From nobody Thu May 2 02:12:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+62488+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+62488+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=outlook.com Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1594725679491663.6397935177487; Tue, 14 Jul 2020 04:21:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IXcpYY1788612xbBE4t1t7QL; Tue, 14 Jul 2020 04:21:19 -0700 X-Received: from APC01-PU1-obe.outbound.protection.outlook.com (APC01-PU1-obe.outbound.protection.outlook.com [40.92.254.83]) by mx.groups.io with SMTP id smtpd.web12.11616.1594692473596469677 for ; Mon, 13 Jul 2020 19:07:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cpjP/JA8sngMdBmTH6Z+di7ULLnS2F2xkYbV4sgZ1acANOaNCZSbQQZJ1GkyYO3CkUtBC6y6uB0jL+8HfAzJZfHXjht8fkdN5Xsz7EVqvsqNT++7Pu2liLO5WzlDeHpAKuXHPGkROX37OMshwn/Ij/KwsF3UyjAiHDKzRDXs1E5RnAxZZhm8Si6GBzF5HkcS101pppxYTy4NIVMmuf3tnTWcm8+n6dAkcPIpewYxz8abCok90o7LjGKy+rzpqni7vOqIsyka9App41+2ELHA0sIUZ91XrxT1l8wHZhIbjf6nRZ8bfKwTBEJbAp1lbqFqoV9fuJPOKIuSrMUgFoNoJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oG2g/p5IhtpAmYrQA0E+vNs8V0pAGWJRPBYU/AV3BmA=; b=gPHN/aXhP16eR7eDwa6ckPhR0iGT8FvuzMzNefvWyXM8Zyu+i/RbNVctomSbTIgdPXlhAgEEhr0hl9qQh95E9S60A4B5t3qCZNzyslTAnTw1fhvYxbwPZsb9Vm1trroMbuzkLJCYg7+S5sO7a+X9hX0czjO2K8TaOGKsqpS7UQOFmOF6qCCXmOb1mFSlqrjj4NQYSU8iFSOHn6FwKIJwwE0klKkCTs7Q5KPXiSLr7SVOQtvslufgdGCEZXxy7bn8AqZNlFe0MLCRYj5y+4hIxHMSfx7Qei4LATtMiTwBWXgTilhTPCgFLgpTK8ncXIae6hhhr/f+nCrheT4RKEPMUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none X-Received: from HK2APC01FT106.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::50) by HK2APC01HT035.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::350) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21; Tue, 14 Jul 2020 02:07:51 +0000 X-Received: from SL2PR03MB4442.apcprd03.prod.outlook.com (2a01:111:e400:7ebc::41) by HK2APC01FT106.mail.protection.outlook.com (2a01:111:e400:7ebc::437) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Tue, 14 Jul 2020 02:07:51 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:D1E2DCE06E7ECC93E0C7458C090F7E14F291B71D572A61552494450A682C3786;UpperCasedChecksum:EACFA64A39049EA38C4A2A307FC7FCE630C5BC7AD7D0EFF90B06DE185144B108;SizeAsReceived:7375;Count:47 X-Received: from SL2PR03MB4442.apcprd03.prod.outlook.com ([fe80::6887:4d23:2904:f332]) by SL2PR03MB4442.apcprd03.prod.outlook.com ([fe80::6887:4d23:2904:f332%7]) with mapi id 15.20.3195.017; Tue, 14 Jul 2020 02:07:51 +0000 From: Vin Xue To: devel@edk2.groups.io Cc: Vin Xue Subject: [edk2-devel] [PATCH] SignedCapsulePkg: Address NULL pointer dereference case. Date: Tue, 14 Jul 2020 10:07:37 +0800 Message-ID: X-ClientProxiedBy: HK2P15301CA0020.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::30) To SL2PR03MB4442.apcprd03.prod.outlook.com (2603:1096:100:5b::18) X-Microsoft-Original-Message-ID: <20200714020737.1559-1-vinxue@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from SHA-D10WENXIXUE.amd.com (58.247.170.242) by HK2P15301CA0020.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.7 via Frontend Transport; Tue, 14 Jul 2020 02:07:50 +0000 X-Microsoft-Original-Message-ID: <20200714020737.1559-1-vinxue@outlook.com> X-TMN: [l2/WK4qdQTpdPEf6o1kZr/fIr/HHEA6e] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 47 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 52978777-3fbc-4a14-ce95-08d8279ab62a X-MS-Exchange-SLBlob-MailProps: KBSGuA5p8vBIVc4oW2LG/5/HYSjqScReq+K9xPGu7QpXuC+HJSTGQXZNTyHE3MgpTyApwhCR0BYjgfCwMAHVX39EIVWaCgiVSo2VgaGXwawscUhG/3WXzrarwrGS5aDx+2sEKXqBPbYVZTk/2PBwCLEfLIQKXTk1hBqRI9PmuYuHMaYBrs5d5sMnhGBBuHZrgeLnXNkZh4C/r8FLZc2vBumlNaWxw+0IBkCl2u4NwJBx/ykf/p5mSULar7SPi0FvIgajuIbic7xgCRMZnjofDGmvSCG0dM3NpefbwtaPAeAhjXf0lY0oFNbqYHmmfxJDXKOh1dLnbxrp6MX4Mp9C9jJ5r4q2LYngtDl2oC+EO2i67/Tktc4zbUAjSQIy3AFWxJWx+HWmMVteGG5tUKCgFc8SNct+sSuRsqS4DgNjp2UckArNYEr2R7cgOfnELKlTeWbGEwXGf9s2vNIgBDW28z9ML+evkmcaLd7bsQ7FRyKDqpMnyxWxM2b5q3XiWzLkamqsiw4SiKoIuafLQJazVHtgH/vPBwiThebX8Ma4mi+SNiSGIMO4kwBclbARqog0F3rDfTPu6MECbB3MItsWdwn+C+HDWZios2jnlEjL+lkKVAB35kGICbs7Cfh8Bh9LA1wkK16MS30/3Z/XoC1AC2+hnqeuCMD+D0W1+e/levTKGXBs1Sk6R5K/COqCXf1OiSC+x68DcKN6/eMikWuTtH8h9PlDimFgzM2l6Ug8hT6ZqDx0oel6U+Zac+vtMUYwxXLaoy47vjRLussL0yRj5SiNH5AP//dB8Qe31KfbiRI= X-MS-TrafficTypeDiagnostic: HK2APC01HT035: X-Microsoft-Antispam-Message-Info: MRKj4G0CgpzINXATW/uKb7m45P3vBsZy0y8vjIeqOnn3Ks5kucAozP9r2NWmIfWb0vxtPG7pfCvEChSGCw3mtrTOuLC9rcBcw4Vd0frdKI827M1yosBGgQmsriJjbdFRcZ4k03xUlo7tNw59O2QyM2CJ3nnCjaVsJEPEjHxUZZwzRLa79zzdvnSL7v+PdoaIDC0oRULbZI4l8uHhXz9Ilg== X-MS-Exchange-AntiSpam-MessageData: GGA+hw/OKXivUrMKR9lzG6MxkfkkbWeB1AAqRJEAiug0EdyC/iL7y7xB1+fVLH/kL4+QJFRxN2VirNDjsIxUpGCzoxaz2jIi4ixzM/zLT458HcHmdPJhdCSZN+kXg7349W2LJEYjmecbwkJvbv722w== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52978777-3fbc-4a14-ce95-08d8279ab62a X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jul 2020 02:07:51.2927 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT106.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT035 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,vinxue@outlook.com X-Gm-Message-State: jWav1Ym3jTveNHEc6KOCDIPZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1594725679; bh=KI1P7w8LyCHalHpNQnfRhn173n6K/gvlBJxbwrcy5Hg=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=n4Gh1sWfxGkDqCTMGebbWssKFgaql12IPOa7HgyGoI162ySRC1guwoxR4bzJVOVYPuW bPbzj8oapBNcHHGAUcUBnG5vMCoto6ZmrdVzaKbYFUEPfz09Ya7Lu52wwkr79n2b8707Y eoINIubzhgda7kw0MRuQF41i5Z4U3caFd/k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf should not be NULL and the NULL pointer dereference case should be false positive. Signed-off-by: Vin Xue --- .../SystemFirmwareUpdateDxe.c | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmware= UpdateDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwar= eUpdateDxe.c index bdb70bdb32..ea795cd7db 100644 --- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD= xe.c +++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD= xe.c @@ -681,32 +681,35 @@ FindMatchingFmpHandles ( // // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs. // - FmpImageInfoBuf =3D OriginalFmpImageInfoBuf; MatchFound =3D FALSE; - for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) { - for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; Inde= x3++) { - MatchFound =3D CompareGuid ( - &FmpImageInfoBuf->ImageTypeId, - &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTy= peId - ); + if (OriginalFmpImageInfoBuf !=3D NULL) { + FmpImageInfoBuf =3D OriginalFmpImageInfoBuf; + + for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) { + for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; In= dex3++) { + MatchFound =3D CompareGuid ( + &FmpImageInfoBuf->ImageTypeId, + &mSystemFmpPrivate->ImageDescriptor[Index3].ImageT= ypeId + ); + if (MatchFound) { + break; + } + } if (MatchFound) { break; } + // + // Increment the buffer pointer ahead by the size of the descriptor + // + FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)Fm= pImageInfoBuf) + DescriptorSize); } if (MatchFound) { - break; + HandleBuffer[*HandleCount] =3D HandleBuffer[Index]; + (*HandleCount)++; } - // - // Increment the buffer pointer ahead by the size of the descriptor - // - FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpI= mageInfoBuf) + DescriptorSize); - } - if (MatchFound) { - HandleBuffer[*HandleCount] =3D HandleBuffer[Index]; - (*HandleCount)++; - } =20 - FreePool (OriginalFmpImageInfoBuf); + FreePool (OriginalFmpImageInfoBuf); + } } =20 if ((*HandleCount) =3D=3D 0) { --=20 2.27.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62488): https://edk2.groups.io/g/devel/message/62488 Mute This Topic: https://groups.io/mt/75474501/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-