From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 81A5C21165271 for ; Wed, 10 Oct 2018 23:57:34 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Oct 2018 23:57:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,367,1534834800"; d="scan'208";a="240389592" Received: from shwde7172.ccr.corp.intel.com ([10.239.158.23]) by orsmga004.jf.intel.com with ESMTP; 10 Oct 2018 23:57:33 -0700 From: Liming Gao To: edk2-devel@lists.01.org Cc: Dongao Guo Date: Thu, 11 Oct 2018 14:57:01 +0800 Message-Id: <1539241023-2864-3-git-send-email-liming.gao@intel.com> X-Mailer: git-send-email 2.8.0.windows.1 In-Reply-To: <1539241023-2864-1-git-send-email-liming.gao@intel.com> References: <1539241023-2864-1-git-send-email-liming.gao@intel.com> Subject: [Patch 2/4] MdeModulePkg/RegularExpressionDxe: Miss null pointer check X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2018 06:57:34 -0000 From: Dongao Guo Oniguruma https://github.com/kkos/oniguruma this change is merged from oniguruma develop branch. from commit ea36d810f1d9b28f3ef20bd8d453bea2f7fb598b Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dongao Guo Reviewed-by: Liming Gao --- .../RegularExpressionDxe/Oniguruma/regenc.h | 2 +- .../RegularExpressionDxe/Oniguruma/regparse.c | 34 ++++++++++++++++++++++ .../RegularExpressionDxe/Oniguruma/unicode.c | 4 +++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h index 6235520..46a5142 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h +++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h @@ -197,7 +197,7 @@ extern int onigenc_egcb_is_break_position P_((OnigEncoding enc, UChar* p, UChar* else if ((buk)->fold_len == 3)\ addr = OnigUnicodeFolds3 + (buk)->index;\ else\ - addr = 0;\ + return ONIGERR_INVALID_CODE_POINT_VALUE;\ } while (0) extern OnigCodePoint OnigUnicodeFolds1[]; diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c index 6033d21..5b7fec9 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c +++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c @@ -966,6 +966,7 @@ name_add(regex_t* reg, UChar* name, UChar* name_end, int backref, ScanEnv* env) #ifdef USE_ST_LIBRARY if (IS_NULL(t)) { t = onig_st_init_strend_table_with_size(INIT_NAMES_ALLOC_NUM); + CHECK_NULL_RETURN_MEMERR(t); reg->name_table = (void* )t; } e = (NameEntry* )xmalloc(sizeof(NameEntry)); @@ -1372,6 +1373,7 @@ callout_name_entry(CalloutNameEntry** rentry, OnigEncoding enc, #ifdef USE_ST_LIBRARY if (IS_NULL(t)) { t = onig_st_init_callout_name_table_with_size(INIT_NAMES_ALLOC_NUM); + CHECK_NULL_RETURN_MEMERR(t); GlobalCalloutNameTable = t; } e = (CalloutNameEntry* )xmalloc(sizeof(CalloutNameEntry)); @@ -1616,6 +1618,7 @@ onig_get_callout_start_func(regex_t* reg, int callout_num) CalloutListEntry* e; e = onig_reg_callout_list_at(reg, callout_num); + CHECK_NULL_RETURN(e); return e->start_func; } @@ -1623,6 +1626,7 @@ extern const UChar* onig_get_callout_tag_start(regex_t* reg, int callout_num) { CalloutListEntry* e = onig_reg_callout_list_at(reg, callout_num); + CHECK_NULL_RETURN(e); return e->tag_start; } @@ -1630,6 +1634,7 @@ extern const UChar* onig_get_callout_tag_end(regex_t* reg, int callout_num) { CalloutListEntry* e = onig_reg_callout_list_at(reg, callout_num); + CHECK_NULL_RETURN(e); return e->tag_end; } @@ -1904,6 +1909,7 @@ callout_tag_entry(regex_t* reg, UChar* name, UChar* name_end, r = callout_tag_entry_raw(ext->tag_table, name, name_end, entry_val); e = onig_reg_callout_list_at(reg, (int )entry_val); + CHECK_NULL_RETURN_MEMERR(e); e->tag_start = name; e->tag_end = name_end; @@ -2138,6 +2144,8 @@ node_new_anychar_with_fixed_option(OnigOptionType option) Node* node; node = node_new_anychar(); + CHECK_NULL_RETURN(node); + ct = CTYPE_(node); ct->options = option; NODE_STATUS_ADD(node, FIXED_OPTION); @@ -3174,6 +3182,7 @@ static Node* node_new_str_raw(UChar* s, UChar* end) { Node* node = node_new_str(s, end); + CHECK_NULL_RETURN(node); NODE_STRING_SET_RAW(node); return node; } @@ -3206,6 +3215,7 @@ str_node_split_last_char(Node* node, OnigEncoding enc) p = onigenc_get_prev_char_head(enc, sn->s, sn->end); if (p && p > sn->s) { /* can be split. */ rn = node_new_str(p, sn->end); + CHECK_NULL_RETURN(rn); if (NODE_STRING_IS_RAW(node)) NODE_STRING_SET_RAW(rn); @@ -6626,6 +6636,11 @@ parse_callout_of_contents(Node** np, int cterm, UChar** src, UChar* end, ScanEnv } e = onig_reg_callout_list_at(env->reg, num); + if (IS_NULL(e)) { + xfree(contents); + return ONIGERR_MEMORY; + } + e->of = ONIG_CALLOUT_OF_CONTENTS; e->in = in; e->name_id = ONIG_NON_NAME_ID; @@ -6935,6 +6950,8 @@ parse_callout_of_name(Node** np, int cterm, UChar** src, UChar* end, ScanEnv* en if (r != ONIG_NORMAL) return r; e = onig_reg_callout_list_at(env->reg, num); + CHECK_NULL_RETURN_MEMERR(e); + e->of = ONIG_CALLOUT_OF_NAME; e->in = in; e->name_id = name_id; @@ -8098,6 +8115,11 @@ parse_branch(Node** top, OnigToken* tok, int term, UChar** src, UChar* end, } else { *top = node_new_list(node, NULL); + if (IS_NULL(*top)) { + onig_node_free(node); + return ONIGERR_MEMORY; + } + headp = &(NODE_CDR(*top)); while (r != TK_EOT && r != term && r != TK_ALT) { r = parse_exp(&node, tok, term, src, end, env); @@ -8133,6 +8155,7 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end, env->parse_depth++; if (env->parse_depth > ParseDepthLimit) return ONIGERR_PARSE_DEPTH_LIMIT_OVER; + r = parse_branch(&node, tok, term, src, end, env); if (r < 0) { onig_node_free(node); @@ -8144,6 +8167,11 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end, } else if (r == TK_ALT) { *top = onig_node_new_alt(node, NULL); + if (IS_NULL(*top)) { + onig_node_free(node); + return ONIGERR_MEMORY; + } + headp = &(NODE_CDR(*top)); while (r == TK_ALT) { r = fetch_token(tok, src, end, env); @@ -8154,6 +8182,12 @@ parse_subexp(Node** top, OnigToken* tok, int term, UChar** src, UChar* end, return r; } *headp = onig_node_new_alt(node, NULL); + if (IS_NULL(*headp)) { + onig_node_free(node); + onig_node_free(*top); + return ONIGERR_MEMORY; + } + headp = &(NODE_CDR(*headp)); } diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c index 1587500..16c34b6 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c +++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c @@ -758,6 +758,10 @@ onig_unicode_define_user_property(const char* name, OnigCodePoint* ranges) if (UserDefinedPropertyTable == 0) { UserDefinedPropertyTable = onig_st_init_strend_table_with_size(10); + if (IS_NULL(UserDefinedPropertyTable)) { + xfree(s); + return ONIGERR_MEMORY; + } } e = UserDefinedPropertyRanges + UserDefinedPropertyNum; -- 2.10.0.windows.1