From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3669481CF3 for ; Thu, 3 Nov 2016 00:23:11 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP; 03 Nov 2016 00:23:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,585,1473145200"; d="scan'208";a="897185027" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.34]) by orsmga003.jf.intel.com with ESMTP; 03 Nov 2016 00:23:11 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Liming Gao , Yonghong Zhu Date: Thu, 3 Nov 2016 15:22:11 +0800 Message-Id: <1478157783-9368-2-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> References: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> Subject: [PATCH v2 01/53] BaseTools/C/Common: Avoid possible NULL pointer dereference X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2016 07:23:11 -0000 Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- BaseTools/Source/C/Common/BasePeCoff.c | 12 +++++ BaseTools/Source/C/Common/EfiUtilityMsgs.c | 20 ++++---- BaseTools/Source/C/Common/FirmwareVolumeBuffer.c | 5 +- BaseTools/Source/C/Common/MyAlloc.c | 55 ++++++++++++++++++++-- .../Source/C/Common/ParseGuidedSectionTools.c | 15 +++--- BaseTools/Source/C/Common/TianoCompress.c | 9 +++- 6 files changed, 93 insertions(+), 23 deletions(-) diff --git a/BaseTools/Source/C/Common/BasePeCoff.c b/BaseTools/Source/C/Common/BasePeCoff.c index d0cc1af..9adbdfa 100644 --- a/BaseTools/Source/C/Common/BasePeCoff.c +++ b/BaseTools/Source/C/Common/BasePeCoff.c @@ -650,6 +650,10 @@ Returns: ImageContext, RelocDir->VirtualAddress + RelocDir->Size - 1 ); + if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { // // Set base and end to bypass processing below. @@ -674,6 +678,10 @@ Returns: ImageContext, RelocDir->VirtualAddress + RelocDir->Size - 1 ); + if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { // // Set base and end to bypass processing below. @@ -710,6 +718,10 @@ Returns: RelocEnd = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock); if (!(ImageContext->IsTeImage)) { FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress); + if (FixupBase == NULL) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { FixupBase = (CHAR8 *)(UINTN)(ImageContext->ImageAddress + RelocBase->VirtualAddress + diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c index 438f338..7b4c231 100644 --- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c +++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c @@ -1,7 +1,7 @@ /** @file EFI tools utility functions to display warning, error, and informational messages -Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -451,14 +451,16 @@ Notes: // time (&CurrentTime); NewTime = localtime (&CurrentTime); - fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d", - NewTime->tm_year + 1900, - NewTime->tm_mon + 1, - NewTime->tm_mday, - NewTime->tm_hour, - NewTime->tm_min, - NewTime->tm_sec - ); + if (NewTime != NULL) { + fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d", + NewTime->tm_year + 1900, + NewTime->tm_mon + 1, + NewTime->tm_mday, + NewTime->tm_hour, + NewTime->tm_min, + NewTime->tm_sec + ); + } if (Cptr != NULL) { sprintf (Line, ": %s", Cptr); if (LineNumber != 0) { diff --git a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c index 7988d8e..a287fe1 100644 --- a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c +++ b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c @@ -1,7 +1,7 @@ /** @file EFI Firmware Volume routines which work on a Fv image in buffers. -Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -353,6 +353,9 @@ Returns: if (*DestinationFv == NULL) { *DestinationFv = CommonLibBinderAllocate (size); + if (*DestinationFv == NULL) { + return EFI_OUT_OF_RESOURCES; + } } CommonLibBinderCopyMem (*DestinationFv, SourceFv, size); diff --git a/BaseTools/Source/C/Common/MyAlloc.c b/BaseTools/Source/C/Common/MyAlloc.c index eabba57..be7c515 100644 --- a/BaseTools/Source/C/Common/MyAlloc.c +++ b/BaseTools/Source/C/Common/MyAlloc.c @@ -1,7 +1,7 @@ /** @file File for memory allocation tracking functions. -Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -73,7 +73,18 @@ MyCheck ( // // Check parameters. // - if (File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyCheck(Final=%u, File=NULL, Line=%u)" + "Invalid parameter(s).\n", + Final, + (unsigned)Line + ); + + exit (1); + } + + if (Line == 0) { printf ( "\nMyCheck(Final=%u, File=%s, Line=%u)" "Invalid parameter(s).\n", @@ -190,7 +201,18 @@ MyAlloc ( // // Check for invalid parameters. // - if (Size == 0 || File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyAlloc(Size=%u, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + (unsigned)Size, + (unsigned)Line + ); + + exit (1); + } + + if (Size == 0 || Line == 0) { printf ( "\nMyAlloc(Size=%u, File=%s, Line=%u)" "\nInvalid parameter(s).\n", @@ -303,7 +325,19 @@ MyRealloc ( // // Check for invalid parameter(s). // - if (Size == 0 || File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyRealloc(Ptr=%p, Size=%u, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + Ptr, + (unsigned)Size, + (unsigned)Line + ); + + exit (1); + } + + if (Size == 0 || Line == 0) { printf ( "\nMyRealloc(Ptr=%p, Size=%u, File=%s, Line=%u)" "\nInvalid parameter(s).\n", @@ -408,7 +442,18 @@ MyFree ( // // Check for invalid parameter(s). // - if (File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyFree(Ptr=%p, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + Ptr, + (unsigned)Line + ); + + exit (1); + } + + if (Line == 0) { printf ( "\nMyFree(Ptr=%p, File=%s, Line=%u)" "\nInvalid parameter(s).\n", diff --git a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c index e3f0ccb..fc8f488 100644 --- a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c +++ b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c @@ -1,7 +1,7 @@ /** @file Helper functions for parsing GuidedSectionTools.txt -Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -144,13 +144,14 @@ Returns: NewGuidTool->Name = CloneString(Tool->Strings[1]); NewGuidTool->Path = CloneString(Tool->Strings[2]); NewGuidTool->Next = NULL; + + if (FirstGuidTool == NULL) { + FirstGuidTool = NewGuidTool; + } else { + LastGuidTool->Next = NewGuidTool; + } + LastGuidTool = NewGuidTool; } - if (FirstGuidTool == NULL) { - FirstGuidTool = NewGuidTool; - } else { - LastGuidTool->Next = NewGuidTool; - } - LastGuidTool = NewGuidTool; } FreeStringList (Tool); } diff --git a/BaseTools/Source/C/Common/TianoCompress.c b/BaseTools/Source/C/Common/TianoCompress.c index e5175fc..252b829 100644 --- a/BaseTools/Source/C/Common/TianoCompress.c +++ b/BaseTools/Source/C/Common/TianoCompress.c @@ -4,7 +4,7 @@ coding. LZ77 transforms the source data into a sequence of Original Characters and Pointers to repeated strings. This sequence is further divided into Blocks and Huffman codings are applied to each Block. -Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -417,6 +417,9 @@ Returns: UINT32 Index; mText = malloc (WNDSIZ * 2 + MAXMATCH); + if (mText == NULL) { + return EFI_OUT_OF_RESOURCES; + } for (Index = 0; Index < WNDSIZ * 2 + MAXMATCH; Index++) { mText[Index] = 0; } @@ -427,6 +430,10 @@ Returns: mParent = malloc (WNDSIZ * 2 * sizeof (*mParent)); mPrev = malloc (WNDSIZ * 2 * sizeof (*mPrev)); mNext = malloc ((MAX_HASH_VAL + 1) * sizeof (*mNext)); + if (mLevel == NULL || mChildCount == NULL || mPosition == NULL || + mParent == NULL || mPrev == NULL || mNext == NULL) { + return EFI_OUT_OF_RESOURCES; + } mBufSiz = BLKSIZ; mBuf = malloc (mBufSiz); -- 1.9.5.msysgit.0