From nobody Sun Feb  8 20:53:27 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+110738+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+110738+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1699257192; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HP0LN/G3kjJicy4NxJdOdDeH15HYJBrOs58gHf8j1uFloRy+OxdnWiTFrwrxElKk9ZiOWhQkXjLeJ47vvhhu7pdugOqq+9JBYJ+gti3QSFA2PLkBd2tid9CT+7jjnbBwqbmummw+qzgbcy0vDBGMnzdcOanFE8FnK697sHC97FY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1699257192;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id;
	bh=iCygg1DVMQcqJCu0MHh/kb9MkxZ3RNlqWsSyrif3gzs=;
	b=CJuL2oLyNqCDX7E2x30BGXPLhir5PwLjjVgole8RRbGNlZ0RiP0J/RDd2jnmiwumi4nRR/z0xtTRYt/zLyPxm/njqXsSN1FkACBHuu3qxt3UrxdM2IR7l7wtl32A60SZpPRmLk/LVxw7wJsdC4HHRwErDE/i3E0x4sheee1pv7U=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+110738+1787277+3901457@groups.io;
	dmarc=fail header.from=<wei6.xu@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 169925719200095.92109760769665;
 Sun, 5 Nov 2023 23:53:12 -0800 (PST)
Return-Path: <bounce+27952+110738+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=cAciaJ/KaZA+GeuOzOA/R20CeGNH+xjGhnj/4jKNn/4=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1699257191; v=1;
 b=ECwuUYowSFYVu7scFzvzUJuu2Fi7S5imnuBaFOn22UIxdvxomH1xX48SKN1H9iCItMDJNmZp
 Ose+V7UFlbR8+2+SiJEPf/0tpN31ICdYaThpfsgH1dB0dHzG0yk1we0RAb2beJRaFYjYthBo0IN
 5yXA3lQ1DgEvjb6p4C5ce4Sw=
X-Received: by 127.0.0.2 with SMTP id gbnMYY1788612xDUtdQfNSqD;
 Sun, 05 Nov 2023 23:53:11 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.49168.1699257184993246575
 for <devel@edk2.groups.io>;
 Sun, 05 Nov 2023 23:53:11 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10885"; a="453535776"
X-IronPort-AV: E=Sophos;i="6.03,280,1694761200";
   d="scan'208";a="453535776"
X-Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Nov 2023 23:53:11 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10885"; a="885824606"
X-IronPort-AV: E=Sophos;i="6.03,280,1694761200";
   d="scan'208";a="885824606"
X-Received: from shpfwdbuild003.ccr.corp.intel.com ([10.239.56.82])
  by orsmga004.jf.intel.com with ESMTP; 05 Nov 2023 23:53:08 -0800
From: "Xu, Wei6" <wei6.xu@intel.com>
To: devel@edk2.groups.io
Cc: Wei6 Xu <wei6.xu@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Ray Ni <ray.ni@intel.com>
Subject: [edk2-devel] [PATCH v4 2/4] StandaloneMmPkg/Core: Fix potential
 memory leak issue
Date: Mon,  6 Nov 2023 15:52:57 +0800
Message-Id: 
 <0fc3e43cd76b1893282f7152faf1d330be9de02c.1699253390.git.wei6.xu@intel.com>
In-Reply-To: <cover.1699253390.git.wei6.xu@intel.com>
References: <cover.1699253390.git.wei6.xu@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,wei6.xu@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: uxjn9LcZY7pbUoAGx2UMcsRgx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1699257193008100001
Content-Type: text/plain; charset="utf-8"

In MmCoreFfsFindMmDriver(),
- ScratchBuffer is not freed in the error return path that DstBuffer page
allocation fails. Free ScratchBuffer before return with error.
- If the decoded buffer is identical to the data in InputSection,
ExtractGuidedSectionDecode() will change the value of DstBuffer rather
than changing the contents of the buffer that DstBuffer points at, in
which case freeing DstBuffer is wrong. Introduce a local variable
AllocatedDstBuffer for buffer free, free AllocatedDstBuffer immediately
if it is not used.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 StandaloneMmPkg/Core/FwVol.c | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/StandaloneMmPkg/Core/FwVol.c b/StandaloneMmPkg/Core/FwVol.c
index e1e20ffd14ac..c3054ef751ed 100644
--- a/StandaloneMmPkg/Core/FwVol.c
+++ b/StandaloneMmPkg/Core/FwVol.c
@@ -84,6 +84,7 @@ MmCoreFfsFindMmDriver (
   UINT32                      DstBufferSize;
   VOID                        *ScratchBuffer;
   UINT32                      ScratchBufferSize;
+  VOID                        *AllocatedDstBuffer;
   VOID                        *DstBuffer;
   UINT16                      SectionAttribute;
   UINT32                      AuthenticationStatus;
@@ -148,25 +149,35 @@ MmCoreFfsFindMmDriver (
     //
     // Allocate destination buffer, extra one page for adjustment
     //
-    DstBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBuff=
erSize));
-    if (DstBuffer =3D=3D NULL) {
+    AllocatedDstBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES=
 (DstBufferSize));
+    if (AllocatedDstBuffer =3D=3D NULL) {
+      FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize));
       return EFI_OUT_OF_RESOURCES;
     }
=20
     //
     // Call decompress function
     //
-    Status =3D ExtractGuidedSectionDecode (
-               Section,
-               &DstBuffer,
-               ScratchBuffer,
-               &AuthenticationStatus
-               );
+    DstBuffer =3D AllocatedDstBuffer;
+    Status    =3D ExtractGuidedSectionDecode (
+                  Section,
+                  &DstBuffer,
+                  ScratchBuffer,
+                  &AuthenticationStatus
+                  );
     FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize));
     if (EFI_ERROR (Status)) {
       goto FreeDstBuffer;
     }
=20
+    //
+    // Free allocated DstBuffer if it is not used
+    //
+    if (DstBuffer !=3D AllocatedDstBuffer) {
+      FreePages (AllocatedDstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+      AllocatedDstBuffer =3D NULL;
+    }
+
     DEBUG ((
       DEBUG_INFO,
       "Processing compressed firmware volume (AuthenticationStatus =3D=3D =
%x)\n",
@@ -210,7 +221,9 @@ MmCoreFfsFindMmDriver (
   return EFI_SUCCESS;
=20
 FreeDstBuffer:
-  FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+  if (AllocatedDstBuffer !=3D NULL) {
+    FreePages (AllocatedDstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+  }
=20
   return Status;
 }
--=20
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110738): https://edk2.groups.io/g/devel/message/110738
Mute This Topic: https://groups.io/mt/102416000/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-