回复: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "gaoliming via groups.io" <gaoliming=byosoft.com.cn@groups.io>
To: "'Michael Kubacki'" <mikuback@linux.microsoft.com>,
	<devel@edk2.groups.io>
Cc: "'Zhichao Gao'" <zhichao.gao@intel.com>,
	"'Michael D Kinney'" <michael.d.kinney@intel.com>
Subject: 回复: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access
Date: Mon, 11 Sep 2023 08:45:14 +0800	[thread overview]
Message-ID: <014801d9e449$3a25c680$ae715380$@byosoft.com.cn> (raw)
In-Reply-To: <450acce3-1f73-902f-f30e-123186ba2adc@linux.microsoft.com>

Michael:
  Thanks for your detail. Will you enable this checker in open CI?

Thanks
Liming
> -----邮件原件-----
> 发件人: Michael Kubacki <mikuback@linux.microsoft.com>
> 发送时间: 2023年9月8日 9:00
> 收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
> 抄送: 'Zhichao Gao' <zhichao.gao@intel.com>; 'Michael D Kinney'
> <michael.d.kinney@intel.com>
> 主题: Re: 回复: [edk2-devel] [PATCH v1 1/1]
> ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access
> 
> Hi Liming,
> 
> I'm running the CodeQL CLI
> (https://docs.github.com/en/code-security/codeql-cli/getting-started-with-th
> e-codeql-cli)
> locally against the code with some new queries.
> 
> The queries in the codeql/cpp-queries pack listed here are relatively
> easy to experiment with https://codeql.github.com/codeql-query-help/cpp/.
> 
> The particular query related to this patch was
> https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-rang
> e-check/.
> 
> Thanks,
> Michael
> 
> On 9/7/2023 8:40 PM, gaoliming wrote:
> > Michael:
> >   How do you detect those issues? Do you use the tool or do code review?
> >
> >   For this change,  Reviewed-by: Liming Gao
> <gaoliming@byosoft.com.cn>
> >
> >> -----邮件原件-----
> >> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
> >> Kubacki
> >> 发送时间: 2023年9月7日 1:41
> >> 收件人: devel@edk2.groups.io
> >> 抄送: Zhichao Gao <zhichao.gao@intel.com>; Michael D Kinney
> >> <michael.d.kinney@intel.com>
> >> 主题: [edk2-devel] [PATCH v1 1/1]
> ShellPkg/UefiShellNetwork2CommandsLib:
> >> Check array index before access
> >>
> >> From: Michael Kubacki <michael.kubacki@microsoft.com>
> >>
> >> Moves the range check for the index into the array before attempting
> >> any accesses using the array index.
> >>
> >> Cc: Zhichao Gao <zhichao.gao@intel.com>
> >> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> >> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> >> ---
> >>   ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> index 7c80bba46581..5cb92c485b47 100644
> >> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> >>
> >>         ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> >> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> >>
> >> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
> >> (Index < PREFIXMAXLEN)) {
> >> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
> >> (Ip->Addr[Index + 1] == 0)) {
> >>           Index = Index + 2;
> >>           if (Index > PREFIXMAXLEN - 2) {
> >>             break;
> >> --
> >> 2.42.0.windows.2
> >>
> >>
> >>
> >> -=-=-=-=-=-=
> >> Groups.io Links: You receive all messages sent to this group.
> >> View/Reply Online (#108336):
> >> https://edk2.groups.io/g/devel/message/108336
> >> Mute This Topic: https://groups.io/mt/101198333/4905953
> >> Group Owner: devel+owner@edk2.groups.io
> >> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> >> [gaoliming@byosoft.com.cn]
> >> -=-=-=-=-=-=
> >>
> >
> >




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108469): https://edk2.groups.io/g/devel/message/108469
Mute This Topic: https://groups.io/mt/101283997/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

     prev parent reply	other threads:[~2023-09-11  0:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-06 17:40 [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access Michael Kubacki
2023-09-07  2:48 ` Gao, Zhichao
2023-09-07 22:01 ` Michael D Kinney
2023-09-08  0:40 ` 回复: " gaoliming via groups.io
2023-09-08  1:00   ` Michael Kubacki
2023-09-11  0:45     ` gaoliming via groups.io [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='014801d9e449$3a25c680$ae715380$@byosoft.com.cn' \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox