1;
 b=WDPNFPYts/VuB9w/G1bI2IyejWFceNjP2oicZrRYgWckApbSEd72MtWdvXBuABmwLPlzim8S
 NrwCP2BCECUEo24xhtoU05EcyRr0ROqJapWsFMkh/8zg+d503GtpFNMzfXZR52kkYe65EMGHT7r
 4B+UcxUP5Vn3I4d9lZ6Fh91M=
X-Received: by 127.0.0.2 with SMTP id RHhFYY1788612x8XuGeROsXI;
 Wed, 30 Aug 2023 09:47:26 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web11.271.1693414045082315682
 for <devel@edk2.groups.io>;
 Wed, 30 Aug 2023 09:47:25 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10818"; a="355199361"
X-IronPort-AV: E=Sophos;i="6.02,214,1688454000";
   d="scan'208";a="355199361"
X-Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Aug 2023 09:47:24 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10818"; a="688977910"
X-IronPort-AV: E=Sophos;i="6.02,214,1688454000";
   d="scan'208";a="688977910"
X-Received: from nldesimo-desk.amr.corp.intel.com ([10.241.240.243])
  by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Aug 2023 09:47:23 -0700
From: "Nate DeSimone" <nathaniel.l.desimone@intel.com>
To: devel@edk2.groups.io
Cc: Liming Gao <gaoliming@byosoft.com.cn>,
	Jian J Wang <jian.j.wang@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Dandan Bi <dandan.bi@intel.com>
Subject: [edk2-devel] [PATCH v1] MdeModulePkg: Fix memory leak in
 LocateHandleBuffer()
Date: Wed, 30 Aug 2023 09:46:41 -0700
Message-Id: <20230830164641.588-1-nathaniel.l.desimone@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,nathaniel.l.desimone@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: 3QQSqG473Uk0KdLGSq69iwRRx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1693414048359100003
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4543
REF: https://uefi.org/specs/UEFI/2.10/07_Services_Boot_Services.html#efi-bo=
ot-services-locatehandlebuffer

CoreLocateHandleBuffer() can in certain cases, can return
an error and not free an allocated buffer. This scenario
occurs if the first call to InternalCoreLocateHandle()
returns success and the second call returns an error.

On a successful return, LocateHandleBuffer() passes
ownership of the buffer to the caller. However, the UEFI
specification is not explicit about what the expected
ownership of this buffer is in the case of an error.
However, it is heavily implied by the code example given
in section 7.3.15 of v2.10 of the UEFI specificaton that
if LocateHandleBuffer() returns a non-successful status
code then the ownership of the buffer does NOT transfer
to the caller. This code example explicitly refrains from
calling FreePool() if LocateHandleBuffer() returns an
error.

From a practical standpoint, it is logical to assume that
a non-successful status code indicates that no buffer of
handles was ever allocated. Indeed, in most error cases,
LocateHandleBuffer() does not go far enough to get to the
point where a buffer is allocated. Therefore, all existing
users of this API must already be coded to support the case
of a non-successful status code resulting in an invalid
handle buffer being returned. Therefore, this change will
not cause any backwards compatibility issues with existing
code.

In conclusion, this boils down to a fix for a memory leak
that also brings the behavior of our LocateHandleBuffer()
implementation into alignment with the original intentions
of the UEFI specification authors.

Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 MdeModulePkg/Core/Dxe/Hand/Locate.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/Hand/Locate.c b/MdeModulePkg/Core/Dxe/Ha=
nd/Locate.c
index a29010a545..8f20c6332d 100644
--- a/MdeModulePkg/Core/Dxe/Hand/Locate.c
+++ b/MdeModulePkg/Core/Dxe/Hand/Locate.c
@@ -1,7 +1,7 @@
 /** @file
   Locate handle functions
=20
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
=20
 **/
@@ -730,6 +730,10 @@ CoreLocateHandleBuffer (
   *NumberHandles =3D BufferSize / sizeof (EFI_HANDLE);
   if (EFI_ERROR (Status)) {
     *NumberHandles =3D 0;
+    if (*Buffer !=3D NULL) {
+      CoreFreePool (*Buffer);
+      *Buffer =3D NULL;
+    }
   }
=20
   CoreReleaseProtocolLock ();
--=20
2.34.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108149): https://edk2.groups.io/g/devel/message/108149
Mute This Topic: https://groups.io/mt/101056724/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-