* [PATCH v1 0/3] Fix possible uninitialized uses
@ 2021-05-18 16:09 Sergei Dmitrouk
2021-05-18 16:09 ` [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use Sergei Dmitrouk
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Sergei Dmitrouk @ 2021-05-18 16:09 UTC (permalink / raw)
To: devel
v1:
Compiling for IA32 target with gcc-5.5.0 emits "maybe-uninitialized" warnings.
Compilation command: build -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -t GCC49
Unlike other cases mentioned in
https://bugzilla.tianocore.org/show_bug.cgi?id=3228
these seem to be actual issues in the code. Read patches for specifics.
v2:
Second patch was simplified.
Sergei Dmitrouk (3):
ShellPkg/HttpDynamicCommand: Fix possible uninitialized use
MdeModulePkg/PciBusDxe: Fix possible uninitialized use
CryptoPkg/BaseCryptLib: Fix possible uninitialized use
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 1 +
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 1 +
MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 5 ++---
ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c | 1 +
4 files changed, 5 insertions(+), 3 deletions(-)
--
2.17.6
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use 2021-05-18 16:09 [PATCH v1 0/3] Fix possible uninitialized uses Sergei Dmitrouk @ 2021-05-18 16:09 ` Sergei Dmitrouk 2021-05-19 1:13 ` 回复: [edk2-devel] " gaoliming 2021-05-18 16:09 ` [PATCH v2 2/3] MdeModulePkg/PciBusDxe: " Sergei Dmitrouk 2021-05-18 16:09 ` [PATCH v2 3/3] CryptoPkg/BaseCryptLib: " Sergei Dmitrouk 2 siblings, 1 reply; 7+ messages in thread From: Sergei Dmitrouk @ 2021-05-18 16:09 UTC (permalink / raw) To: devel; +Cc: Ray Ni, Zhichao Gao `Status` can be used uninitialized: /* Evaluates to FALSE */ if (ShellGetExecutionBreakFlag ()) { Status = EFI_ABORTED; break; } /* Evaluates to FALSE */ if (!Context->ContentDownloaded && !Context->ResponseToken.Event) { Status = ...; ASSERT_EFI_ERROR (Status); } else { ResponseMessage.Data.Response = NULL; } /* UNINITIALIZED USE */ if (EFI_ERROR (Status)) { break; } Cc: Ray Ni <ray.ni@intel.com> Cc: Zhichao Gao <zhichao.gao@intel.com> Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> --- ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c index 3735a4a7e645..7b9b2d238015 100644 --- a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c +++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c @@ -1524,6 +1524,7 @@ GetResponse ( Context->ResponseToken.Message = &ResponseMessage; Context->ContentLength = 0; Context->Status = REQ_OK; + Status = EFI_SUCCESS; MsgParser = NULL; ResponseData.StatusCode = HTTP_STATUS_UNSUPPORTED_STATUS; ResponseMessage.Data.Response = &ResponseData; -- 2.17.6 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* 回复: [edk2-devel] [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use 2021-05-18 16:09 ` [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use Sergei Dmitrouk @ 2021-05-19 1:13 ` gaoliming 2021-05-19 2:21 ` Gao, Zhichao 0 siblings, 1 reply; 7+ messages in thread From: gaoliming @ 2021-05-19 1:13 UTC (permalink / raw) To: devel, sergei; +Cc: 'Ray Ni', 'Zhichao Gao' Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> This fix is clear. Thanks Liming > -----邮件原件----- > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sergei > Dmitrouk > 发送时间: 2021年5月19日 0:10 > 收件人: devel@edk2.groups.io > 抄送: Ray Ni <ray.ni@intel.com>; Zhichao Gao <zhichao.gao@intel.com> > 主题: [edk2-devel] [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix > possible uninitialized use > > `Status` can be used uninitialized: > > /* Evaluates to FALSE */ > if (ShellGetExecutionBreakFlag ()) { > Status = EFI_ABORTED; > break; > } > > /* Evaluates to FALSE */ > if (!Context->ContentDownloaded && !Context->ResponseToken.Event) { > Status = ...; > ASSERT_EFI_ERROR (Status); > } else { > ResponseMessage.Data.Response = NULL; > } > > /* UNINITIALIZED USE */ > if (EFI_ERROR (Status)) { > break; > } > > Cc: Ray Ni <ray.ni@intel.com> > Cc: Zhichao Gao <zhichao.gao@intel.com> > Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> > --- > ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > index 3735a4a7e645..7b9b2d238015 100644 > --- a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > +++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > @@ -1524,6 +1524,7 @@ GetResponse ( > Context->ResponseToken.Message = &ResponseMessage; > Context->ContentLength = 0; > Context->Status = REQ_OK; > + Status = EFI_SUCCESS; > MsgParser = NULL; > ResponseData.StatusCode = HTTP_STATUS_UNSUPPORTED_STATUS; > ResponseMessage.Data.Response = &ResponseData; > -- > 2.17.6 > > > > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use 2021-05-19 1:13 ` 回复: [edk2-devel] " gaoliming @ 2021-05-19 2:21 ` Gao, Zhichao 0 siblings, 0 replies; 7+ messages in thread From: Gao, Zhichao @ 2021-05-19 2:21 UTC (permalink / raw) To: devel@edk2.groups.io, gaoliming@byosoft.com.cn, sergei@posteo.net; +Cc: Ni, Ray Reviewed-by: Zhichao Gao <zhichao.gao@intel.com> Thanks, Zhichao > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > gaoliming > Sent: Wednesday, May 19, 2021 9:13 AM > To: devel@edk2.groups.io; sergei@posteo.net > Cc: Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com> > Subject: 回复: [edk2-devel] [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: > Fix possible uninitialized use > > Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> > > This fix is clear. > > Thanks > Liming > > -----邮件原件----- > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sergei > Dmitrouk > > 发送时间: 2021年5月19日 0:10 > > 收件人: devel@edk2.groups.io > > 抄送: Ray Ni <ray.ni@intel.com>; Zhichao Gao <zhichao.gao@intel.com> > > 主题: [edk2-devel] [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix > > possible uninitialized use > > > > `Status` can be used uninitialized: > > > > /* Evaluates to FALSE */ > > if (ShellGetExecutionBreakFlag ()) { > > Status = EFI_ABORTED; > > break; > > } > > > > /* Evaluates to FALSE */ > > if (!Context->ContentDownloaded && !Context->ResponseToken.Event) > { > > Status = ...; > > ASSERT_EFI_ERROR (Status); > > } else { > > ResponseMessage.Data.Response = NULL; > > } > > > > /* UNINITIALIZED USE */ > > if (EFI_ERROR (Status)) { > > break; > > } > > > > Cc: Ray Ni <ray.ni@intel.com> > > Cc: Zhichao Gao <zhichao.gao@intel.com> > > Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> > > --- > > ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > > b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > > index 3735a4a7e645..7b9b2d238015 100644 > > --- a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > > +++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c > > @@ -1524,6 +1524,7 @@ GetResponse ( > > Context->ResponseToken.Message = &ResponseMessage; > > Context->ContentLength = 0; > > Context->Status = REQ_OK; > > + Status = EFI_SUCCESS; > > MsgParser = NULL; > > ResponseData.StatusCode = HTTP_STATUS_UNSUPPORTED_STATUS; > > ResponseMessage.Data.Response = &ResponseData; > > -- > > 2.17.6 > > > > > > > > > > > > > > > > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 2/3] MdeModulePkg/PciBusDxe: Fix possible uninitialized use 2021-05-18 16:09 [PATCH v1 0/3] Fix possible uninitialized uses Sergei Dmitrouk 2021-05-18 16:09 ` [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use Sergei Dmitrouk @ 2021-05-18 16:09 ` Sergei Dmitrouk 2021-05-19 1:08 ` Wu, Hao A 2021-05-18 16:09 ` [PATCH v2 3/3] CryptoPkg/BaseCryptLib: " Sergei Dmitrouk 2 siblings, 1 reply; 7+ messages in thread From: Sergei Dmitrouk @ 2021-05-18 16:09 UTC (permalink / raw) To: devel; +Cc: Jian J Wang, Hao A Wu, Ray Ni If the function gets invalid value for the `ResizableBarOp` parameter and asserts are disabled, `Bit` can be used uninitialized. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> --- Notes: v2: - simplify if-statement to avoid unused branches MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c index 6bba28367165..4caac56f1dcd 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c @@ -1778,10 +1778,9 @@ PciProgramResizableBar ( if (ResizableBarOp == PciResizableBarMax) { Bit = HighBitSet64(Capabilities); - } else if (ResizableBarOp == PciResizableBarMin) { + } else { + ASSERT (ResizableBarOp == PciResizableBarMin); Bit = LowBitSet64(Capabilities); - } else { - ASSERT ((ResizableBarOp == PciResizableBarMax) || (ResizableBarOp == PciResizableBarMin)); } ASSERT (Bit >= 0); -- 2.17.6 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2 2/3] MdeModulePkg/PciBusDxe: Fix possible uninitialized use 2021-05-18 16:09 ` [PATCH v2 2/3] MdeModulePkg/PciBusDxe: " Sergei Dmitrouk @ 2021-05-19 1:08 ` Wu, Hao A 0 siblings, 0 replies; 7+ messages in thread From: Wu, Hao A @ 2021-05-19 1:08 UTC (permalink / raw) To: Sergei Dmitrouk, Ni, Ray, devel@edk2.groups.io; +Cc: Wang, Jian J > -----Original Message----- > From: Sergei Dmitrouk <sergei@posteo.net> > Sent: Wednesday, May 19, 2021 12:10 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; > Ni, Ray <ray.ni@intel.com> > Subject: [PATCH v2 2/3] MdeModulePkg/PciBusDxe: Fix possible uninitialized > use > > If the function gets invalid value for the `ResizableBarOp` parameter and > asserts are disabled, `Bit` can be used uninitialized. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> > --- > > Notes: > v2: > - simplify if-statement to avoid unused branches > > MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c > b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c > index 6bba28367165..4caac56f1dcd 100644 > --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c > +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c > @@ -1778,10 +1778,9 @@ PciProgramResizableBar ( > > if (ResizableBarOp == PciResizableBarMax) { > Bit = HighBitSet64(Capabilities); > - } else if (ResizableBarOp == PciResizableBarMin) { > + } else { > + ASSERT (ResizableBarOp == PciResizableBarMin); > Bit = LowBitSet64(Capabilities); > - } else { > - ASSERT ((ResizableBarOp == PciResizableBarMax) || (ResizableBarOp == > PciResizableBarMin)); Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Best Regards, Hao Wu > } > > ASSERT (Bit >= 0); > -- > 2.17.6 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 3/3] CryptoPkg/BaseCryptLib: Fix possible uninitialized use 2021-05-18 16:09 [PATCH v1 0/3] Fix possible uninitialized uses Sergei Dmitrouk 2021-05-18 16:09 ` [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use Sergei Dmitrouk 2021-05-18 16:09 ` [PATCH v2 2/3] MdeModulePkg/PciBusDxe: " Sergei Dmitrouk @ 2021-05-18 16:09 ` Sergei Dmitrouk 2 siblings, 0 replies; 7+ messages in thread From: Sergei Dmitrouk @ 2021-05-18 16:09 UTC (permalink / raw) To: devel; +Cc: Jiewen Yao, Jian J Wang, Xiaoyu Lu, Guomin Jiang `Result` can be used uninitialized in both functions after following either first or second `goto` statement. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sergei Dmitrouk <sergei@posteo.net> --- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 1 + CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 1 + 2 files changed, 2 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c index 4009d37d5f91..0b2960f06c4c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c @@ -82,6 +82,7 @@ RsaPssVerify ( EVP_PKEY_CTX *KeyCtx; CONST EVP_MD *HashAlg; + Result = FALSE; EvpRsaKey = NULL; EvpVerifyCtx = NULL; KeyCtx = NULL; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c index b66b6f7296ad..ece765f9ae0a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c @@ -97,6 +97,7 @@ RsaPssSign ( EVP_PKEY_CTX *KeyCtx; CONST EVP_MD *HashAlg; + Result = FALSE; EvpRsaKey = NULL; EvpVerifyCtx = NULL; KeyCtx = NULL; -- 2.17.6 ^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-05-19 2:21 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-05-18 16:09 [PATCH v1 0/3] Fix possible uninitialized uses Sergei Dmitrouk 2021-05-18 16:09 ` [PATCH v2 1/3] ShellPkg/HttpDynamicCommand: Fix possible uninitialized use Sergei Dmitrouk 2021-05-19 1:13 ` 回复: [edk2-devel] " gaoliming 2021-05-19 2:21 ` Gao, Zhichao 2021-05-18 16:09 ` [PATCH v2 2/3] MdeModulePkg/PciBusDxe: " Sergei Dmitrouk 2021-05-19 1:08 ` Wu, Hao A 2021-05-18 16:09 ` [PATCH v2 3/3] CryptoPkg/BaseCryptLib: " Sergei Dmitrouk
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox