From: "Sami Mujawar" <sami.mujawar@arm.com>
To: "gua.guo@intel.com" <gua.guo@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Gerd Hoffmann <kraxel@redhat.com>,
John Mathew <john.mathews@intel.com>,
Vincent Zimmer <vincent.zimmer@intel.com>,
"quic_llindhol@quicinc.com" <quic_llindhol@quicinc.com>
Subject: Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob()
Date: Fri, 19 Jan 2024 09:53:36 +0000 [thread overview]
Message-ID: <1F8B8394-54EE-4AB1-859A-4B8F0CC012ED@arm.com> (raw)
In-Reply-To: <20240112022521.710-1-gua.guo@intel.com>
Hi Gua,
I don’t think handling the error one level up (i.e. only in the calling function) solves the problem in entirety, can you check please?
Example, now the crash can happen in BuildGuidDataHob() see https://github.com/tianocore/edk2/blob/master/EmbeddedPkg/Library/PrePiHobLib/Hob.c#L488-L490
I believe such cases are at other places as well.
I think it may be better to introduce a Panic() hander to fix this properly.
Regards,
Sami Mujawar
On 12/01/2024, 02:25, "gua.guo@intel.com <mailto:gua.guo@intel.com>" <gua.guo@intel.com <mailto:gua.guo@intel.com>> wrote:
From: Gua Guo <gua.guo@intel.com <mailto:gua.guo@intel.com>>
PR: https://github.com/tianocore/edk2/pull/5252 <https://github.com/tianocore/edk2/pull/5252>
V3
1. UefiPayloadPkg/Hob: Integer : Add error handle
2. StandaloneMmPkg/Hob: Integer Overflow in : Add error handle
3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add error handle
V2
1. UefiPayloadPkg/Hob: Integer : Add Reviewed-by and Authored-by
2. StandaloneMmPkg/Hob: Integer Overflow in : Add Reviewed-by and Authored-by
3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() : Add Reviewed-by and Authored-by
4. MdeModulePkg/Hob: Integer Overflow in CreateHob() : Add Authored-by
V1
1. UefiPayloadPkg/Hob: Integer
2. StandaloneMmPkg/Hob: Integer Overflow in
3. EmbeddedPkg/Hob: Integer Overflow in CreateHob()
4. MdeModulePkg/Hob: Integer Overflow in CreateHob()
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org <mailto:ardb+tianocore@kernel.org>>
Cc: Gerd Hoffmann <kraxel@redhat.com <mailto:kraxel@redhat.com>>
Cc: John Mathew <john.mathews@intel.com <mailto:john.mathews@intel.com>>
Cc: Vincent Zimmer <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>
Cc: Sami Mujawar <sami.mujawar@arm.com <mailto:sami.mujawar@arm.com>>
Gua Guo (4):
UefiPayloadPkg/Hob: Integer Overflow in CreateHob()
StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
MdeModulePkg/Hob: Integer Overflow in CreateHob()
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++
MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +-
.../Arm/StandaloneMmCoreHobLib.c | 35 +++++++++++++++
.../Library/PayloadEntryHobLib/Hob.c | 43 +++++++++++++++++++
.../FitUniversalPayloadEntry.c | 8 ++--
.../UefiPayloadEntry/UniversalPayloadEntry.c | 8 ++--
6 files changed, 132 insertions(+), 7 deletions(-)
--
2.39.2.windows.1
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114038): https://edk2.groups.io/g/devel/message/114038
Mute This Topic: https://groups.io/mt/103675959/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-19 9:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-12 2:25 [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() Guo, Gua
2024-01-12 2:25 ` [edk2-devel] [PATCH v3 1/4] UefiPayloadPkg/Hob: " Guo, Gua
2024-01-12 2:25 ` [edk2-devel] [PATCH v3 2/4] StandaloneMmPkg/Hob: " Guo, Gua
2024-01-12 8:56 ` Ni, Ray
2024-01-24 12:40 ` Gerd Hoffmann
2024-01-25 1:33 ` Ni, Ray
2024-01-12 2:25 ` [edk2-devel] [PATCH v3 3/4] EmbeddedPkg/Hob: " Guo, Gua
2024-01-12 2:25 ` [edk2-devel] [PATCH v3 4/4] MdeModulePkg/Hob: " Guo, Gua
2024-01-16 14:39 ` 回复: " gaoliming via groups.io
2024-01-19 9:53 ` Sami Mujawar [this message]
2024-01-23 14:49 ` [edk2-devel] [PATCH v3 0/4] Bz4166: " Gerd Hoffmann
2024-01-23 15:16 ` Guo, Gua
2024-01-24 12:48 ` Gerd Hoffmann
2024-01-25 8:08 ` Guo, Gua
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1F8B8394-54EE-4AB1-859A-4B8F0CC012ED@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox