From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BE49D940D24 for ; Mon, 11 Sep 2023 00:45:25 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=fUqgXmFoR/wrVAjYPa5v/M6aTgXbPJHLTM92IAdgqdY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1694393124; v=1; b=lbXNK+uyeoqaeFcrPgWJYby+ZLBDagXc90uevuxJhQGk1tnJYx5h7pPcWGRbuGkmUbE3DoIr EiXEjGPIRS/CPwYrsN3Hz0GMxDLcaETy6XRgxsiuumORzyn2CaN1jPRD/erUMV69ho8ahLc148d Iuoe6sMt82BS8sya7Cpz2hng= X-Received: by 127.0.0.2 with SMTP id BseYYY7687511xdktC0Tz8wn; Sun, 10 Sep 2023 17:45:24 -0700 X-Received: from zrleap.intel-email.com (zrleap.intel-email.com [114.80.218.36]) by mx.groups.io with SMTP id smtpd.web10.48555.1694393123367070201 for ; Sun, 10 Sep 2023 17:45:23 -0700 X-Received: from zrleap.intel-email.com (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 7605CA32E053 for ; Mon, 11 Sep 2023 08:45:19 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 635FCA32E02E for ; Mon, 11 Sep 2023 08:45:19 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by zrleap.intel-email.com (Postfix) with SMTP id B1422A32E015 for ; Mon, 11 Sep 2023 08:45:14 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Mon, 11 Sep 2023 08:45:12 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: "'Michael Kubacki'" , Cc: "'Zhichao Gao'" , "'Michael D Kinney'" References: <20230906174033.1878-1-mikuback@linux.microsoft.com> <006d01d9e1ed$1f1997d0$5d4cc770$@byosoft.com.cn> <450acce3-1f73-902f-f30e-123186ba2adc@linux.microsoft.com> In-Reply-To: <450acce3-1f73-902f-f30e-123186ba2adc@linux.microsoft.com> Subject: =?UTF-8?B?5Zue5aSNOiDlm57lpI06IFtlZGsyLWRldmVsXSBbUEFUQ0ggdjEgMS8xXSBTaGVsbFBrZy9VZWZpU2hlbGxOZXR3b3JrMkNvbW1hbmRzTGliOiBDaGVjayBhcnJheSBpbmRleCBiZWZvcmUgYWNjZXNz?= Date: Mon, 11 Sep 2023 08:45:14 +0800 Message-ID: <014801d9e449$3a25c680$ae715380$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQFjsdtpfyAVEnd7fo1WORMbhhXxSgK8LEkrAXpk/zew33oMsA== Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: rlGdp563O4FipTxQ4mgXPRXtx7686176AA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=lbXNK+uy; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Michael: Thanks for your detail. Will you enable this checker in open CI? Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: Michael Kubacki > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2023=E5=B9=B49=E6=9C=888=E6=97=A5 9= :00 > =E6=94=B6=E4=BB=B6=E4=BA=BA: gaoliming ; devel@= edk2.groups.io > =E6=8A=84=E9=80=81: 'Zhichao Gao' ; 'Michael D Kin= ney' > > =E4=B8=BB=E9=A2=98: Re: =E5=9B=9E=E5=A4=8D: [edk2-devel] [PATCH v1 1/1] > ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access >=20 > Hi Liming, >=20 > I'm running the CodeQL CLI > (https://docs.github.com/en/code-security/codeql-cli/getting-started-with= -th > e-codeql-cli) > locally against the code with some new queries. >=20 > The queries in the codeql/cpp-queries pack listed here are relatively > easy to experiment with https://codeql.github.com/codeql-query-help/cpp/. >=20 > The particular query related to this patch was > https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-ran= g > e-check/. >=20 > Thanks, > Michael >=20 > On 9/7/2023 8:40 PM, gaoliming wrote: > > Michael: > > How do you detect those issues? Do you use the tool or do code review= ? > > > > For this change, Reviewed-by: Liming Gao > > > > >> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > >> =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io =E4=BB=A3=E8=A1=A8 Michael > >> Kubacki > >> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2023=E5=B9=B49=E6=9C=887=E6=97= =A5 1:41 > >> =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io > >> =E6=8A=84=E9=80=81: Zhichao Gao ; Michael D Kin= ney > >> > >> =E4=B8=BB=E9=A2=98: [edk2-devel] [PATCH v1 1/1] > ShellPkg/UefiShellNetwork2CommandsLib: > >> Check array index before access > >> > >> From: Michael Kubacki > >> > >> Moves the range check for the index into the array before attempting > >> any accesses using the array index. > >> > >> Cc: Zhichao Gao > >> Cc: Michael D Kinney > >> Signed-off-by: Michael Kubacki > >> --- > >> ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c > >> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c > >> index 7c80bba46581..5cb92c485b47 100644 > >> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c > >> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c > >> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr ( > >> > >> ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN > >> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle); > >> > >> - while ((Ip->Addr[Index] =3D=3D 0) && (Ip->Addr[Index + 1] =3D= =3D 0) && > >> (Index < PREFIXMAXLEN)) { > >> + while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] =3D=3D 0) && > >> (Ip->Addr[Index + 1] =3D=3D 0)) { > >> Index =3D Index + 2; > >> if (Index > PREFIXMAXLEN - 2) { > >> break; > >> -- > >> 2.42.0.windows.2 > >> > >> > >> > >> -=3D-=3D-=3D-=3D-=3D-=3D > >> Groups.io Links: You receive all messages sent to this group. > >> View/Reply Online (#108336): > >> https://edk2.groups.io/g/devel/message/108336 > >> Mute This Topic: https://groups.io/mt/101198333/4905953 > >> Group Owner: devel+owner@edk2.groups.io > >> Unsubscribe: https://edk2.groups.io/g/devel/unsub > >> [gaoliming@byosoft.com.cn] > >> -=3D-=3D-=3D-=3D-=3D-=3D > >> > > > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108469): https://edk2.groups.io/g/devel/message/108469 Mute This Topic: https://groups.io/mt/101283997/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-