From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id DA89181D6D
 for <edk2-devel@lists.01.org>; Thu,  3 Nov 2016 00:23:24 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by orsmga102.jf.intel.com with ESMTP; 03 Nov 2016 00:23:26 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,585,1473145200"; d="scan'208";a="897185078"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.34])
 by orsmga003.jf.intel.com with ESMTP; 03 Nov 2016 00:23:25 -0700
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
 Yonghong Zhu <yonghong.zhu@intel.com>, Eric Dong <eric.dong@intel.com>,
 Dandan Bi <dandan.bi@intel.com>
Date: Thu,  3 Nov 2016 15:22:20 +0800
Message-Id: <1478157783-9368-11-git-send-email-hao.a.wu@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.0
In-Reply-To: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com>
References: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com>
Subject: [PATCH v2 10/53] BaseTools/VfrCompile: Avoid possible NULL pointer dereference
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 07:23:24 -0000

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp    | 16 +++++++++++++++-
 BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp |  2 +-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
index 0b7b8b1..aa27ce0 100644
--- a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 
 #include "stdio.h"
+#include "assert.h"
 #include "VfrFormPkg.h"
 
 /*
@@ -669,6 +670,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
 
   InserPositionNode  = GetBinBufferNodeForAddr(InserPositionAddr);
   InsertOpcodeNode = GetBinBufferNodeForAddr(InsertOpcodeAddr);
+  assert (InserPositionNode != NULL);
+  assert (InsertOpcodeNode  != NULL);
 
   if (InserPositionNode == InsertOpcodeNode) {
     //
@@ -741,6 +744,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
       // Insert the last restore data node.
       //
       TmpNode = GetNodeBefore (InsertOpcodeNode);
+      assert (TmpNode != NULL);
+
       if (TmpNode == InserPositionNode) {
         NewRestoreNodeBegin->mNext = NewRestoreNodeEnd;
       } else {
@@ -790,6 +795,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
       mBufferNodeQueueTail = NewLastEndNode;
     } else if (mBufferNodeQueueTail->mBufferFree - mBufferNodeQueueTail->mBufferStart == 2) {
       TmpNode = GetNodeBefore(mBufferNodeQueueTail);
+      assert (TmpNode != NULL);
+
       TmpNode->mNext = NewRestoreNodeBegin;
       if (NewRestoreNodeEnd != NULL) {
         NewRestoreNodeEnd->mNext = mBufferNodeQueueTail;
@@ -1314,7 +1321,7 @@ CIfrRecordInfoDB::IfrAdjustDynamicOpcodeInRecords (
   //
   // Check the nodes whether exist.
   //
-  if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL) {
+  if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL || pNodeBeforeAdjust == NULL) {
     return FALSE;
   }
 
@@ -1854,6 +1861,10 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
       pSNode = pSNode->mNext;
       OpcodeCount++;
     }
+
+    assert (pSNode);
+    assert (pENode);
+
     //
     // Record the offset of node which need to be adjust, will move the new created default opcode to this offset.
     //
@@ -1875,6 +1886,7 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
         while (pSNode != NULL && pSNode->mNext != NULL && OpcodeNumber-- != 0) {
           pOpHead = (EFI_IFR_OP_HEADER *) pSNode->mIfrBinBuf;
           Obj = new CIfrObj (pOpHead->OpCode, NULL, pSNode->mBinBufLen, FALSE);
+          assert (Obj != NULL);
           Obj->SetLineNo (pSNode->mLineNo);
           ObjBinBuf = Obj->GetObjBinAddr();
           memcpy (ObjBinBuf, pSNode->mIfrBinBuf, (UINTN)pSNode->mBinBufLen);
@@ -2378,6 +2390,8 @@ CIfrObj::CIfrObj (
   mObjBinBuf   = ((DelayEmit == FALSE) && (gCreateOp == TRUE)) ? gCFormPkg.IfrBinBufferGet (mObjBinLen) : new CHAR8[EFI_IFR_MAX_LENGTH];
   mRecordIdx   = (gCreateOp == TRUE) ? gCIfrRecordInfoDB.IfrRecordRegister (0xFFFFFFFF, mObjBinBuf, mObjBinLen, mPkgOffset) : EFI_IFR_RECORDINFO_IDX_INVALUD;
 
+  assert (mObjBinBuf != NULL);
+
   if (IfrObj != NULL) {
     *IfrObj    = mObjBinBuf;
   }
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index b3d1ac5..d2cb5cc 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -665,7 +665,7 @@ CVfrVarDataTypeDB::GetTypeField (
 {
   SVfrDataField  *pField = NULL;
 
-  if ((FName == NULL) && (Type == NULL)) {
+  if ((FName == NULL) || (Type == NULL)) {
     return VFR_RETURN_FATAL_ERROR;
   }
 
-- 
1.9.5.msysgit.0