From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
Yonghong Zhu <yonghong.zhu@intel.com>
Subject: [PATCH v2 01/53] BaseTools/C/Common: Avoid possible NULL pointer dereference
Date: Thu, 3 Nov 2016 15:22:11 +0800 [thread overview]
Message-ID: <1478157783-9368-2-git-send-email-hao.a.wu@intel.com> (raw)
In-Reply-To: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/Common/BasePeCoff.c | 12 +++++
BaseTools/Source/C/Common/EfiUtilityMsgs.c | 20 ++++----
BaseTools/Source/C/Common/FirmwareVolumeBuffer.c | 5 +-
BaseTools/Source/C/Common/MyAlloc.c | 55 ++++++++++++++++++++--
.../Source/C/Common/ParseGuidedSectionTools.c | 15 +++---
BaseTools/Source/C/Common/TianoCompress.c | 9 +++-
6 files changed, 93 insertions(+), 23 deletions(-)
diff --git a/BaseTools/Source/C/Common/BasePeCoff.c b/BaseTools/Source/C/Common/BasePeCoff.c
index d0cc1af..9adbdfa 100644
--- a/BaseTools/Source/C/Common/BasePeCoff.c
+++ b/BaseTools/Source/C/Common/BasePeCoff.c
@@ -650,6 +650,10 @@ Returns:
ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1
);
+ if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
//
// Set base and end to bypass processing below.
@@ -674,6 +678,10 @@ Returns:
ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1
);
+ if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
//
// Set base and end to bypass processing below.
@@ -710,6 +718,10 @@ Returns:
RelocEnd = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);
if (!(ImageContext->IsTeImage)) {
FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress);
+ if (FixupBase == NULL) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
FixupBase = (CHAR8 *)(UINTN)(ImageContext->ImageAddress +
RelocBase->VirtualAddress +
diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
index 438f338..7b4c231 100644
--- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c
+++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
@@ -1,7 +1,7 @@
/** @file
EFI tools utility functions to display warning, error, and informational messages
-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -451,14 +451,16 @@ Notes:
//
time (&CurrentTime);
NewTime = localtime (&CurrentTime);
- fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d",
- NewTime->tm_year + 1900,
- NewTime->tm_mon + 1,
- NewTime->tm_mday,
- NewTime->tm_hour,
- NewTime->tm_min,
- NewTime->tm_sec
- );
+ if (NewTime != NULL) {
+ fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d",
+ NewTime->tm_year + 1900,
+ NewTime->tm_mon + 1,
+ NewTime->tm_mday,
+ NewTime->tm_hour,
+ NewTime->tm_min,
+ NewTime->tm_sec
+ );
+ }
if (Cptr != NULL) {
sprintf (Line, ": %s", Cptr);
if (LineNumber != 0) {
diff --git a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c
index 7988d8e..a287fe1 100644
--- a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c
+++ b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c
@@ -1,7 +1,7 @@
/** @file
EFI Firmware Volume routines which work on a Fv image in buffers.
-Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -353,6 +353,9 @@ Returns:
if (*DestinationFv == NULL) {
*DestinationFv = CommonLibBinderAllocate (size);
+ if (*DestinationFv == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
}
CommonLibBinderCopyMem (*DestinationFv, SourceFv, size);
diff --git a/BaseTools/Source/C/Common/MyAlloc.c b/BaseTools/Source/C/Common/MyAlloc.c
index eabba57..be7c515 100644
--- a/BaseTools/Source/C/Common/MyAlloc.c
+++ b/BaseTools/Source/C/Common/MyAlloc.c
@@ -1,7 +1,7 @@
/** @file
File for memory allocation tracking functions.
-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -73,7 +73,18 @@ MyCheck (
//
// Check parameters.
//
- if (File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyCheck(Final=%u, File=NULL, Line=%u)"
+ "Invalid parameter(s).\n",
+ Final,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Line == 0) {
printf (
"\nMyCheck(Final=%u, File=%s, Line=%u)"
"Invalid parameter(s).\n",
@@ -190,7 +201,18 @@ MyAlloc (
//
// Check for invalid parameters.
//
- if (Size == 0 || File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyAlloc(Size=%u, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ (unsigned)Size,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Size == 0 || Line == 0) {
printf (
"\nMyAlloc(Size=%u, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
@@ -303,7 +325,19 @@ MyRealloc (
//
// Check for invalid parameter(s).
//
- if (Size == 0 || File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyRealloc(Ptr=%p, Size=%u, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ Ptr,
+ (unsigned)Size,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Size == 0 || Line == 0) {
printf (
"\nMyRealloc(Ptr=%p, Size=%u, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
@@ -408,7 +442,18 @@ MyFree (
//
// Check for invalid parameter(s).
//
- if (File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyFree(Ptr=%p, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ Ptr,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Line == 0) {
printf (
"\nMyFree(Ptr=%p, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
diff --git a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c
index e3f0ccb..fc8f488 100644
--- a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c
+++ b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c
@@ -1,7 +1,7 @@
/** @file
Helper functions for parsing GuidedSectionTools.txt
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -144,13 +144,14 @@ Returns:
NewGuidTool->Name = CloneString(Tool->Strings[1]);
NewGuidTool->Path = CloneString(Tool->Strings[2]);
NewGuidTool->Next = NULL;
+
+ if (FirstGuidTool == NULL) {
+ FirstGuidTool = NewGuidTool;
+ } else {
+ LastGuidTool->Next = NewGuidTool;
+ }
+ LastGuidTool = NewGuidTool;
}
- if (FirstGuidTool == NULL) {
- FirstGuidTool = NewGuidTool;
- } else {
- LastGuidTool->Next = NewGuidTool;
- }
- LastGuidTool = NewGuidTool;
}
FreeStringList (Tool);
}
diff --git a/BaseTools/Source/C/Common/TianoCompress.c b/BaseTools/Source/C/Common/TianoCompress.c
index e5175fc..252b829 100644
--- a/BaseTools/Source/C/Common/TianoCompress.c
+++ b/BaseTools/Source/C/Common/TianoCompress.c
@@ -4,7 +4,7 @@ coding. LZ77 transforms the source data into a sequence of Original Characters
and Pointers to repeated strings. This sequence is further divided into Blocks
and Huffman codings are applied to each Block.
-Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -417,6 +417,9 @@ Returns:
UINT32 Index;
mText = malloc (WNDSIZ * 2 + MAXMATCH);
+ if (mText == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
for (Index = 0; Index < WNDSIZ * 2 + MAXMATCH; Index++) {
mText[Index] = 0;
}
@@ -427,6 +430,10 @@ Returns:
mParent = malloc (WNDSIZ * 2 * sizeof (*mParent));
mPrev = malloc (WNDSIZ * 2 * sizeof (*mPrev));
mNext = malloc ((MAX_HASH_VAL + 1) * sizeof (*mNext));
+ if (mLevel == NULL || mChildCount == NULL || mPosition == NULL ||
+ mParent == NULL || mPrev == NULL || mNext == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
mBufSiz = BLKSIZ;
mBuf = malloc (mBufSiz);
--
1.9.5.msysgit.0
next prev parent reply other threads:[~2016-11-03 7:23 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 7:22 [PATCH v2 00/53] Resolve issues for C source codes in BaseTools Hao Wu
2016-11-03 7:22 ` Hao Wu [this message]
2016-11-03 7:22 ` [PATCH v2 02/53] BaseTools/EfiRom: Avoid possible NULL pointer dereference Hao Wu
2016-11-03 7:22 ` [PATCH v2 03/53] BaseTools/GenFfs: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 04/53] BaseTools/GenFv: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 05/53] BaseTools/GenFw: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 06/53] BaseTools/GenPage: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 07/53] BaseTools/GenSec: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 08/53] BaseTools/GenVtf: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 09/53] BaseTools/TianoCompress: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 10/53] BaseTools/VfrCompile: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 11/53] BaseTools/VolInfo: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 12/53] BaseTools/TianoCompress: Initialize local variables before being used Hao Wu
2016-11-03 7:22 ` [PATCH v2 13/53] BaseTools/VfrCompile: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 14/53] BaseTools/GenBootSector: Fix parameter format mismatch in printf functions Hao Wu
2016-11-03 7:22 ` [PATCH v2 15/53] BaseTools/VolInfo: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 16/53] BaseTools/C/Common: Fix parameter format mismatch in scanf functions Hao Wu
2016-11-03 7:22 ` [PATCH v2 17/53] BaseTools/GenFv: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 18/53] BaseTools/GenFw: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 19/53] BaseTools/GenVtf: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 20/53] BaseTools/C/Common: Add checks for array access Hao Wu
2016-11-03 7:22 ` [PATCH v2 21/53] BaseTools/TianoCompress: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 22/53] BaseTools/VfrCompile: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 23/53] BaseTools/EfiRom: Add checks for user/file inputs Hao Wu
2016-11-03 7:22 ` [PATCH v2 24/53] BaseTools/GenFv: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 25/53] BaseTools/VfrCompile: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 26/53] BaseTools/VfrCompile: Avoid freeing memory with mismatched functions Hao Wu
2016-11-03 7:22 ` [PATCH v2 27/53] BaseTools/VfrCompile: Add assignment operator definition for some classes Hao Wu
2016-11-03 7:22 ` [PATCH v2 28/53] BaseTools/VfrCompile: Avoid freeing freed memory in classes Hao Wu
2016-11-03 7:22 ` [PATCH v2 29/53] BaseTools/VfrCompile: Remove unused local variables Hao Wu
2016-11-03 7:22 ` [PATCH v2 30/53] BaseTools/C/Common: Fix potential memory leak Hao Wu
2016-11-03 7:22 ` [PATCH v2 31/53] BaseTools/EfiRom: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 32/53] BaseTools/GenFv: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 33/53] BaseTools/GenPage: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 34/53] BaseTools/GenSec: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 35/53] BaseTools/GenVtf: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 36/53] BaseTools/Split: Fix potential memory and resource leak Hao Wu
2016-11-03 7:22 ` [PATCH v2 37/53] BaseTools/TianoCompress: Fix potential memory leak Hao Wu
2016-11-03 7:22 ` [PATCH v2 38/53] BaseTools/VfrCompile: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 39/53] BaseTools/VolInfo: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 40/53] BaseTools/EfiRom: Fix file handles not being closed Hao Wu
2016-11-03 7:22 ` [PATCH v2 41/53] BaseTools/GenBootSector: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 42/53] BaseTools/GenCrc32: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 43/53] BaseTools/GenFv: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 44/53] BaseTools/GenVtf: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 45/53] BaseTools/LzmaCompress: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 46/53] BaseTools/TianoCompress: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 47/53] BaseTools/VolInfo: " Hao Wu
2016-11-03 7:22 ` [PATCH v2 48/53] BaseTools/GenVtf: Provide string width in '%s' specifier in format string Hao Wu
2016-11-03 7:22 ` [PATCH v2 49/53] BaseTools/VolInfo: " Hao Wu
2016-11-03 7:23 ` [PATCH v2 50/53] BaseTools/VfrCompile: Explicitly state format string for DebugMsg() Hao Wu
2016-11-03 7:23 ` [PATCH v2 51/53] BaseTools/VolInfo: Add definitions for command format strings Hao Wu
2016-11-03 7:23 ` [PATCH v2 52/53] BaseTools/VfrCompile/Pccts: Add virtual destructor for class DLGInputStream Hao Wu
2016-11-03 7:23 ` [PATCH v2 53/53] BaseTools/VfrCompile/Pccts: Make assignment operator not returning void Hao Wu
2016-11-08 1:05 ` [PATCH v2 00/53] Resolve issues for C source codes in BaseTools Gao, Liming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478157783-9368-2-git-send-email-hao.a.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox