[PATCH] MdeModulePkg CapsuleApp: Check Buffer against NULL before freeing it

[PATCH] MdeModulePkg CapsuleApp: Check Buffer against NULL before freeing it

[Star Zeng]

If the capsule from command line is not present,
Buffer will be random value when freeing it in DumpCapsule(),
then ASSERT will happen or other memory pool may be freed.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
index 2bb5f1f02cf4..6c1320942bf4 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -1,7 +1,7 @@
 /** @file
   Dump Capsule image information.
 
-  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -242,6 +242,7 @@ DumpCapsule (
   EFI_CAPSULE_HEADER                            *CapsuleHeader;
   EFI_STATUS                                    Status;
 
+  Buffer = NULL;
   Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);
   if (EFI_ERROR(Status)) {
     Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);
@@ -269,7 +270,9 @@ DumpCapsule (
   }
 
 Done:
-  FreePool(Buffer);
+  if (Buffer != NULL) {
+    FreePool(Buffer);
+  }
   return Status;
 }
 
-- 
2.7.0.windows.1

Re: [PATCH] MdeModulePkg CapsuleApp: Check Buffer against NULL before freeing it

[Yao, Jiewen]

Reviewed-by: jiewen.yao@intel.com

> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, May 3, 2018 7:20 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH] MdeModulePkg CapsuleApp: Check Buffer against NULL before
> freeing it
> 
> If the capsule from command line is not present,
> Buffer will be random value when freeing it in DumpCapsule(),
> then ASSERT will happen or other memory pool may be freed.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index 2bb5f1f02cf4..6c1320942bf4 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Dump Capsule image information.
> 
> -  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD
> License
>    which accompanies this distribution.  The full text of the license may be
> found at
> @@ -242,6 +242,7 @@ DumpCapsule (
>    EFI_CAPSULE_HEADER                            *CapsuleHeader;
>    EFI_STATUS                                    Status;
> 
> +  Buffer = NULL;
>    Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);
>    if (EFI_ERROR(Status)) {
>      Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);
> @@ -269,7 +270,9 @@ DumpCapsule (
>    }
> 
>  Done:
> -  FreePool(Buffer);
> +  if (Buffer != NULL) {
> +    FreePool(Buffer);
> +  }
>    return Status;
>  }
> 
> --
> 2.7.0.windows.1