From nobody Tue Feb 10 23:58:36 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+53410+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 15795188750321018.0861209092177;
 Mon, 20 Jan 2020 03:14:35 -0800 (PST)
Return-Path: <bounce+27952+53410+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id mgBcYY1788612xr1uXHdVC5f;
 Mon, 20 Jan 2020 03:14:34 -0800
X-Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.79])
 by mx.groups.io with SMTP id smtpd.web09.9176.1579518873521359343
 for <devel@edk2.groups.io>;
 Mon, 20 Jan 2020 03:14:34 -0800
X-Received: from HE1PR08CA0057.eurprd08.prod.outlook.com (2603:10a6:7:2a::28)
 by
 VI1PR0802MB2302.eurprd08.prod.outlook.com (2603:10a6:800:9e::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.24; Mon, 20 Jan
 2020 11:14:29 +0000
X-Received: from AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e08::204) by HE1PR08CA0057.outlook.office365.com
 (2603:10a6:7:2a::28) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20 via Frontend
 Transport; Mon, 20 Jan 2020 11:14:29 +0000
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+53410+1787277+3901457@groups.io;
 helo=web01.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
X-Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123)
 by
 AM5EUR03FT009.mail.protection.outlook.com (10.152.16.110) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:29 +0000
X-Received: ("Tessian outbound 28955e0c1ca8:v40");
 Mon, 20 Jan 2020 11:14:29 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: d073088bfb04a028
X-CR-MTA-TID: 64aa7808
X-Received: from af1b8095a747.1
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id
 CA6FD949-0278-4F7B-9351-4077D3D2C431.1;
	Mon, 20 Jan 2020 11:14:24 +0000
X-Received: from EUR05-AM6-obe.outbound.protection.outlook.com
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
 af1b8095a747.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Mon, 20 Jan 2020 11:14:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=efh1zY4JEiFbppS57woH746cRTnzV6HYSCugs8XIP5IYenr2t2Uegn/8VPKtV0hRprfkZWFz7MW9cH4DVjtpF36TRF3bCtEHVxzsSTRvi21oH0qx+U1ab/ugbIm1gLndNGxTmPjVir93Ajx8ZX82bXDqW/rIikTJLZt49nvQ2FOw/bPXKys1azTg6or+bI1LFL4W2s+o6FVNuzZljZg4AmXVMWd3h/K6jAa1/hwpy6uITcGVTstdebLL3qnB9JCGLvA6GFjIbIMvabW7kAIB2SgKGLqrhZ8RfJlmTeWTxopPzs6s8U6wov+U3i+OH8I7taFBt8srFVeDWVKpd7aw4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GkCTLbze6b09g15z91J55w0GvF2YPLs1pU1bdDWDKWA=;
 b=oG7o8oSeIECKYWV7ZCke/Bg93XdKcZLNm39ecG/UFit78lH3iTRvElyRyvIqhWq8uM84I2s/cnlF1d+H2/E3tL8QQu84vuKLB17zYVc1cXevu/2E768G2G/yJ2SZs6BxTwNRxeI1bJ/0YEYJ6F0JShSIljui6/tErGLYrmozGXVE99arg9Ntz2JC82ZzAIHgCmbQsABzXptg1A/bWnKkXX2Q4xEZcsgUwThp//4m3iDbdoZ+K3HfXPp7rPJw6oyXi+YAKQlvUZvnp/1RtstCQTs6A5EDJ6OIRG4plPZy+TLGalqYZJV3dl/aId/oRYVL+pdf/UjeQ7n9KoXkv1UVtQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com;
 dmarc=bestguesspass action=none header.from=arm.com; dkim=none (message not
 signed); arc=none
X-Received: from AM4PR08CA0053.eurprd08.prod.outlook.com (2603:10a6:205:2::24)
 by DBBPR08MB4331.eurprd08.prod.outlook.com (2603:10a6:10:c4::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23; Mon, 20 Jan
 2020 11:14:22 +0000
X-Received: from VE1EUR03FT045.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e09::208) by AM4PR08CA0053.outlook.office365.com
 (2603:10a6:205:2::24) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.19 via Frontend
 Transport; Mon, 20 Jan 2020 11:14:22 +0000
Authentication-Results-Original: spf=pass (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=bestguesspass action=none
 header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com;
X-Received: from nebula.arm.com (40.67.248.234) by
 VE1EUR03FT045.mail.protection.outlook.com (10.152.19.51) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:22 +0000
X-Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX04.Arm.com
 (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Mon, 20 Jan
 2020 11:14:08 +0000
X-Received: from E119924.Arm.com (10.37.9.56) by mail.arm.com (10.251.24.32)
 with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Mon, 20 Jan
 2020 11:14:08 +0000
From: "Krzysztof Koch" <krzysztof.koch@arm.com>
To: <devel@edk2.groups.io>
CC: <ray.ni@intel.com>, <zhichao.gao@intel.com>, <Sami.Mujawar@arm.com>,
	<Matteo.Carlini@arm.com>, <nd@arm.com>
Subject: [edk2-devel] [PATCH v3 09/11] ShellPkg: acpiview: IORT: Validate
 global pointers before use
Date: Mon, 20 Jan 2020 11:13:49 +0000
Message-ID: <20200120111351.29184-10-krzysztof.koch@arm.com>
In-Reply-To: <20200120111351.29184-1-krzysztof.koch@arm.com>
References: <20200120111351.29184-1-krzysztof.koch@arm.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 1
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;IPV:;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(376002)(136003)(39860400002)(346002)(396003)(189003)(199004)(2906002)(186003)(336012)(36756003)(478600001)(426003)(70206006)(44832011)(15650500001)(70586007)(4326008)(26005)(8936002)(2616005)(6916009)(81166006)(81156014)(1076003)(6666004)(7696005)(86362001)(5660300002)(19627235002)(316002)(356004)(8676002)(54906003);DIR:OUT;SFP:1101;SCL:1;SRVR:DBBPR08MB4331;H:nebula.arm.com;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a0a7853b-c677-4c9a-76a4-08d79d99eb01
X-MS-TrafficTypeDiagnostic: DBBPR08MB4331:|VI1PR0802MB2302:
X-Microsoft-Antispam-PRVS: 
 <VI1PR0802MB2302486E545B84F68DC1A4D284320@VI1PR0802MB2302.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: True
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 vCKmamIF7bINm+Uh1Fwc1JR9dY61IJN0YSlt6Y+NrUa20rAZCBn8sdOn0FrP/CmGO4yHn0FNcdt0Ut3hG4CIZHzeCqz2bpPb7CQ03l4eLqPRFISqQJVKcBSx2H/nKnNb/X5EWyUtn76Otkq9Vnbws+lUaSPfsCJCZaNcsMcrehm/SoL3epZwGZNzYrF4kafEIHvnA99p8ecqbUUe76+flpDmiTl+yckKYFOvjGrQPhhpli5jqPtSKFts3PfJ4L4BAwFYHQUWIvyHN9/ZxBgRiQj6FVBiKKtCYkWUYW6iEhK9XaXjRhgQIxcF8iUpZ/v5kV3WanAWhHONh9Zzl8I4KWgy9kF3j/H7kX0bwGRI+fWuj30a68STJEEyGRp6fZrO+dLGF5fHDmmTAoMA0dXflrvnj+iYfe38uhZLrYIcxuViv749OjEPz4Zk43l9UJkK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4331
Original-Authentication-Results: spf=pass (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=bestguesspass action=none
 header.from=arm.com;
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 1dcaf466-6f26-4e32-5ca2-08d79d99e6d0
X-Microsoft-Antispam-Message-Info: 
 mKoRDe/IC8JHHlXdnbVle25B0ElydnBRs6rTCeGEMozTC+n74LsqcYFU/9gbLzAFq4h5FSeZTSzfWeKDO+oUbMETCtIyf0IpIgQS7DX73KOlB+bRUHRSk1Lqlc+iZCXoempuRXIeIJed3/C5SjP+iETjHUSC1K5ZZCXtN62ZgHgOmUx6cF69JdOHHU/1K2wjxAkgpbpJ7QpcOlEFJiC5dFxXF/ZO9M/nKzfyV4LvfUccVYIiL+yl7tYHHoHExZOlMsKg3b8of7iZE+8qncQAJg+f5D3YRzxUUuEXk6veNZntb0YRSavJJWnDtVJlYUhMHfZEhrOu6jbpX/dg4FyOJpAcgtmWrags8MtMjekbz/Xxq0ExKCHInGQ5NAf2Yn0X5A5Eh0yhG9pEUbJ3Xn4VEtWUSerHze/1bk9JxBjZqUS122XyLXcMJ4PvY9U9qO/h
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2020 11:14:29.3912
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a0a7853b-c677-4c9a-76a4-08d79d99eb01
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2302
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,krzysztof.koch@arm.com
X-Gm-Message-State: 1h9dVX8CMsiuYvEOBiUFDQzFx1787277AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1579518874;
 bh=G68YbMq1KoDa8ercgxl00qD6K2e/ubHLpOf8vcdWQio=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=mb9Byxo/1kf1Psy9zfLz3bOVfMsVtJKGxnXfiNFNzhLx3s0ZgBAFG/kx1WZ/X86nhKb
 NmeNtNaryWAQuOYEwmNmoVIt3y9OgHjSnvBBY22q+xuvSM3BOhwzLuEiZFKlRyzysXOtH
 CWklmJlgPE73VX6b7Hanp4CV5W7VfjXWp00=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check if global (in the scope of the IORT parser) pointers have been
successfully updated before they are used for further table parsing.

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
---

Notes:
    v3:
    - Rebase on latest master [Krzysztof]

    v1:
    - Test against NULL pointers [Krzysztof]

 ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 5=
2 ++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/Iort=
Parser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortPa=
rser.c
index 72289c7680bc3cd5c444481e8d6a719803202a9b..9d5d937c7b2c19945ca2ad3eba6=
44bdfc09cc3f6 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c
@@ -322,6 +322,20 @@ DumpIortNodeSmmuV1V2 (
     PARSER_PARAMS (IortNodeSmmuV1V2Parser)
     );
=20
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if ((InterruptContextCount =3D=3D NULL)   ||
+      (InterruptContextOffset =3D=3D NULL)  ||
+      (PmuInterruptCount =3D=3D NULL)       ||
+      (PmuInterruptOffset =3D=3D NULL)) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient SMMUv1/2 node length. Length =3D %d\n",
+      Length
+      );
+    return;
+  }
+
   Offset =3D *InterruptContextOffset;
   Index =3D 0;
=20
@@ -433,6 +447,17 @@ DumpIortNodeIts (
             PARSER_PARAMS (IortNodeItsParser)
             );
=20
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if (ItsCount =3D=3D NULL) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient ITS group length. Length =3D %d.\n",
+      Length
+      );
+    return;
+  }
+
   Index =3D 0;
=20
   while ((Index < *ItsCount) &&
@@ -617,6 +642,18 @@ ParseAcpiIort (
     PARSER_PARAMS (IortParser)
     );
=20
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if ((IortNodeCount =3D=3D NULL) ||
+      (IortNodeOffset =3D=3D NULL)) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient table length. AcpiTableLength =3D %d.\n",
+      AcpiTableLength
+      );
+    return;
+  }
+
   Offset =3D *IortNodeOffset;
   NodePtr =3D Ptr + Offset;
   Index =3D 0;
@@ -635,6 +672,21 @@ ParseAcpiIort (
       PARSER_PARAMS (IortNodeHeaderParser)
       );
=20
+    // Check if the values used to control the parsing logic have been
+    // successfully read.
+    if ((IortNodeType =3D=3D NULL)        ||
+        (IortNodeLength =3D=3D NULL)      ||
+        (IortIdMappingCount =3D=3D NULL)  ||
+        (IortIdMappingOffset =3D=3D NULL)) {
+      IncrementErrorCount ();
+      Print (
+        L"ERROR: Insufficient remaining table buffer length to read the " \
+          L"IORT node header. Length =3D %d.\n",
+        AcpiTableLength - Offset
+        );
+      return;
+    }
+
     // Make sure the IORT Node is inside the table
     if ((Offset + (*IortNodeLength)) > AcpiTableLength) {
       IncrementErrorCount ();
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#53410): https://edk2.groups.io/g/devel/message/53410
Mute This Topic: https://groups.io/mt/69929574/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-