From nobody Sun Apr 28 22:56:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+42776+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+42776+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1561432975; cv=none; d=zoho.com; s=zohoarc; b=oUEP/4YwO7DqvhRmQBfX4OEeXhVCFfOmnaoW8DqscuP4aYCFmBJFrQLqdR9nLeBZysDeT8tKrsNlSs/JDY7abSnI6J4YAG4PJpdoefX0Ugm71uFNxGW6s/q18bDoyMWmI4XqpDT5iTLKo0M82hEXo8iZtih8Xk8teV6dvHdYoZw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1561432975; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To:ARC-Authentication-Results; bh=niSGtESsalS0bRwUHMbxtktskKiWf7/+6CTZ6MC6Sh8=; b=Qc/t0jj5+rPOUKWGNbkvVZLrVeGDa7TSyO+fx2MKTnKLZcCnQH5mDwSGD4rmkJ0ChT2dOMXaAgsshw3QIMGRTgI3z4ILEakrufFX76uW7pQQ4BD8fPwYF/S1UTzARPVpjfnflr9Aw1wfA6PbtQdzETPo74d10NXU/F3u3E9Bvc8= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+42776+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1561432975704152.4966077796355; Mon, 24 Jun 2019 20:22:55 -0700 (PDT) Return-Path: X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by groups.io with SMTP; Mon, 24 Jun 2019 20:22:54 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Jun 2019 20:22:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,413,1557212400"; d="scan'208";a="182790002" X-Received: from fieedk001.ccr.corp.intel.com ([10.239.33.119]) by fmsmga001.fm.intel.com with ESMTP; 24 Jun 2019 20:22:52 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Ray Ni , Star Zeng Subject: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check Date: Tue, 25 Jun 2019 11:22:49 +0800 Message-Id: <20190625032249.28116-1-zhichao.gao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhichao.gao@intel.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1561432974; bh=keOkVwoKginJ9VskaajvPV89rd57uWjR4mDFG1R0fXg=; h=Cc:Date:From:Reply-To:Subject:To; b=wIUpLtUXrDWsHN26YgTlAdswtpCUUoeL1TWcMahDOsBrr9ynzvi+62yw1MSUwpRdWqC AlR/IP19L2LdMaJZsv8VwehSZWEXI1e1k1ju+r5oH0xsOpnkEi9tdlSeTg9wjZEOUOaGW feI22jIFz3OWcxymgwxEeWUhkMJ+AnIjKao= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1935 Before use the memory that is allocated through AllocateZeroPool, we should check the memory pointer is valid to avoid using the NULL pointer. Add check for VariableArrayAddress that is returned from GetScatterGatherHeadEntries. If it is NULL, directly return the error status. Cc: Jian J Wang Cc: Hao A Wu Cc: Ray Ni Cc: Star Zeng Signed-off-by: Zhichao Gao Reviewed-by: Hao A Wu --- MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg= /Universal/CapsulePei/UefiCapsule.c index 8d4ae69bb2..51afab7b05 100644 --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries ( // if ((ValidIndex + 1) >=3D TempListLength) { EnlargedTempList =3D AllocateZeroPool (TempListLength * 2); + if (EnlargedTempList =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n")); + return EFI_OUT_OF_RESOURCES; + } CopyMem (EnlargedTempList, TempList, TempListLength); FreePool (TempList); TempList =3D EnlargedTempList; @@ -1056,7 +1060,7 @@ CapsuleCoalesce ( // Get SG list entries // Status =3D GetScatterGatherHeadEntries (&ListLength, &VariableArrayAddre= ss); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || VariableArrayAddress =3D=3D NULL) { DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entrie= s. Status =3D %r\n", __FUNCTION__, Status)); goto Done; } --=20 2.21.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42776): https://edk2.groups.io/g/devel/message/42776 Mute This Topic: https://groups.io/mt/32199972/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-