From: Liming Gao <liming.gao@intel.com>
To: edk2-devel@lists.01.org
Cc: Dongao Guo <dongao.guo@intel.com>
Subject: [Patch 2/4] MdeModulePkg/RegularExpressionDxe: Miss null pointer check
Date: Thu, 11 Oct 2018 14:57:01 +0800 [thread overview]
Message-ID: <1539241023-2864-3-git-send-email-liming.gao@intel.com> (raw)
In-Reply-To: <1539241023-2864-1-git-send-email-liming.gao@intel.com>
From: Dongao Guo <dongao.guo@intel.com>
Oniguruma https://github.com/kkos/oniguruma
this change is merged from oniguruma develop branch.
from commit ea36d810f1d9b28f3ef20bd8d453bea2f7fb598b
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dongao Guo <dongao.guo@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
.../RegularExpressionDxe/Oniguruma/regenc.h | 2 +-
.../RegularExpressionDxe/Oniguruma/regparse.c | 34 ++++++++++++++++++++++
.../RegularExpressionDxe/Oniguruma/unicode.c | 4 +++
3 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
index 6235520..46a5142 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
@@ -197,7 +197,7 @@ extern int onigenc_egcb_is_break_position P_((OnigEncoding enc, UChar* p, UChar*
else if ((buk)->fold_len == 3)\
addr = OnigUnicodeFolds3 + (buk)->index;\
else\
- addr = 0;\
+ return ONIGERR_INVALID_CODE_POINT_VALUE;\
} while (0)
extern OnigCodePoint OnigUnicodeFolds1[];
diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
index 6033d21..5b7fec9 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
@@ -966,6 +966,7 @@ name_add(regex_t* reg, UChar* name, UChar* name_end, int backref, ScanEnv* env)
#ifdef USE_ST_LIBRARY
if (IS_NULL(t)) {
t = onig_st_init_strend_table_with_size(INIT_NAMES_ALLOC_NUM);
+ CHECK_NULL_RETURN_MEMERR(t);
reg->name_table = (void* )t;
}
e = (NameEntry* )xmalloc(sizeof(NameEntry));
@@ -1372,6 +1373,7 @@ callout_name_entry(CalloutNameEntry** rentry, OnigEncoding enc,
#ifdef USE_ST_LIBRARY
if (IS_NULL(t)) {
t = onig_st_init_callout_name_table_with_size(INIT_NAMES_ALLOC_NUM);
+ CHECK_NULL_RETURN_MEMERR(t);
GlobalCalloutNameTable = t;
}
e = (CalloutNameEntry* )xmalloc(sizeof(CalloutNameEntry));
@@ -1616,6 +1618,7 @@ onig_get_callout_start_func(regex_t* reg, int callout_num)
CalloutListEntry* e;
e = onig_reg_callout_list_at(reg, callout_num);
+ CHECK_NULL_RETURN(e);
return e->start_func;
}
@@ -1623,6 +1626,7 @@ extern const UChar*
onig_get_callout_tag_start(regex_t* reg, int callout_num)
{
CalloutListEntry* e = onig_reg_callout_list_at(reg, callout_num);
+ CHECK_NULL_RETURN(e);
return e->tag_start;
}
@@ -1630,6 +1634,7 @@ extern const UChar*
onig_get_callout_tag_end(regex_t* reg, int callout_num)
{
CalloutListEntry* e = onig_reg_callout_list_at(reg, callout_num);
+ CHECK_NULL_RETURN(e);
return e->tag_end;
}
@@ -1904,6 +1909,7 @@ callout_tag_entry(regex_t* reg, UChar* name, UChar* name_end,
r = callout_tag_entry_raw(ext->tag_table, name, name_end, entry_val);
e = onig_reg_callout_list_at(reg, (int )entry_val);
+ CHECK_NULL_RETURN_MEMERR(e);
e->tag_start = name;
e->tag_end = name_end;
@@ -2138,6 +2144,8 @@ node_new_anychar_with_fixed_option(OnigOptionType option)
Node* node;
node = node_new_anychar();
+ CHECK_NULL_RETURN(node);
+
ct = CTYPE_(node);
ct->options = option;
NODE_STATUS_ADD(node, FIXED_OPTION);
@@ -3174,6 +3182,7 @@ static Node*
node_new_str_raw(UChar* s, UChar* end)
{
Node* node = node_new_str(s, end);
+ CHECK_NULL_RETURN(node);
NODE_STRING_SET_RAW(node);
return node;
}
@@ -3206,6 +3215,7 @@ str_node_split_last_char(Node* node, OnigEncoding enc)
p = onigenc_get_prev_char_head(enc, sn->s, sn->end);
if (p && p > sn->s) { /* can be split. */
rn = node_new_str(p, sn->end);
+ CHECK_NULL_RETURN(rn);
if (NODE_STRING_IS_RAW(node))
NODE_STRING_SET_RAW(rn);
@@ -6626,6 +6636,11 @@ parse_callout_of_contents(Node** np, int cterm, UChar** src, UChar* end, ScanEnv
}
e = onig_reg_callout_list_at(env->reg, num);
+ if (IS_NULL(e)) {
+ xfree(contents);
+ return ONIGERR_MEMORY;
+ }
+
e->of = ONIG_CALLOUT_OF_CONTENTS;
e->in = in;
e->name_id = ONIG_NON_NAME_ID;
@@ -6935,6 +6950,8 @@ parse_callout_of_name(Node** np, int cterm, UChar** src, UChar* end, ScanEnv* en
if (r != ONIG_NORMAL) return r;
e = onig_reg_callout_list_at(env->reg, num);
+ CHECK_NULL_RETURN_MEMERR(e);
+
e->of = ONIG_CALLOUT_OF_NAME;
e->in = in;
e->name_id = name_id;
@@ -8098,6 +8115,11 @@ parse_branch(Node** top, OnigToken* tok, int term, UChar** src, UChar* end,
}
else {
*top = node_new_list(node, NULL);
+ if (IS_NULL(*top)) {
+ onig_node_free(node);
+ return ONIGERR_MEMORY;
+ }
+
headp = &(NODE_CDR(*top));
while (r != TK_EOT && r != term && r != TK_ALT) {
r = parse_exp(&node, tok, term, src, end, env);
@@ -8133,6 +8155,7 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end,
env->parse_depth++;
if (env->parse_depth > ParseDepthLimit)
return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
r = parse_branch(&node, tok, term, src, end, env);
if (r < 0) {
onig_node_free(node);
@@ -8144,6 +8167,11 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end,
}
else if (r == TK_ALT) {
*top = onig_node_new_alt(node, NULL);
+ if (IS_NULL(*top)) {
+ onig_node_free(node);
+ return ONIGERR_MEMORY;
+ }
+
headp = &(NODE_CDR(*top));
while (r == TK_ALT) {
r = fetch_token(tok, src, end, env);
@@ -8154,6 +8182,12 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end,
return r;
}
*headp = onig_node_new_alt(node, NULL);
+ if (IS_NULL(*headp)) {
+ onig_node_free(node);
+ onig_node_free(*top);
+ return ONIGERR_MEMORY;
+ }
+
headp = &(NODE_CDR(*headp));
}
diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
index 1587500..16c34b6 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
@@ -758,6 +758,10 @@ onig_unicode_define_user_property(const char* name, OnigCodePoint* ranges)
if (UserDefinedPropertyTable == 0) {
UserDefinedPropertyTable = onig_st_init_strend_table_with_size(10);
+ if (IS_NULL(UserDefinedPropertyTable)) {
+ xfree(s);
+ return ONIGERR_MEMORY;
+ }
}
e = UserDefinedPropertyRanges + UserDefinedPropertyNum;
--
2.10.0.windows.1
next prev parent reply other threads:[~2018-10-11 6:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 6:56 [Patch 0/4] MdeModulePkg/RegularExpressionDxe: Miss null pointer check Liming Gao
2018-10-11 6:57 ` [Patch 1/4] " Liming Gao
2018-10-11 6:57 ` Liming Gao [this message]
2018-10-11 6:57 ` [Patch 3/4] " Liming Gao
2018-10-11 6:57 ` [Patch 4/4] MdeModulePkg/RegularExpressionDxe: Add " Liming Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539241023-2864-3-git-send-email-liming.gao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox