From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
Yonghong Zhu <yonghong.zhu@intel.com>,
Eric Dong <eric.dong@intel.com>, Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH 10/52] BaseTools/VfrCompile: Avoid possible NULL pointer dereference
Date: Wed, 12 Oct 2016 20:19:54 +0800 [thread overview]
Message-ID: <1476274836-10544-11-git-send-email-hao.a.wu@intel.com> (raw)
In-Reply-To: <1476274836-10544-1-git-send-email-hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp | 16 +++++++++++++++-
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 2 +-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
index 0b7b8b1..aa27ce0 100644
--- a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "stdio.h"
+#include "assert.h"
#include "VfrFormPkg.h"
/*
@@ -669,6 +670,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
InserPositionNode = GetBinBufferNodeForAddr(InserPositionAddr);
InsertOpcodeNode = GetBinBufferNodeForAddr(InsertOpcodeAddr);
+ assert (InserPositionNode != NULL);
+ assert (InsertOpcodeNode != NULL);
if (InserPositionNode == InsertOpcodeNode) {
//
@@ -741,6 +744,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
// Insert the last restore data node.
//
TmpNode = GetNodeBefore (InsertOpcodeNode);
+ assert (TmpNode != NULL);
+
if (TmpNode == InserPositionNode) {
NewRestoreNodeBegin->mNext = NewRestoreNodeEnd;
} else {
@@ -790,6 +795,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
mBufferNodeQueueTail = NewLastEndNode;
} else if (mBufferNodeQueueTail->mBufferFree - mBufferNodeQueueTail->mBufferStart == 2) {
TmpNode = GetNodeBefore(mBufferNodeQueueTail);
+ assert (TmpNode != NULL);
+
TmpNode->mNext = NewRestoreNodeBegin;
if (NewRestoreNodeEnd != NULL) {
NewRestoreNodeEnd->mNext = mBufferNodeQueueTail;
@@ -1314,7 +1321,7 @@ CIfrRecordInfoDB::IfrAdjustDynamicOpcodeInRecords (
//
// Check the nodes whether exist.
//
- if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL) {
+ if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL || pNodeBeforeAdjust == NULL) {
return FALSE;
}
@@ -1854,6 +1861,10 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
pSNode = pSNode->mNext;
OpcodeCount++;
}
+
+ assert (pSNode);
+ assert (pENode);
+
//
// Record the offset of node which need to be adjust, will move the new created default opcode to this offset.
//
@@ -1875,6 +1886,7 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
while (pSNode != NULL && pSNode->mNext != NULL && OpcodeNumber-- != 0) {
pOpHead = (EFI_IFR_OP_HEADER *) pSNode->mIfrBinBuf;
Obj = new CIfrObj (pOpHead->OpCode, NULL, pSNode->mBinBufLen, FALSE);
+ assert (Obj != NULL);
Obj->SetLineNo (pSNode->mLineNo);
ObjBinBuf = Obj->GetObjBinAddr();
memcpy (ObjBinBuf, pSNode->mIfrBinBuf, (UINTN)pSNode->mBinBufLen);
@@ -2378,6 +2390,8 @@ CIfrObj::CIfrObj (
mObjBinBuf = ((DelayEmit == FALSE) && (gCreateOp == TRUE)) ? gCFormPkg.IfrBinBufferGet (mObjBinLen) : new CHAR8[EFI_IFR_MAX_LENGTH];
mRecordIdx = (gCreateOp == TRUE) ? gCIfrRecordInfoDB.IfrRecordRegister (0xFFFFFFFF, mObjBinBuf, mObjBinLen, mPkgOffset) : EFI_IFR_RECORDINFO_IDX_INVALUD;
+ assert (mObjBinBuf != NULL);
+
if (IfrObj != NULL) {
*IfrObj = mObjBinBuf;
}
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index b3d1ac5..d2cb5cc 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -665,7 +665,7 @@ CVfrVarDataTypeDB::GetTypeField (
{
SVfrDataField *pField = NULL;
- if ((FName == NULL) && (Type == NULL)) {
+ if ((FName == NULL) || (Type == NULL)) {
return VFR_RETURN_FATAL_ERROR;
}
--
1.9.5.msysgit.0
next prev parent reply other threads:[~2016-10-12 12:21 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-12 12:19 [PATCH 00/52] Resolve issues for C source codes in BaseTools Hao Wu
2016-10-12 12:19 ` [PATCH 01/52] BaseTools/C/Common: Avoid possible NULL pointer dereference Hao Wu
2016-10-12 12:19 ` [PATCH 02/52] BaseTools/EfiRom: " Hao Wu
2016-10-12 12:19 ` [PATCH 03/52] BaseTools/GenFfs: " Hao Wu
2016-10-12 12:19 ` [PATCH 04/52] BaseTools/GenFv: " Hao Wu
2016-10-12 12:19 ` [PATCH 05/52] BaseTools/GenFw: " Hao Wu
2016-10-12 12:19 ` [PATCH 06/52] BaseTools/GenPage: " Hao Wu
2016-10-12 12:19 ` [PATCH 07/52] BaseTools/GenSec: " Hao Wu
2016-10-12 12:19 ` [PATCH 08/52] BaseTools/GenVtf: " Hao Wu
2016-10-12 12:19 ` [PATCH 09/52] BaseTools/TianoCompress: " Hao Wu
2016-10-12 12:19 ` Hao Wu [this message]
2016-10-12 12:19 ` [PATCH 11/52] BaseTools/VolInfo: " Hao Wu
2016-10-12 12:19 ` [PATCH 12/52] BaseTools/TianoCompress: Initialize local variables before being used Hao Wu
2016-10-12 12:19 ` [PATCH 13/52] BaseTools/VfrCompile: " Hao Wu
2016-10-12 12:19 ` [PATCH 14/52] BaseTools/GenBootSector: Fix parameter format mismatch in printf functions Hao Wu
2016-10-12 12:19 ` [PATCH 15/52] BaseTools/VolInfo: " Hao Wu
2016-10-12 12:20 ` [PATCH 16/52] BaseTools/C/Common: Fix parameter format mismatch in scanf functions Hao Wu
2016-10-12 12:20 ` [PATCH 17/52] BaseTools/GenFv: " Hao Wu
2016-10-12 12:20 ` [PATCH 18/52] BaseTools/GenFw: " Hao Wu
2016-10-12 12:20 ` [PATCH 19/52] BaseTools/GenVtf: " Hao Wu
2016-10-12 12:20 ` [PATCH 20/52] BaseTools/C/Common: Fix potential access over array bounds Hao Wu
2016-10-12 12:20 ` [PATCH 21/52] BaseTools/EfiRom: " Hao Wu
2016-10-12 12:20 ` [PATCH 22/52] BaseTools/GenFv: " Hao Wu
2016-10-12 12:20 ` [PATCH 23/52] BaseTools/TianoCompress: " Hao Wu
2016-10-12 12:20 ` [PATCH 24/52] BaseTools/VfrCompile: " Hao Wu
2016-10-12 12:20 ` [PATCH 25/52] BaseTools/VfrCompile: Avoid freeing memory with mismatched functions Hao Wu
2016-10-12 12:20 ` [PATCH 26/52] BaseTools/VfrCompile: Add assignment operator definition for some classes Hao Wu
2016-10-12 12:20 ` [PATCH 27/52] BaseTools/VfrCompile: Avoid freeing freed memory in classes Hao Wu
2016-10-12 12:20 ` [PATCH 28/52] BaseTools/VfrCompile: Remove unused local variables Hao Wu
2016-10-12 12:20 ` [PATCH 29/52] BaseTools/C/Common: Fix potential memory leak Hao Wu
2016-10-12 12:20 ` [PATCH 30/52] BaseTools/EfiRom: " Hao Wu
2016-10-12 12:20 ` [PATCH 31/52] BaseTools/GenFv: " Hao Wu
2016-10-12 12:20 ` [PATCH 32/52] BaseTools/GenPage: " Hao Wu
2016-10-12 12:20 ` [PATCH 33/52] BaseTools/GenSec: " Hao Wu
2016-10-12 12:20 ` [PATCH 34/52] BaseTools/GenVtf: " Hao Wu
2016-10-12 12:20 ` [PATCH 35/52] BaseTools/Split: Fix potential memory and resource leak Hao Wu
2016-10-12 12:20 ` [PATCH 36/52] BaseTools/TianoCompress: Fix potential memory leak Hao Wu
2016-10-12 12:20 ` [PATCH 37/52] BaseTools/VfrCompile: " Hao Wu
2016-10-12 12:20 ` [PATCH 38/52] BaseTools/VolInfo: " Hao Wu
2016-10-12 12:20 ` [PATCH 39/52] BaseTools/EfiRom: Fix file handles not being closed Hao Wu
2016-10-12 12:20 ` [PATCH 40/52] BaseTools/GenBootSector: " Hao Wu
2016-10-12 12:20 ` [PATCH 41/52] BaseTools/GenCrc32: " Hao Wu
2016-10-12 12:20 ` [PATCH 42/52] BaseTools/GenFv: " Hao Wu
2016-10-12 12:20 ` [PATCH 43/52] BaseTools/GenVtf: " Hao Wu
2016-10-12 12:20 ` [PATCH 44/52] BaseTools/LzmaCompress: " Hao Wu
2016-10-12 12:20 ` [PATCH 45/52] BaseTools/TianoCompress: " Hao Wu
2016-10-12 12:20 ` [PATCH 46/52] BaseTools/VolInfo: " Hao Wu
2016-10-12 12:20 ` [PATCH 47/52] BaseTools/GenVtf: Fix potential buffer overflow in scanf functions Hao Wu
2016-10-12 12:20 ` [PATCH 48/52] BaseTools/VolInfo: " Hao Wu
2016-10-12 12:20 ` [PATCH 49/52] BaseTools/VfrCompile: Explicitly state format string for DebugMsg() Hao Wu
2016-10-12 12:20 ` [PATCH 50/52] BaseTools/VolInfo: Use hard-coded format string for calls to sprintf() Hao Wu
2016-10-12 12:20 ` [PATCH 51/52] BaseTools/VfrCompile/Pccts: Add virtual destructor for class DLGInputStream Hao Wu
2016-10-12 12:20 ` [PATCH 52/52] BaseTools/VfrCompile/Pccts: Make assignment operator not returning void Hao Wu
2016-10-18 1:12 ` Dong, Eric
2016-10-17 7:45 ` [PATCH 00/52] Resolve issues for C source codes in BaseTools Gao, Liming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476274836-10544-11-git-send-email-hao.a.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox