From nobody Mon May 6 23:49:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+39307+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39307+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555609644; cv=none; d=zoho.com; s=zohoarc; b=D8aOaDAb8wgXT8fL2HOuvaHY06BJRCHvu4SQfJQSpFvr2aM9LH9QzAa76wn/YoOwIYq5OkDfbG5LK9S6T7VNPpEbeJVGYnTYqbvgHNs1zW2C9ACUhj7Jrtq8/M7w/pV9tTQjru3jdgMRV5SpSPVCLCAuVR10aUR3sByYX1mWBGw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555609644; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=DyIVbw5g5xrXXsb9kZA67Yu1Gs4cguvUNMO0lNB7yk4=; b=mzadewSPBUpQgepr1Tx8JGFlXnWrpOcYDEgA3QNVl5prl1cyoVVQKywKGWMpELEolNMxJ5eoG6l1jzPMjOV0enz5IPybIv3Zez5RZ8bv9SC6dksZwFeHZTinbdX+kBORyD5v0+joz5JczMEc37+mWBm6jjVd5ryW38v2y5CQnss= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39307+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1555609644755458.249988611414; Thu, 18 Apr 2019 10:47:24 -0700 (PDT) Return-Path: X-Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Apr 2019 10:47:23 -0700 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 65B5764368; Thu, 18 Apr 2019 17:47:23 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D459600C1; Thu, 18 Apr 2019 17:47:22 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Liming Gao , Michael D Kinney Subject: [edk2-devel] [PATCH v2 1/5] MdePkg/PiFirmwareFile: express IS_SECTION2 in terms of SECTION_SIZE Date: Thu, 18 Apr 2019 19:47:06 +0200 Message-Id: <20190418174710.12236-2-lersek@redhat.com> In-Reply-To: <20190418174710.12236-1-lersek@redhat.com> References: <20190418174710.12236-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 18 Apr 2019 17:47:23 +0000 (UTC) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1555609644; bh=MP/UnLaiPDTG6cewATPlXK9/5GE53VnorGYYrW/bRa8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=qZGjkQO5yH9jA0LVotp/vXAtPZdUiQUorE9ZwuRSufAhE+YEdmxvKiWcVtkAJKL95pc NlHSjSSwwGXZ8vdRtp0CET6CU4hCqFfr8vK0y0GLPPOJV3nAzrjEzXWs/agUzVpvgJ4/+ VRyQcSc2M1LKmZ7aJXIs/xikQXt8jg7ar/w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The IS_SECTION2() function-like macro duplicates the SECTION_SIZE() calculation, just to compare the computed size against 0xFFFFFF. Invoke SECTION_SIZE() instead; only preserve the comparison. Cc: Liming Gao Cc: Michael D Kinney Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Signed-off-by: Laszlo Ersek Acked-by: Ard Biesheuvel Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- Notes: v2: =20 - pick up Ard's A-b =20 - pick up Phil's R-b MdePkg/Include/Pi/PiFirmwareFile.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/MdePkg/Include/Pi/PiFirmwareFile.h b/MdePkg/Include/Pi/PiFirmw= areFile.h index 56efabcba3ec..a9f3bcc4eb8e 100644 --- a/MdePkg/Include/Pi/PiFirmwareFile.h +++ b/MdePkg/Include/Pi/PiFirmwareFile.h @@ -480,12 +480,12 @@ typedef struct { CHAR16 VersionString[1]; } EFI_VERSION_SECTION2; =20 -#define IS_SECTION2(SectionHeaderPtr) \ - ((UINT32) (*((UINT32 *) ((EFI_COMMON_SECTION_HEADER *) (UINTN) Section= HeaderPtr)->Size) & 0x00ffffff) =3D=3D 0x00ffffff) - #define SECTION_SIZE(SectionHeaderPtr) \ ((UINT32) (*((UINT32 *) ((EFI_COMMON_SECTION_HEADER *) (UINTN) Section= HeaderPtr)->Size) & 0x00ffffff)) =20 +#define IS_SECTION2(SectionHeaderPtr) \ + (SECTION_SIZE (SectionHeaderPtr) =3D=3D 0x00ffffff) + #define SECTION2_SIZE(SectionHeaderPtr) \ (((EFI_COMMON_SECTION_HEADER2 *) (UINTN) SectionHeaderPtr)->ExtendedSi= ze) =20 --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39307): https://edk2.groups.io/g/devel/message/39307 Mute This Topic: https://groups.io/mt/31233849/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 23:49:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+39308+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39308+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555609647; cv=none; d=zoho.com; s=zohoarc; b=mzndEgVWohhLRk4DXHWCIPNYJch3hVD2H9wE8nLqx7hBM3M226x9L70lMSkgMgSV0/w7vWy26hnnXjQozyLgVY9imxJWWpGat/6gmS/tKehwqjfAYF3ObnDr49uqEZUb/8PAIvdqVbDeMMWG6qvh5oJNYramDgGC6mUHJSnjq8s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555609647; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=knVnSnPSVdFeiBqTQrb0Q5jHR+p4isbYb0q4iJfW1Jg=; b=mR6gBPCXWhkBVs86aXJBuW0+O9g9aCeagMpHwNzMP6xxFqZEIQP49SrnzO57Rutcty662o0WjYBS1F/kHuhu6OZYYhh/6SXErAFKs3NmTGFVSkiV6X1Rj3EXWHwpI08iNbFYCZpvW8W5bP1WENLNaJrcKJnjvDO0Nux5RN7JVN0= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39308+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1555609647289266.20882826318086; Thu, 18 Apr 2019 10:47:27 -0700 (PDT) Return-Path: X-Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Apr 2019 10:47:26 -0700 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D5DE088ABE; Thu, 18 Apr 2019 17:47:25 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179]) by smtp.corp.redhat.com (Postfix) with ESMTP id D086A600C1; Thu, 18 Apr 2019 17:47:24 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Liming Gao , Michael D Kinney Subject: [edk2-devel] [PATCH v2 2/5] MdePkg/PiFirmwareFile: fix undefined behavior in SECTION_SIZE Date: Thu, 18 Apr 2019 19:47:07 +0200 Message-Id: <20190418174710.12236-3-lersek@redhat.com> In-Reply-To: <20190418174710.12236-1-lersek@redhat.com> References: <20190418174710.12236-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 18 Apr 2019 17:47:25 +0000 (UTC) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1555609646; bh=5zUgncPbDW8LFGkQbk0ETOnrwUZLz5qd0VJH23ZsgkA=; h=Cc:Date:From:Reply-To:Subject:To; b=k6ocnTWBS8QcNfO6MxsksAIwAKhHu+qh9g0go/xdTE9T8hVH3oiViQzFxVV7q+V4lLB bDoCd3FTzguqheEJMrZuoDbH0QJi4IY2WFrozKvsxoShcYcJfI9HyhZR3I3vdHUU4pO9/ rP+Tk6z6HpFURVm0St0Y/072zds4aGOldCs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" RH covscan justifiedly reports that accessing "EFI_COMMON_SECTION_HEADER.Size", which is of type UINT8[3], through a (UINT32*), is undefined behavior: > Error: OVERRUN (CWE-119): > edk2-89910a39dcfd/OvmfPkg/Sec/SecMain.c:178: overrun-local: Overrunning > array of 3 bytes at byte offset 3 by dereferencing pointer > "(UINT32 *)((EFI_COMMON_SECTION_HEADER *)(UINTN)Section)->Size". > # 176| Section =3D (EFI_COMMON_SECTION_HEADER*)(UINTN) CurrentAddr= ess; > # 177| > # 178|-> Size =3D SECTION_SIZE (Section); > # 179| if (Size < sizeof (*Section)) { > # 180| return EFI_VOLUME_CORRUPTED; Fix this by accessing the array elements individually. Cc: Liming Gao Cc: Michael D Kinney Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Issue: scan-1007.txt Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: =20 - replace EFI_COMMON_SECTION_HEADER_UNION with individual array element access [Jordan, Phil, Mike] MdePkg/Include/Pi/PiFirmwareFile.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/MdePkg/Include/Pi/PiFirmwareFile.h b/MdePkg/Include/Pi/PiFirmw= areFile.h index a9f3bcc4eb8e..05470538de42 100644 --- a/MdePkg/Include/Pi/PiFirmwareFile.h +++ b/MdePkg/Include/Pi/PiFirmwareFile.h @@ -480,8 +480,15 @@ typedef struct { CHAR16 VersionString[1]; } EFI_VERSION_SECTION2; =20 -#define SECTION_SIZE(SectionHeaderPtr) \ - ((UINT32) (*((UINT32 *) ((EFI_COMMON_SECTION_HEADER *) (UINTN) Section= HeaderPtr)->Size) & 0x00ffffff)) +/// +/// The argument passed as the SectionHeaderPtr parameter to the SECTION_S= IZE() +/// and IS_SECTION2() function-like macros below must not have side effect= s: +/// SectionHeaderPtr is evaluated multiple times. +/// +#define SECTION_SIZE(SectionHeaderPtr) ((UINT32) ( \ + (((EFI_COMMON_SECTION_HEADER *) (UINTN) (SectionHeaderPtr))->Size[0] = ) | \ + (((EFI_COMMON_SECTION_HEADER *) (UINTN) (SectionHeaderPtr))->Size[1] <= < 8) | \ + (((EFI_COMMON_SECTION_HEADER *) (UINTN) (SectionHeaderPtr))->Size[2] <= < 16))) =20 #define IS_SECTION2(SectionHeaderPtr) \ (SECTION_SIZE (SectionHeaderPtr) =3D=3D 0x00ffffff) --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39308): https://edk2.groups.io/g/devel/message/39308 Mute This Topic: https://groups.io/mt/31233850/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 23:49:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+39309+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39309+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555609648; cv=none; d=zoho.com; s=zohoarc; b=cfxPPJcTfCc8/P/PN2yPIzqWLgDhzmYnqIB9a8nI0meEF26SGtLlmse8J4xn75FoVTlNqVn1Gm+AhhbO1IGNIgCLL+Ru1Q+p0PSp1VBG+igsqgNkmg78rcamWVWVA6MubVFQCqeccLw2+731O91FFPWPeBgQayKUuw/NFjdXOis= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555609648; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=fA4Yq2Q0qjwWgOaBX+9OkSLifr5R19IqZmTBXDa9evM=; b=kZ1tO0CMoth80+vghiWTbYHylNMtCjIpluTQmsoQSPBH4e1xQ+aptNMjXfdwEYnKNJCxSIXW2ebIh+AkFb/Gi5udTIC7/MO4J6v7YJthbbD09F1k6bBUKGwbkbFCKbM5mxyToOZTCgayX9lRk8DcGwquQBqzFY8+PpZ5eSnb9UU= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39309+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1555609648673639.4605465878136; Thu, 18 Apr 2019 10:47:28 -0700 (PDT) Return-Path: X-Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Apr 2019 10:47:27 -0700 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 77C4E307DAC8; Thu, 18 Apr 2019 17:47:27 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3CDEF600C1; Thu, 18 Apr 2019 17:47:26 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Bob Feng , Liming Gao , Yonghong Zhu Subject: [edk2-devel] [PATCH v2 3/5] BaseTools/PiFirmwareFile: fix undefined behavior in SECTION_SIZE Date: Thu, 18 Apr 2019 19:47:08 +0200 Message-Id: <20190418174710.12236-4-lersek@redhat.com> In-Reply-To: <20190418174710.12236-1-lersek@redhat.com> References: <20190418174710.12236-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 18 Apr 2019 17:47:27 +0000 (UTC) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1555609648; bh=hCTUE/nBGoWvOCjGTaOgzF1I1ga7QuR2eAC3rnuWIYA=; h=Cc:Date:From:Reply-To:Subject:To; b=rchI+ef6ZUsMRMEWtLA+yagPf5AL3LORmBk73bsY7j5scm8hG3PjWKqD5qjz4KE5+5m QtMEcIFTj5Oy8Anblmwo2NWqsPtH9T5BWwcHWO6R9IbKi/+R527XZoLMyhp44zdlnJwP7 5LP3iVhB0X9DkDGIxe283doqK70RBg5zAMQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Sync SECTION_SIZE() from MdePkg to BaseTools, from an earlier patch in this series. Cc: Bob Feng Cc: Liming Gao Cc: Yonghong Zhu Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Signed-off-by: Laszlo Ersek Reviewed-by: Bob Feng Reviewed-by: Liming Gao Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: =20 - sync with the v2 MdePkg/PiFirmwareFile SECTION_SIZE patch BaseTools/Source/C/Include/Common/PiFirmwareFile.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/BaseTools/Source/C/Include/Common/PiFirmwareFile.h b/BaseTools= /Source/C/Include/Common/PiFirmwareFile.h index 5bc871df4855..7d8acb669b69 100644 --- a/BaseTools/Source/C/Include/Common/PiFirmwareFile.h +++ b/BaseTools/Source/C/Include/Common/PiFirmwareFile.h @@ -300,8 +300,15 @@ typedef struct { CHAR16 VersionString[1]; } EFI_VERSION_SECTION2; =20 -#define SECTION_SIZE(SectionHeaderPtr) \ - ((UINT32) (*((UINT32 *) ((EFI_COMMON_SECTION_HEADER *) SectionHeaderPt= r)->Size) & 0x00ffffff)) +// +// The argument passed as the SectionHeaderPtr parameter to the SECTION_SI= ZE() +// function-like macro below must not have side effects: SectionHeaderPtr = is +// evaluated multiple times. +// +#define SECTION_SIZE(SectionHeaderPtr) ((UINT32) ( \ + (((EFI_COMMON_SECTION_HEADER *) (SectionHeaderPtr))->Size[0] ) | \ + (((EFI_COMMON_SECTION_HEADER *) (SectionHeaderPtr))->Size[1] << 8) | \ + (((EFI_COMMON_SECTION_HEADER *) (SectionHeaderPtr))->Size[2] << 16))) =20 #pragma pack() =20 --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39309): https://edk2.groups.io/g/devel/message/39309 Mute This Topic: https://groups.io/mt/31233851/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 23:49:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+39310+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39310+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555609650; cv=none; d=zoho.com; s=zohoarc; b=O44Fcnl01Ah07UQ9zE54ljTebQ/MKaQjGKNsdxekmQ4U4E12gQJSyYBB55c5tTCflckMGISqPCwEg6COBa3nAcsdoDYKHJqaVK1zczpWa/mAZgTKqr9XN6wM5n07vgI3c5rGDoACc7hq19X5ByGmHXZgOydQzDdmjrRO9NG7VP8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555609650; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=Ctzf995oJ4c2oNGmXil2K7tBjo+zl8ptUyZzKpd7ynE=; b=B3WgKr43HaLiDC7Z7ipxvcUJ4I6kMcPHgTpYiSOfTOAUo3jCjMf6FIoZz+GnP8gVhYZLS0KevqJHTz64ndrqkW9IP5Z1D7m5RKAAou5Zh8ZhVm8FSKoWPiQUuj1Ih6KMI2PSLV+QqwX+d5SHVv9V6kQlcH4nLoT+7pft2lE//zA= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39310+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1555609650088657.8578791170911; Thu, 18 Apr 2019 10:47:30 -0700 (PDT) Return-Path: X-Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Apr 2019 10:47:29 -0700 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D9DFC3008CC5; Thu, 18 Apr 2019 17:47:28 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179]) by smtp.corp.redhat.com (Postfix) with ESMTP id D1739600C1; Thu, 18 Apr 2019 17:47:27 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Liming Gao , Michael D Kinney Subject: [edk2-devel] [PATCH v2 4/5] MdePkg/PiFirmwareFile: fix undefined behavior in FFS_FILE_SIZE Date: Thu, 18 Apr 2019 19:47:09 +0200 Message-Id: <20190418174710.12236-5-lersek@redhat.com> In-Reply-To: <20190418174710.12236-1-lersek@redhat.com> References: <20190418174710.12236-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 18 Apr 2019 17:47:28 +0000 (UTC) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1555609649; bh=iENeOlWs1M18Rday0GIS8OxatL16IzT+MCv7HDAloQA=; h=Cc:Date:From:Reply-To:Subject:To; b=gt6evh213LrRE+CtQ7AO3fL6Tb5z7RtqESm2rNfLtEtrvoJjyDr+Dz75fYMm/BZ7ipX ZM800huMZVtvljiegNZKqqvr+Frjz9oIe/pCJvL8WnVuP+sRGFhAf9W3TOnfXSRRJ6+2l T0r21TNyYDzY1M1f98CFBkVIwJ4NHlw4dIw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Accessing "EFI_FFS_FILE_HEADER.Size", which is of type UINT8[3], through a (UINT32*), is undefined behavior. Fix it by accessing the array elements individually. Cc: Liming Gao Cc: Michael D Kinney Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: =20 - eliminate intermediate macros [Mike] MdePkg/Include/Pi/PiFirmwareFile.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/MdePkg/Include/Pi/PiFirmwareFile.h b/MdePkg/Include/Pi/PiFirmw= areFile.h index 05470538de42..ec7729e9c36e 100644 --- a/MdePkg/Include/Pi/PiFirmwareFile.h +++ b/MdePkg/Include/Pi/PiFirmwareFile.h @@ -179,8 +179,15 @@ typedef struct { #define IS_FFS_FILE2(FfsFileHeaderPtr) \ (((((EFI_FFS_FILE_HEADER *) (UINTN) FfsFileHeaderPtr)->Attributes) & F= FS_ATTRIB_LARGE_FILE) =3D=3D FFS_ATTRIB_LARGE_FILE) =20 -#define FFS_FILE_SIZE(FfsFileHeaderPtr) \ - ((UINT32) (*((UINT32 *) ((EFI_FFS_FILE_HEADER *) (UINTN) FfsFileHeader= Ptr)->Size) & 0x00ffffff)) +/// +/// The argument passed as the FfsFileHeaderPtr parameter to the +/// FFS_FILE_SIZE() function-like macro below must not have side effects: +/// FfsFileHeaderPtr is evaluated multiple times. +/// +#define FFS_FILE_SIZE(FfsFileHeaderPtr) ((UINT32) ( \ + (((EFI_FFS_FILE_HEADER *) (UINTN) (FfsFileHeaderPtr))->Size[0] ) = | \ + (((EFI_FFS_FILE_HEADER *) (UINTN) (FfsFileHeaderPtr))->Size[1] << 8) = | \ + (((EFI_FFS_FILE_HEADER *) (UINTN) (FfsFileHeaderPtr))->Size[2] << 16))) =20 #define FFS_FILE2_SIZE(FfsFileHeaderPtr) \ ((UINT32) (((EFI_FFS_FILE_HEADER2 *) (UINTN) FfsFileHeaderPtr)->Extend= edSize)) --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39310): https://edk2.groups.io/g/devel/message/39310 Mute This Topic: https://groups.io/mt/31233852/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 23:49:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+39311+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39311+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555609651; cv=none; d=zoho.com; s=zohoarc; b=B9Bvyun7l9kpymZ/XUdlHaSSh0Hkd0AoOQiV+uqBlzoHPTtueRCrwZhL6G7UM4IV9JDlfe1eprpzSj1moHqZaJOrNJmrxV2MUwDWmMNTwqTtqTQUkwNyrPYCw3iqwyMQkTEMMtrwcjCM9e4Ysq5ivtmiL3LrHP56/fYo621YDCk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555609651; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=galguEy/EscZZKzzYoW9afc8EnRew9Zs10AELPg/kpg=; b=OafpovsEZQOiWt8qGEpKpoha6ig/G/wO9arCMRCnzX6eIF8GeDoyjhGBSgbEhYiq4l1FUyIWY+TXOeTrpqzd8tzHMQCS1aUUX4CD4uP9sZPCvZ5PMiH06fKNWsClyVOpRJ1xVRQj5nXSuRpHRc59kDfWfOmfl+Yv6QUXMxmC5sw= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+39311+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1555609651794274.0130566592579; Thu, 18 Apr 2019 10:47:31 -0700 (PDT) Return-Path: X-Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 18 Apr 2019 10:47:30 -0700 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 452CF5859C; Thu, 18 Apr 2019 17:47:30 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3F02E600C1; Thu, 18 Apr 2019 17:47:29 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Jordan Justen Subject: [edk2-devel] [PATCH v2 5/5] OvmfPkg/Sec: fix out-of-bounds reads Date: Thu, 18 Apr 2019 19:47:10 +0200 Message-Id: <20190418174710.12236-6-lersek@redhat.com> In-Reply-To: <20190418174710.12236-1-lersek@redhat.com> References: <20190418174710.12236-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 18 Apr 2019 17:47:30 +0000 (UTC) Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1555609651; bh=mmn7tA5wwRo22QShvnSN9tbsuBCSsCQavthXASxHstg=; h=Cc:Date:From:Reply-To:Subject:To; b=ebbLV0BFE7eyieAL634vHoHSWjr1jEF0GadrvBCiw7pa9GDZUIqA1akcJq9eYb910Sr yuncwCRGYxaFDgwMs2G5qovRMEk89zp60uITowmt73CvDjjllPAoMWAIhBWpFPCD2RVTc BJ6pa1K8KtjxoaUVT2BqngsAtwCngq9SJpE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" RH covscan justifiedly reports that accessing "EFI_FFS_FILE_HEADER.Size" and "EFI_COMMON_SECTION_HEADER.Size", which both are of type UINT8[3], through (UINT32*), is undefined behavior: > Error: OVERRUN (CWE-119): > edk2-89910a39dcfd/OvmfPkg/Sec/SecMain.c:283: overrun-local: Overrunning > array of 3 bytes at byte offset 3 by dereferencing pointer > "(UINT32 *)File->Size". > # 281| > # 282| File =3D (EFI_FFS_FILE_HEADER*)(UINTN) CurrentAddress; > # 283|-> Size =3D *(UINT32*) File->Size & 0xffffff; > # 284| if (Size < (sizeof (*File) + sizeof (EFI_COMMON_SECTION_HEA= DER))) { > # 285| return EFI_VOLUME_CORRUPTED; > > Error: OVERRUN (CWE-119): > edk2-89910a39dcfd/OvmfPkg/Sec/SecMain.c:614: overrun-local: Overrunning > array of 3 bytes at byte offset 3 by dereferencing pointer > "(UINT32 *)File->Size". > # 612| > # 613| File =3D (EFI_FFS_FILE_HEADER*)(UINTN) CurrentAddress; > # 614|-> Size =3D *(UINT32*) File->Size & 0xffffff; > # 615| if (Size < sizeof (*File)) { > # 616| return EFI_NOT_FOUND; > > Error: OVERRUN (CWE-119): > edk2-89910a39dcfd/OvmfPkg/Sec/SecMain.c:639: overrun-local: Overrunning > array of 3 bytes at byte offset 3 by dereferencing pointer > "(UINT32 *)Section->Size". > # 637| Section =3D (EFI_COMMON_SECTION_HEADER*)(UINTN) CurrentAd= dress; > # 638| > # 639|-> Size =3D *(UINT32*) Section->Size & 0xffffff; > # 640| if (Size < sizeof (*Section)) { > # 641| return EFI_NOT_FOUND; Fix these by invoking the FFS_FILE_SIZE() and SECTION_SIZE() macros, which by now have been fixed too. Cc: Ard Biesheuvel Cc: Jordan Justen Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Issue: scan-1008.txt Issue: scan-1009.txt Issue: scan-1010.txt Signed-off-by: Laszlo Ersek Acked-by: Ard Biesheuvel Reviewed-by: Philippe Mathieu-Daude --- Notes: v2: =20 - pick up Ard's A-b =20 - pick up Phil's R-b OvmfPkg/Sec/SecMain.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 18a89c649fd4..3914355cd17b 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -274,7 +274,7 @@ FindFfsFileAndSection ( } =20 File =3D (EFI_FFS_FILE_HEADER*)(UINTN) CurrentAddress; - Size =3D *(UINT32*) File->Size & 0xffffff; + Size =3D FFS_FILE_SIZE (File); if (Size < (sizeof (*File) + sizeof (EFI_COMMON_SECTION_HEADER))) { return EFI_VOLUME_CORRUPTED; } @@ -605,7 +605,7 @@ FindImageBase ( } =20 File =3D (EFI_FFS_FILE_HEADER*)(UINTN) CurrentAddress; - Size =3D *(UINT32*) File->Size & 0xffffff; + Size =3D FFS_FILE_SIZE (File); if (Size < sizeof (*File)) { return EFI_NOT_FOUND; } @@ -630,7 +630,7 @@ FindImageBase ( CurrentAddress =3D (EndOfSection + 3) & 0xfffffffffffffffcULL; Section =3D (EFI_COMMON_SECTION_HEADER*)(UINTN) CurrentAddress; =20 - Size =3D *(UINT32*) Section->Size & 0xffffff; + Size =3D SECTION_SIZE (Section); if (Size < sizeof (*Section)) { return EFI_NOT_FOUND; } --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#39311): https://edk2.groups.io/g/devel/message/39311 Mute This Topic: https://groups.io/mt/31233854/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-