From nobody Mon Sep 16 19:34:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101026+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101026+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.microsoft.com
ARC-Seal: i=1; a=rsa-sha256; t=1678473928; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lB1GIY1TJ0b4Lq+yIy+ZtqGSQfXdrNiycdSNWJ+ucFu5LI/WFYnzPhvwW9mg/qf39tpcQ0XX0R7+pGx714rAi+OkaiSn763EgDzYyNBhpBuXpYf6rs7cuagGkk9CjcYkn3J+Kl9aRXjTb4AoVwmAqAzYmEG3zGDWSjEX/T/vtKo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678473928;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=Ba5lZ/V6MBV6hsesAQDjbLIedZ17I28RdJ5SCEwtMd4=;
	b=K3dHPfoD1ID1RSf4dGvlvEoXvXHKZzDpl2EdOUxcXOICZcOMNkykzaHSX89jpm9iOoeaw4tQUvgq8VJCcxrKlxlo4k4wfwQpxLsr0CuS3sTMgQ5hDoWGO+Es8/6Xd895Rzmt37QbU2zw6uClEpebxLsbr41w3tF4HppoxOO1VEQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101026+1787277+3901457@groups.io;
	dmarc=fail header.from=<mikuback@linux.microsoft.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1678473928816612.5253829914692;
 Fri, 10 Mar 2023 10:45:28 -0800 (PST)
Return-Path: <bounce+27952+101026+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id Uu8dYY1788612xGy6F3IDLPP;
 Fri, 10 Mar 2023 10:45:28 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.27814.1678473927912420274
 for <devel@edk2.groups.io>;
 Fri, 10 Mar 2023 10:45:27 -0800
X-Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id D385C20C14D5;
	Fri, 10 Mar 2023 10:45:26 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D385C20C14D5
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Erich McMillan <emcmillan@microsoft.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [edk2-devel] [PATCH v4 06/12] MdePkg: Fix conditionally uninitialized
 variables
Date: Fri, 10 Mar 2023 13:42:32 -0500
Message-Id: <20230310184238.2999-7-mikuback@linux.microsoft.com>
In-Reply-To: <20230310184238.2999-1-mikuback@linux.microsoft.com>
References: <20230310184238.2999-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
X-Gm-Message-State: 1rqG1Bc1yzayLGhNyRAYDqhNx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678473928;
 bh=cGS2K0kAyIsLTXCUFocc22CtSCQYrShlYFrzVuzP+hs=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=TeQNhG6yYzp9fP/yqBA0QTJuO2n1HGJ8hMdxtiuRRV1XPHRWsmTC5EHSbY0/EZFIJl1
 GvTkbf2+lC0ugpYFBtgJ+eM/z2oHh3nEFU7drhYRU4jhC6Sdu93bA8MKjNIuKYSdRxhxa
 FTtJvlwtxXSpa5QLZAAaDaslfoR4H9FLN/g=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678473930018100001
Content-Type: text/plain; charset="utf-8"

From: Michael Kubacki <michael.kubacki@microsoft.com>

Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html

Note that this change affects the actual return value from the
following functions. The functions documented that if an integer
overflow occurred, MAX_UINTN would be returned. They were
implemented to actually return an undefined value from the stack.

This change makes the function follow its description. However, this
is technically different than what callers may have previously
expected.

MdePkg/Library/BaseLib/String.c:
  - StrDecimalToUintn()
  - StrDecimalToUint64()
  - StrHexToUintn()
  - StrHexToUint64()
  - AsciiStrDecimalToUintn()
  - AsciiStrDecimalToUint64()
  - AsciiStrHexToUintn()
  - AsciiStrHexToUint64()

Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Erich McMillan <emcmillan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
 MdePkg/Library/BaseLib/String.c | 40 ++++++++++++++++----
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/Strin=
g.c
index 98e6d31463e0..637c96e7b31b 100644
--- a/MdePkg/Library/BaseLib/String.c
+++ b/MdePkg/Library/BaseLib/String.c
@@ -408,7 +408,10 @@ StrDecimalToUintn (
 {
   UINTN  Result;
=20
-  StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result))=
) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -454,7 +457,10 @@ StrDecimalToUint64 (
 {
   UINT64  Result;
=20
-  StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result)=
)) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -501,7 +507,10 @@ StrHexToUintn (
 {
   UINTN  Result;
=20
-  StrHexToUintnS (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrHexToUintnS (String, (CHAR16 **)NULL, &Result))) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -548,7 +557,10 @@ StrHexToUint64 (
 {
   UINT64  Result;
=20
-  StrHexToUint64S (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrHexToUint64S (String, (CHAR16 **)NULL, &Result))) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -989,7 +1001,10 @@ AsciiStrDecimalToUintn (
 {
   UINTN  Result;
=20
-  AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Resu=
lt))) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -1031,7 +1046,10 @@ AsciiStrDecimalToUint64 (
 {
   UINT64  Result;
=20
-  AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Res=
ult))) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -1077,7 +1095,10 @@ AsciiStrHexToUintn (
 {
   UINTN  Result;
=20
-  AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result))=
) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -1123,7 +1144,10 @@ AsciiStrHexToUint64 (
 {
   UINT64  Result;
=20
-  AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result)=
)) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
--=20
2.39.2.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101026): https://edk2.groups.io/g/devel/message/101026
Mute This Topic: https://groups.io/mt/97526791/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-