From nobody Tue May 14 05:49:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76318+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76318+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=hpe.com ARC-Seal: i=1; a=rsa-sha256; t=1623301054; cv=none; d=zohomail.com; s=zohoarc; b=Kaf9L2yDdRGYmxcsnoUNklrAu314ye5JlQJWnDmqreXEXvJojWacFjix1vC4m9tY3Zp6ZaM2DmOMXSAw/PifuST1pyKNhdQgrWQAf4jrb5mL6z5YNlsXbziC79HwLExAgUhb81jqAplG+9GUBbAfjmi6q3QyuoO5bhKJ0puADZE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623301054; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=Yj5Bhgzte5EZ8VjjLEPZMnrlxHB256tPQEIjiBCBw0k=; b=g/Xqou64HR29SWd74r0e6xeW4VJ4Dpxi4yZzjnyAfdtUllkW6rhCXw/YOjDwiSofQW+o3TgRSZHt2QjQwWU5+EBCyCHM5BKUuz1ajLjjqNkpzlcy+blHXVGdpJ/u3nOnfhusNc2hUQf1npywtmhscDcw2Cs2Hf2Uehu7ffnczRE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76318+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623301054140547.9607377325515; Wed, 9 Jun 2021 21:57:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JO5RYY1788612xRsw9Mcodz6; Wed, 09 Jun 2021 21:57:33 -0700 X-Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by mx.groups.io with SMTP id smtpd.web10.5928.1623301053137748471 for ; Wed, 09 Jun 2021 21:57:33 -0700 X-Received: from pps.filterd (m0150241.ppops.net [127.0.0.1]) by mx0a-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15A4ndGL017874; Thu, 10 Jun 2021 04:57:26 GMT X-Received: from g2t2354.austin.hpe.com (g2t2354.austin.hpe.com [15.233.44.27]) by mx0a-002e3701.pphosted.com with ESMTP id 3930bmde2u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Jun 2021 04:57:25 +0000 X-Received: from g2t2360.austin.hpecorp.net (g2t2360.austin.hpecorp.net [16.196.225.135]) by g2t2354.austin.hpe.com (Postfix) with ESMTP id 366A481; Thu, 10 Jun 2021 04:57:25 +0000 (UTC) X-Received: from WVE00YQZQF.asiapacific.hpqcorp.net (unknown [16.169.14.254]) by g2t2360.austin.hpecorp.net (Postfix) with ESMTP id 98B0E3F; Thu, 10 Jun 2021 04:57:23 +0000 (UTC) From: "Nickle Wang" To: devel@edk2.groups.io Cc: gaoliming@byosoft.com.cn, jian.j.wang@intel.com, hao.a.wu@intel.com, Nickle Wang Subject: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool() Date: Thu, 10 Jun 2021 12:56:40 +0800 Message-Id: <20210610045641.1466-1-nickle.wang@hpe.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: wbjq26YML2qJLNe-lubqYfi4JvYd3nrh X-Proofpoint-GUID: wbjq26YML2qJLNe-lubqYfi4JvYd3nrh X-HPE-SCL: -1 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,nickle.wang@hpe.com X-Gm-Message-State: a5Iu5xabNAZvlGpeOArz7y1Jx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623301053; bh=tHnkvdfabSEDEQv/xHDV3INFo3m65kp/AY4hFyF6B7o=; h=Cc:Date:From:Reply-To:Subject:To; b=eLsajPttOBulqM16C/dfI9w1/VztqdZuSuTD7vTzax/BRTKamNIg0zscYY19S2Lv+1T RP7SgOmo9kDkPEmNv6DFWOusb20SStDoJfucNdkwXt+4XYv+hABWOwGNfaB2EaLuRhARS zFTVPJEcglqAVWIQHMEmcYiF4vvwJISHa9A= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Memory buffer that is allocated by malloc() and realloc() will be shifted by 8 bytes because Oniguruma keeps its memory signature. This 8 bytes shift is not handled while calling free() to release memory. Add free() function to check Oniguruma signature before release memory because memory buffer is not touched when using calloc(). Signed-off-by: Nickle Wang Reviewed-by: Liming Gao --- .../RegularExpressionDxe/OnigurumaUefiPort.c | 19 ++++++++++++++++++- .../RegularExpressionDxe/OnigurumaUefiPort.h | 14 ++------------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.= c b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c index 9aa7b0a68e..5c34324db8 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c +++ b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c @@ -2,7 +2,7 @@ =20 Module to rewrite stdlib references within Oniguruma =20 - (C) Copyright 2014-2015 Hewlett Packard Enterprise Development LP
+ (C) Copyright 2014-2021 Hewlett Packard Enterprise Development LP
Copyright (c) 2020, Intel Corporation. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent @@ -96,3 +96,20 @@ void* memset (void *dest, char ch, unsigned int count) return SetMem (dest, count, ch); } =20 +void free(void *ptr) +{ + VOID *EvalOnce; + ONIGMEM_HEAD *PoolHdr; + + EvalOnce =3D ptr; + if (EvalOnce =3D=3D NULL) { + return; + } + + PoolHdr =3D (ONIGMEM_HEAD *)EvalOnce - 1; + if (PoolHdr->Signature =3D=3D ONIGMEM_HEAD_SIGNATURE) { + FreePool (PoolHdr); + } else { + FreePool (EvalOnce); + } +} diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.= h b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h index 20b75c3361..0bdb7be529 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h +++ b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h @@ -2,7 +2,7 @@ =20 Module to rewrite stdlib references within Oniguruma =20 - (C) Copyright 2014-2015 Hewlett Packard Enterprise Development LP
+ (C) Copyright 2014-2021 Hewlett Packard Enterprise Development LP
Copyright (c) 2020, Intel Corporation. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent @@ -46,17 +46,6 @@ typedef INTN intptr_t; #endif =20 #define calloc(n,s) AllocateZeroPool((n)*(s)) - -#define free(p) \ - do { \ - VOID *EvalOnce; \ - \ - EvalOnce =3D (p); \ - if (EvalOnce !=3D NULL) { \ - FreePool (EvalOnce); \ - } \ - } while (FALSE) - #define xmemmove(Dest,Src,Length) CopyMem(Dest,Src,Length) #define xmemcpy(Dest,Src,Length) CopyMem(Dest,Src,Length) #define xmemset(Buffer,Value,Length) SetMem(Buffer,Length,Value) @@ -98,6 +87,7 @@ void* malloc(size_t size); void* realloc(void *ptr, size_t size); void* memcpy (void *dest, const void *src, unsigned int count); void* memset (void *dest, char ch, unsigned int count); +void free(void *ptr); =20 #define exit(n) ASSERT(FALSE); =20 --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76318): https://edk2.groups.io/g/devel/message/76318 Mute This Topic: https://groups.io/mt/83438231/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-