From nobody Thu May 2 19:24:29 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1505179971406407.52632121509237; Mon, 11 Sep 2017 18:32:51 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id BB61521CEB11A; Mon, 11 Sep 2017 18:29:53 -0700 (PDT) Received: from mail.zytor.com (terminus.zytor.com [65.50.211.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id F135C2007D1EB for ; Mon, 11 Sep 2017 18:29:52 -0700 (PDT) Received: from localhost.localdomain ([IPv6:2804:7f4:c480:d1ee:0:0:0:2]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id v8C1UTXl010231 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 11 Sep 2017 18:30:32 -0700 X-Original-To: edk2-devel@lists.01.org From: Paulo Alcantara To: edk2-devel@lists.01.org Date: Mon, 11 Sep 2017 22:30:23 -0300 Message-Id: <547dab7a7ae9ccf165e24c82134c911dc626d161.1505179788.git.pcacjr@zytor.com> X-Mailer: git-send-email 2.11.0 Subject: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Eric Dong , Laszlo Ersek , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D704 For root directory, the FID (File Identifier Descriptor) pointer is accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root directory and regular files, their FIDs are accessible through PRIVATE_UDF_FILE_DATA.File. In UdfSetPosition(), the FID was retrieved through PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory, PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and then dereferenced. This patch fixes the NULL pointer dereference by calling _FILE() to transparently return the correct UDF_FILE_INFO * which points to a valid FID descriptor of a specific file. Cc: Star Zeng Cc: Eric Dong Cc: Ruiyu Ni Cc: Laszlo Ersek Cc: Steven Shi Contributed-under: TianoCore Contribution Agreement 1.1 Reported-by: Steven Shi Signed-off-by: Paulo Alcantara Reviewed-by: Laszlo Ersek Reviewed-by: Star Zeng and pushed at 11b4463e096523fe= 03ac840472d483652ae93904. --- MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Unive= rsal/Disk/UdfDxe/File.c index 8b9339567f..a1eb2196df 100644 --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c @@ -690,7 +690,8 @@ UdfSetPosition ( =20 PrivFileData =3D PRIVATE_UDF_FILE_DATA_FROM_THIS (This); =20 - FileIdentifierDesc =3D PrivFileData->File.FileIdentifierDesc; + FileIdentifierDesc =3D _FILE (PrivFileData)->FileIdentifierDesc; + ASSERT (FileIdentifierDesc !=3D NULL); if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { // // If the file handle is a directory, the _only_ position that may be = set is --=20 2.11.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel