ShellPkg/Application/Shell/ShellManParser.c | 6 +++++- ShellPkg/Application/Shell/ShellProtocol.c | 3 ++- .../Library/UefiShellDebug1CommandsLib/Dblk.c | 6 +++--- .../HexEdit/BufferImage.c | 10 ++++++--- .../HexEdit/FileImage.c | 6 +++++- .../UefiShellDriver1CommandsLib/DrvCfg.c | 3 ++- .../Library/UefiShellLevel1CommandsLib/For.c | 4 ++++ .../Library/UefiShellLevel1CommandsLib/If.c | 4 ++++ .../Library/UefiShellLevel2CommandsLib/Vol.c | 5 ++++- .../Library/UefiShellLevel3CommandsLib/Help.c | 4 ++++ ShellPkg/Library/UefiShellLib/UefiShellLib.c | 21 +++++++++++++++---- 11 files changed, 57 insertions(+), 15 deletions(-)
Attached is the report for Coverity issues identified in ShellPkg based
on edk2-stable202205.
Cc: Vasudevan Sambandan <vasudevans@ami.com>
Cc: Sundaresan Selvaraj <sundaresans@ami.com>
Cc: Arun k <arunk@ami.com>
Cc: Sainadh N <sainadhn@ami.com>
Signed-off-by: Kalaivani P <kalaivanip@ami.com>
---
ShellPkg/Application/Shell/ShellManParser.c | 6 +++++-
ShellPkg/Application/Shell/ShellProtocol.c | 3 ++-
.../Library/UefiShellDebug1CommandsLib/Dblk.c | 6 +++---
.../HexEdit/BufferImage.c | 10 ++++++---
.../HexEdit/FileImage.c | 6 +++++-
.../UefiShellDriver1CommandsLib/DrvCfg.c | 3 ++-
.../Library/UefiShellLevel1CommandsLib/For.c | 4 ++++
.../Library/UefiShellLevel1CommandsLib/If.c | 4 ++++
.../Library/UefiShellLevel2CommandsLib/Vol.c | 5 ++++-
.../Library/UefiShellLevel3CommandsLib/Help.c | 4 ++++
ShellPkg/Library/UefiShellLib/UefiShellLib.c | 21 +++++++++++++++----
11 files changed, 57 insertions(+), 15 deletions(-)
diff --git a/ShellPkg/Application/Shell/ShellManParser.c b/ShellPkg/Application/Shell/ShellManParser.c
index 5c823cd7f5..716eb17a1d 100644
--- a/ShellPkg/Application/Shell/ShellManParser.c
+++ b/ShellPkg/Application/Shell/ShellManParser.c
@@ -2,6 +2,7 @@
Provides interface to shell MAN file parser.
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
Copyright 2015 Dell Inc.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -601,7 +602,10 @@ ProcessManFile (
if (TempString != NULL) {
FileHandle = ConvertEfiFileProtocolToShellHandle (CreateFileInterfaceMem (TRUE), NULL);
HelpSize = StrLen (TempString) * sizeof (CHAR16);
- ShellWriteFile (FileHandle, &HelpSize, TempString);
+ Status = ShellWriteFile (FileHandle, &HelpSize, TempString);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
ShellSetFilePosition (FileHandle, 0);
HelpSize = 0;
BriefSize = 0;
diff --git a/ShellPkg/Application/Shell/ShellProtocol.c b/ShellPkg/Application/Shell/ShellProtocol.c
index 509eb60e40..fbe1d7e01f 100644
--- a/ShellPkg/Application/Shell/ShellProtocol.c
+++ b/ShellPkg/Application/Shell/ShellProtocol.c
@@ -5,6 +5,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -2518,7 +2519,7 @@ ShellSearchHandle (
EfiShellClose (ShellInfoNode->Handle);
ShellInfoNode->Handle = NULL;
}
- } else if (!EFI_ERROR (Status)) {
+ } else if (!EFI_ERROR (Status) && (ShellInfoNode->FullName == NULL)) {
//
// should be a file
//
diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
index 97a4b57a93..08372d9fa4 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
@@ -3,6 +3,7 @@
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -45,8 +46,7 @@ DisplayTheBlocks (
if (EFI_ERROR (Status)) {
return (SHELL_NOT_FOUND);
}
-
- BufferSize = BlockIo->Media->BlockSize * BlockCount;
+ BufferSize = BlockIo->Media->BlockSize * (UINTN)BlockCount;
if (BlockIo->Media->IoAlign == 0) {
BlockIo->Media->IoAlign = 1;
}
@@ -55,7 +55,7 @@ DisplayTheBlocks (
OriginalBuffer = AllocateZeroPool (BufferSize + BlockIo->Media->IoAlign);
Buffer = ALIGN_POINTER (OriginalBuffer, BlockIo->Media->IoAlign);
} else {
- ShellPrintEx (-1, -1, L" BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", BlockIo->Media->BlockSize, BlockCount);
+ ShellPrintEx (-1, -1, L" BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", BlockIo->Media->BlockSize,(UINTN)BlockCount);
OriginalBuffer = NULL;
Buffer = NULL;
}
diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
index be77e31a40..e68ab7c21a 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
@@ -3,6 +3,7 @@
as well as the event handlers for editing the file
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved. <BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -2036,7 +2037,8 @@ HBufferImageAddCharacterToBuffer (
UINTN OldPos;
UINTN NewPos;
-
+ EFI_STATUS Status;
+
Size = HBufferImageGetTotalSize ();
//
@@ -2083,10 +2085,12 @@ HBufferImageAddCharacterToBuffer (
Size += Count;
HBufferImageFreeLines ();
-
- HBufferImageBufferToList (Buffer, Size);
+ Status = HBufferImageBufferToList (Buffer, Size);
FreePool (Buffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
Link = HMainEditor.BufferImage->ListHead->ForwardLink;
for (Index = 0; Index < (INTN)NewPos / 0x10; Index++) {
diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
index d8818dd958..8907a66845 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
@@ -2,6 +2,7 @@
Functions to deal with file buffer.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved. <BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -245,6 +246,7 @@ HFileImageRead (
@retval EFI_SUCCESS The operation was successful.
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
@retval EFI_LOAD_ERROR A load error occurred.
+ @retval EFI_INVALID_PARAMETER FileName input parameter is NULL.
**/
EFI_STATUS
HFileImageSave (
@@ -264,7 +266,9 @@ HFileImageSave (
BufferTypeBackup = HBufferImage.BufferType;
HBufferImage.BufferType = FileTypeFileBuffer;
-
+ if (FileName == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
//
// if is the old file
//
diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c b/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
index 9bbbb1444d..04b46256df 100644
--- a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
+++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
@@ -3,6 +3,7 @@
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -355,7 +356,7 @@ ConfigFromFile (
}
MainBuffer = AllocateZeroPool ((UINTN)MainBufferSize);
- if (EFI_ERROR (Status)) {
+ if (MainBuffer == NULL) {
ShellPrintHiiEx (
-1,
-1,
diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c b/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
index 8a6a940f28..6e413a1813 100644
--- a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
+++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
@@ -3,6 +3,7 @@
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -335,6 +336,9 @@ ShellCommandRunFor (
CurrentScriptFile = ShellCommandGetCurrentScriptFile ();
ASSERT (CurrentScriptFile != NULL);
+ if (CurrentScriptFile == NULL) {
+ return (SHELL_DEVICE_ERROR);
+ }
if ((CurrentScriptFile->CurrentCommand != NULL) && (CurrentScriptFile->CurrentCommand->Data == NULL)) {
FirstPass = TRUE;
diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c b/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
index b4a6966edb..5607ef6e82 100644
--- a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
+++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
@@ -3,6 +3,7 @@
(C) Copyright 2013-2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -100,6 +101,9 @@ IsValidProfile (
ProfilesString = ShellGetEnvironmentVariable (L"profiles");
ASSERT (ProfilesString != NULL);
+ if (ProfilesString == NULL) {
+ return FALSE;
+ }
TempLocation = StrStr (ProfilesString, String);
if ((TempLocation != NULL) && (*(TempLocation-1) == L';') && (*(TempLocation+StrLen (String)) == L';')) {
return (TRUE);
diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
index 8f7310c074..045577203b 100644
--- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
+++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
@@ -3,6 +3,7 @@
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -97,7 +98,9 @@ HandleVol (
}
ASSERT (SysInfo != NULL);
-
+ if (SysInfo == NULL) {
+ return (SHELL_OUT_OF_RESOURCES);;
+ }
if (Delete) {
*((CHAR16 *)SysInfo->VolumeLabel) = CHAR_NULL;
SysInfo->Size = SIZE_OF_EFI_FILE_SYSTEM_INFO + StrSize (SysInfo->VolumeLabel);
diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
index 7f146bb9fb..17fb989d02 100644
--- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
+++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
@@ -3,6 +3,7 @@
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2014, ARM Limited. All rights reserved. <BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -118,6 +119,9 @@ CopyListOfCommandNames (
{
CONST COMMAND_LIST *Node;
+ if (SourceList == NULL) {
+ return SHELL_INVALID_PARAMETER;;
+ }
for ( Node = (COMMAND_LIST *)GetFirstNode (&SourceList->Link)
; SourceList != NULL && !IsListEmpty (&SourceList->Link) && !IsNull (&SourceList->Link, &Node->Link)
; Node = (COMMAND_LIST *)GetNextNode (&SourceList->Link, &Node->Link)
diff --git a/ShellPkg/Library/UefiShellLib/UefiShellLib.c b/ShellPkg/Library/UefiShellLib/UefiShellLib.c
index a72767bd86..eae6553d91 100644
--- a/ShellPkg/Library/UefiShellLib/UefiShellLib.c
+++ b/ShellPkg/Library/UefiShellLib/UefiShellLib.c
@@ -1,9 +1,11 @@
+
/** @file
Provides interface to shell functionality for shell commands and applications.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
Copyright 2016-2018 Dell Technologies.<BR>
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1761,7 +1763,9 @@ ShellCloseFileMetaArg (
// ASSERT that ListHead is not NULL
//
ASSERT (ListHead != NULL);
-
+ if (ListHead == NULL) {
+ return (SHELL_INVALID_PARAMETER);
+ }
//
// Check for UEFI Shell 2.0 protocols
//
@@ -2221,6 +2225,10 @@ InternalCommandLineParse (
if (CurrentItemPackage->Name == NULL) {
ShellCommandLineFreeVarList (*CheckPackage);
*CheckPackage = NULL;
+ // Fixing memory leak here
+ SHELL_FREE_NON_NULL (CurrentItemPackage);
return (EFI_OUT_OF_RESOURCES);
}
@@ -2323,6 +2331,10 @@ InternalCommandLineParse (
if (CurrentItemPackage->Value == NULL) {
ShellCommandLineFreeVarList (*CheckPackage);
*CheckPackage = NULL;
+ // Fixing memory leak here
+ SHELL_FREE_NON_NULL (CurrentItemPackage);
return (EFI_OUT_OF_RESOURCES);
}
@@ -4377,9 +4389,10 @@ ShellFileHandleReadLine (
return (EFI_INVALID_PARAMETER);
}
- if (Buffer == NULL) {
- ASSERT (*Size == 0);
- } else {
+ if ((Buffer == NULL) || (*Size == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ else {
*Buffer = CHAR_NULL;
}
--
2.36.0.windows.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96669): https://edk2.groups.io/g/devel/message/96669
Mute This Topic: https://groups.io/mt/95329853/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-Few Coverity changes were done in the following files ShellProtocol.c and UefiShellLib.c. so, will include those changes and send as V3 patch. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97552): https://edk2.groups.io/g/devel/message/97552 Mute This Topic: https://groups.io/mt/95329853/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.