* [PATCH 01/17] BaseTools/C/Common: Add checks for array access
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
@ 2017-12-19 3:28 ` Hao Wu
2017-12-19 3:28 ` [PATCH 02/17] BaseTools/EfiRom: Refine the logic in main() Hao Wu
` (16 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:28 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/Common/Decompress.c | 8 ++++----
BaseTools/Source/C/Common/SimpleFileParsing.c | 12 +++++-------
2 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c
index b2049bd01c..8f1afb4e40 100644
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c
@@ -2,7 +2,7 @@
Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano
compress algorithm.
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -394,7 +394,7 @@ Returns:
Index = 0;
- while (Index < Number) {
+ while (Index < Number && Index < NPT) {
CharC = (UINT16) (Sd->mBitBuf >> (BITBUFSIZ - 3));
@@ -413,14 +413,14 @@ Returns:
if (Index == Special) {
CharC = (UINT16) GetBits (Sd, 2);
CharC--;
- while ((INT16) (CharC) >= 0) {
+ while ((INT16) (CharC) >= 0 && Index < NPT) {
Sd->mPTLen[Index++] = 0;
CharC--;
}
}
}
- while (Index < nn) {
+ while (Index < nn && Index < NPT) {
Sd->mPTLen[Index++] = 0;
}
diff --git a/BaseTools/Source/C/Common/SimpleFileParsing.c b/BaseTools/Source/C/Common/SimpleFileParsing.c
index 868c6b794b..209a0954b3 100644
--- a/BaseTools/Source/C/Common/SimpleFileParsing.c
+++ b/BaseTools/Source/C/Common/SimpleFileParsing.c
@@ -1,7 +1,7 @@
/** @file
Generic but simple file parsing routines.
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1232,12 +1232,10 @@ GetHexChars (
{
UINT32 Len;
Len = 0;
- while (!EndOfFile (&mGlobals.SourceFile) && (BufferLen > 0)) {
+ while (!EndOfFile (&mGlobals.SourceFile) && (Len < BufferLen)) {
if (isxdigit ((int)mGlobals.SourceFile.FileBufferPtr[0])) {
- *Buffer = mGlobals.SourceFile.FileBufferPtr[0];
- Buffer++;
+ Buffer[Len] = mGlobals.SourceFile.FileBufferPtr[0];
Len++;
- BufferLen--;
mGlobals.SourceFile.FileBufferPtr++;
} else {
break;
@@ -1246,8 +1244,8 @@ GetHexChars (
//
// Null terminate if we can
//
- if ((Len > 0) && (BufferLen > 0)) {
- *Buffer = 0;
+ if ((Len > 0) && (Len < BufferLen)) {
+ Buffer[Len] = 0;
}
return Len;
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 02/17] BaseTools/EfiRom: Refine the logic in main()
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
2017-12-19 3:28 ` [PATCH 01/17] BaseTools/C/Common: Add checks for array access Hao Wu
@ 2017-12-19 3:28 ` Hao Wu
2017-12-19 3:28 ` [PATCH 03/17] BaseTools/LzmaCompress: Fix possible uninitialized variable Hao Wu
` (15 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:28 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
This commit refines the logic for main(). It makes the logic more
straightforward to prevent possible mis-reports by static code
checkers.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/EfiRom/EfiRom.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 0f89280251..6648f4c738 100644
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -101,11 +101,13 @@ Returns:
// Find the last . on the line and replace the filename extension with
// the default
//
- for (Ext = mOptions.OutFileName + strlen (mOptions.OutFileName) - 1;
- (Ext >= mOptions.OutFileName) && (*Ext != '.') && (*Ext != '\\');
- Ext--
- )
- ;
+ Ext = mOptions.OutFileName + strlen (mOptions.OutFileName) - 1;
+ while (Ext >= mOptions.OutFileName) {
+ if ((*Ext == '.') || (*Ext == '\\')) {
+ break;
+ }
+ Ext--;
+ }
//
// If dot here, then insert extension here, otherwise append
//
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 03/17] BaseTools/LzmaCompress: Fix possible uninitialized variable
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
2017-12-19 3:28 ` [PATCH 01/17] BaseTools/C/Common: Add checks for array access Hao Wu
2017-12-19 3:28 ` [PATCH 02/17] BaseTools/EfiRom: Refine the logic in main() Hao Wu
@ 2017-12-19 3:28 ` Hao Wu
2017-12-19 3:28 ` [PATCH 04/17] BaseTools/C/Common: Remove redundant type cast Hao Wu
` (14 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:28 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c b/BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c
index 98fe7164f5..b2fed368a4 100644
--- a/BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c
+++ b/BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c
@@ -213,7 +213,7 @@ WRes File_GetLength(CSzFile *p, UInt64 *length)
{
#ifdef USE_WINDOWS_FILE
- DWORD sizeHigh;
+ DWORD sizeHigh = 0;
DWORD sizeLow = GetFileSize(p->handle, &sizeHigh);
if (sizeLow == 0xFFFFFFFF)
{
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 04/17] BaseTools/C/Common: Remove redundant type cast
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (2 preceding siblings ...)
2017-12-19 3:28 ` [PATCH 03/17] BaseTools/LzmaCompress: Fix possible uninitialized variable Hao Wu
@ 2017-12-19 3:28 ` Hao Wu
2017-12-19 3:29 ` [PATCH 05/17] BaseTools/VfrCompile: Assign 'NULL' for closed file handle Hao Wu
` (13 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:28 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/Common/BasePeCoff.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/BaseTools/Source/C/Common/BasePeCoff.c b/BaseTools/Source/C/Common/BasePeCoff.c
index 692663d0e4..fb7ce25122 100644
--- a/BaseTools/Source/C/Common/BasePeCoff.c
+++ b/BaseTools/Source/C/Common/BasePeCoff.c
@@ -2,7 +2,7 @@
Functions to get info and load PE/COFF image.
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
Portions Copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -1080,12 +1080,10 @@ Returns:
PeHdr->Pe32.OptionalHeader.AddressOfEntryPoint
);
} else {
- ImageContext->EntryPoint = (PHYSICAL_ADDRESS) (
- (UINTN)ImageContext->ImageAddress +
- (UINTN)TeHdr->AddressOfEntryPoint +
- (UINTN)sizeof(EFI_TE_IMAGE_HEADER) -
- (UINTN) TeHdr->StrippedSize
- );
+ ImageContext->EntryPoint = (UINTN)ImageContext->ImageAddress +
+ (UINTN)TeHdr->AddressOfEntryPoint +
+ (UINTN)sizeof(EFI_TE_IMAGE_HEADER) -
+ (UINTN) TeHdr->StrippedSize;
}
//
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 05/17] BaseTools/VfrCompile: Assign 'NULL' for closed file handle
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (3 preceding siblings ...)
2017-12-19 3:28 ` [PATCH 04/17] BaseTools/C/Common: Remove redundant type cast Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 06/17] BaseTools/GenFv: Add check to ensure the file handle status is correct Hao Wu
` (12 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Assign 'NULL' value to the already-closed file handle to avoid closing
the handle multiple times.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/VfrCompile/VfrCompiler.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/VfrCompile/VfrCompiler.cpp b/BaseTools/Source/C/VfrCompile/VfrCompiler.cpp
index 831f6b5174..ff2a837dfc 100644
--- a/BaseTools/Source/C/VfrCompile/VfrCompiler.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrCompiler.cpp
@@ -2,7 +2,7 @@
VfrCompiler main class and main function.
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -703,6 +703,7 @@ CVfrCompiler::Compile (
}
fclose (pInFile);
+ pInFile = NULL;
if (gCFormPkg.HavePendingUnassigned () == TRUE) {
gCFormPkg.PendingAssignPrintAll ();
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 06/17] BaseTools/GenFv: Add check to ensure the file handle status is correct
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (4 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 05/17] BaseTools/VfrCompile: Assign 'NULL' for closed file handle Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 07/17] BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls Hao Wu
` (11 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add an extra NULL check for the file handle to ensure that its status is
correct.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenFv/GenFv.c | 38 ++++++++++++++++++++------------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/BaseTools/Source/C/GenFv/GenFv.c b/BaseTools/Source/C/GenFv/GenFv.c
index 4de24b9f7e..be31840310 100644
--- a/BaseTools/Source/C/GenFv/GenFv.c
+++ b/BaseTools/Source/C/GenFv/GenFv.c
@@ -4,7 +4,7 @@
can be found in the Tiano Firmware Volume Generation Utility
Specification, review draft.
-Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -607,23 +607,25 @@ Returns:
return STATUS_ERROR;
}
}
- fprintf (FpFile, "Capsule %s Image Header Information\n", InfFileName);
- fprintf (FpFile, " GUID %08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\n",
- (unsigned) CapsuleHeader->CapsuleGuid.Data1,
- (unsigned) CapsuleHeader->CapsuleGuid.Data2,
- (unsigned) CapsuleHeader->CapsuleGuid.Data3,
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[0],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[1],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[2],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[3],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[4],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[5],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[6],
- (unsigned) CapsuleHeader->CapsuleGuid.Data4[7]);
- fprintf (FpFile, " Header size 0x%08X\n", (unsigned) CapsuleHeader->HeaderSize);
- fprintf (FpFile, " Flags 0x%08X\n", (unsigned) CapsuleHeader->Flags);
- fprintf (FpFile, " Capsule image size 0x%08X\n", (unsigned) CapsuleHeader->CapsuleImageSize);
- fclose (FpFile);
+ if (FpFile != NULL) {
+ fprintf (FpFile, "Capsule %s Image Header Information\n", InfFileName);
+ fprintf (FpFile, " GUID %08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X\n",
+ (unsigned) CapsuleHeader->CapsuleGuid.Data1,
+ (unsigned) CapsuleHeader->CapsuleGuid.Data2,
+ (unsigned) CapsuleHeader->CapsuleGuid.Data3,
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[0],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[1],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[2],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[3],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[4],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[5],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[6],
+ (unsigned) CapsuleHeader->CapsuleGuid.Data4[7]);
+ fprintf (FpFile, " Header size 0x%08X\n", (unsigned) CapsuleHeader->HeaderSize);
+ fprintf (FpFile, " Flags 0x%08X\n", (unsigned) CapsuleHeader->Flags);
+ fprintf (FpFile, " Capsule image size 0x%08X\n", (unsigned) CapsuleHeader->CapsuleImageSize);
+ fclose (FpFile);
+ }
} else if (CapsuleFlag) {
VerboseMsg ("Create capsule image");
//
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 07/17] BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (5 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 06/17] BaseTools/GenFv: Add check to ensure the file handle status is correct Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 08/17] BaseTools/C/Common: Refine using sprintf() with '%s' in format string Hao Wu
` (10 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/Common/CommonLib.c | 24 +++++++++++++++++-------
BaseTools/Source/C/Common/EfiUtilityMsgs.c | 9 +++------
2 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/BaseTools/Source/C/Common/CommonLib.c b/BaseTools/Source/C/Common/CommonLib.c
index 2f0aecf252..4a62bec85e 100644
--- a/BaseTools/Source/C/Common/CommonLib.c
+++ b/BaseTools/Source/C/Common/CommonLib.c
@@ -1,7 +1,7 @@
/** @file
Common basic Library Functions
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -638,12 +638,22 @@ Returns:
//
RootPath = getcwd (NULL, 0);
if (RootPath != NULL) {
- strcat (mCommonLibFullPath, RootPath);
+ if (strlen (mCommonLibFullPath) + strlen (RootPath) > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
+ free (RootPath);
+ return NULL;
+ }
+ strncat (mCommonLibFullPath, RootPath, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
if (FileName[0] != '\\' && FileName[0] != '/') {
+ if (strlen (mCommonLibFullPath) + 1 > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
+ free (RootPath);
+ return NULL;
+ }
//
// Attach directory separator
//
- strcat (mCommonLibFullPath, "\\");
+ strncat (mCommonLibFullPath, "\\", MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
free (RootPath);
}
@@ -673,7 +683,7 @@ Returns:
//
if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) {
*(PathPointer + 2) = '\0';
- strcat (mCommonLibFullPath, PathPointer + 3);
+ strncat (mCommonLibFullPath, PathPointer + 3, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@@ -681,7 +691,7 @@ Returns:
//
while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) {
*PathPointer = '\0';
- strcat (mCommonLibFullPath, PathPointer + 2);
+ strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@@ -689,7 +699,7 @@ Returns:
//
while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) {
*PathPointer = '\0';
- strcat (mCommonLibFullPath, PathPointer + 2);
+ strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@@ -706,7 +716,7 @@ Returns:
// Skip one directory
//
*PathPointer = '\0';
- strcat (mCommonLibFullPath, NextPointer);
+ strncat (mCommonLibFullPath, NextPointer, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} else {
//
// No directory is found. Just break.
diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
index 7b4c2310ca..5496a439e2 100644
--- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c
+++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
@@ -1,7 +1,7 @@
/** @file
EFI tools utility functions to display warning, error, and informational messages
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -608,12 +608,9 @@ Returns:
if (UtilityName != NULL) {
if (strlen (UtilityName) >= sizeof (mUtilityName)) {
Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size");
- strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
- mUtilityName[sizeof (mUtilityName) - 1] = 0;
- return ;
- } else {
- strcpy (mUtilityName, UtilityName);
}
+ strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
+ mUtilityName[sizeof (mUtilityName) - 1] = 0;
} else {
Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name");
}
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 08/17] BaseTools/C/Common: Refine using sprintf() with '%s' in format string
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (6 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 07/17] BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls Hao Wu
` (9 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
The commit removes the usages of sprintf() function calls with '%s' in
the format string. And uses strncpy/strncat instead to ensure the
destination string buffers will not be accessed beyond their boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/Common/EfiUtilityMsgs.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
index 5496a439e2..44925c642b 100644
--- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c
+++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
@@ -462,10 +462,11 @@ Notes:
);
}
if (Cptr != NULL) {
- sprintf (Line, ": %s", Cptr);
+ strcpy (Line, ": ");
+ strncat (Line, Cptr, MAX_LINE_LEN - strlen (Line) - 1);
if (LineNumber != 0) {
sprintf (Line2, "(%u)", (unsigned) LineNumber);
- strcat (Line, Line2);
+ strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
}
}
} else {
@@ -476,14 +477,16 @@ Notes:
if (mUtilityName[0] != '\0') {
fprintf (stdout, "%s...\n", mUtilityName);
}
- sprintf (Line, "%s", Cptr);
+ strncpy (Line, Cptr, MAX_LINE_LEN - 1);
+ Line[MAX_LINE_LEN - 1] = 0;
if (LineNumber != 0) {
sprintf (Line2, "(%u)", (unsigned) LineNumber);
- strcat (Line, Line2);
+ strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
}
} else {
if (mUtilityName[0] != '\0') {
- sprintf (Line, "%s", mUtilityName);
+ strncpy (Line, mUtilityName, MAX_LINE_LEN - 1);
+ Line[MAX_LINE_LEN - 1] = 0;
}
}
@@ -501,12 +504,12 @@ Notes:
// Have to print an error code or Visual Studio won't find the
// message for you. It has to be decimal digits too.
//
+ strncat (Line, ": ", MAX_LINE_LEN - strlen (Line) - 1);
+ strncat (Line, Type, MAX_LINE_LEN - strlen (Line) - 1);
if (MessageCode != 0) {
- sprintf (Line2, ": %s %04u", Type, (unsigned) MessageCode);
- } else {
- sprintf (Line2, ": %s", Type);
+ sprintf (Line2, " %04u", (unsigned) MessageCode);
+ strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
}
- strcat (Line, Line2);
fprintf (stdout, "%s", Line);
//
// If offending text was provided, then print it
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (7 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 08/17] BaseTools/C/Common: Refine using sprintf() with '%s' in format string Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 10/17] BaseTools/GenBootSector: Add/refine boundary checks for strcpy/strcat Hao Wu
` (8 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/EfiRom/EfiRom.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 6648f4c738..fc3b5ad277 100644
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -96,7 +96,13 @@ Returns:
//
if (!mOptions.OutFileName[0]) {
if (mOptions.FileList != NULL) {
- strcpy (mOptions.OutFileName, mOptions.FileList->FileName);
+ if (strlen (mOptions.FileList->FileName) >= MAX_PATH) {
+ Status = STATUS_ERROR;
+ Error (NULL, 0, 2000, "Invalid parameter", "Input file name is too long - %s.", mOptions.FileList->FileName);
+ goto BailOut;
+ }
+ strncpy (mOptions.OutFileName, mOptions.FileList->FileName, MAX_PATH - 1);
+ mOptions.OutFileName[MAX_PATH - 1] = 0;
//
// Find the last . on the line and replace the filename extension with
// the default
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 10/17] BaseTools/GenBootSector: Add/refine boundary checks for strcpy/strcat
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (8 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 11/17] BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls Hao Wu
` (7 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenBootSector/GenBootSector.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/BaseTools/Source/C/GenBootSector/GenBootSector.c b/BaseTools/Source/C/GenBootSector/GenBootSector.c
index 3908c589af..c02de49ba2 100644
--- a/BaseTools/Source/C/GenBootSector/GenBootSector.c
+++ b/BaseTools/Source/C/GenBootSector/GenBootSector.c
@@ -4,7 +4,7 @@ Reading/writing MBR/DBR.
If we write MBR to disk, we just update the MBR code and the partition table wouldn't be over written.
If we process DBR, we will patch MBR to set first partition active if no active partition exists.
-Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -631,6 +631,14 @@ GetPathInfo (
return ErrorSuccess;
}
+ //
+ // Check the path length
+ //
+ if (strlen (PathInfo->Path) >= (sizeof (PathInfo->PhysicalPath) / sizeof (PathInfo->PhysicalPath[0]))) {
+ fprintf (stderr, "ERROR, Path is too long for - %s", PathInfo->Path);
+ return ErrorPath;
+ }
+
PathInfo->Type = PathFile;
if (PathInfo->Input) {
//
@@ -644,7 +652,12 @@ GetPathInfo (
fclose (f);
}
PathInfo->Type = PathFile;
- strcpy(PathInfo->PhysicalPath, PathInfo->Path);
+ strncpy(
+ PathInfo->PhysicalPath,
+ PathInfo->Path,
+ sizeof (PathInfo->PhysicalPath) / sizeof (PathInfo->PhysicalPath[0]) - 1
+ );
+ PathInfo->PhysicalPath[sizeof (PathInfo->PhysicalPath) / sizeof (PathInfo->PhysicalPath[0]) - 1] = 0;
return ErrorSuccess;
}
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 11/17] BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (9 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 10/17] BaseTools/GenBootSector: Add/refine boundary checks for strcpy/strcat Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 12/17] BaseTools/GenVtf: " Hao Wu
` (6 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenFv/GenFvInternalLib.c | 26 ++++++++++++++++++++++----
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/BaseTools/Source/C/GenFv/GenFvInternalLib.c b/BaseTools/Source/C/GenFv/GenFvInternalLib.c
index 2b80e7919b..fc1a7602ab 100644
--- a/BaseTools/Source/C/GenFv/GenFvInternalLib.c
+++ b/BaseTools/Source/C/GenFv/GenFvInternalLib.c
@@ -824,7 +824,11 @@ Returns:
//
// Construct Map file Name
//
- strcpy (PeMapFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ return EFI_ABORTED;
+ }
+ strncpy (PeMapFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeMapFileName[MAX_LONG_FILE_PATH - 1] = 0;
//
// Change '\\' to '/', unified path format.
@@ -861,7 +865,11 @@ Returns:
Cptr --;
}
*Cptr2 = '\0';
- strcpy (KeyWord, Cptr + 1);
+ if (strlen (Cptr + 1) >= MAX_LINE_LEN) {
+ return EFI_ABORTED;
+ }
+ strncpy (KeyWord, Cptr + 1, MAX_LINE_LEN - 1);
+ KeyWord[MAX_LINE_LEN - 1] = 0;
*Cptr2 = '.';
//
@@ -3534,7 +3542,12 @@ Returns:
//
// Construct the original efi file Name
//
- strcpy (PeFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
+ return EFI_ABORTED;
+ }
+ strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;
@@ -3789,7 +3802,12 @@ Returns:
//
// Construct the original efi file name
//
- strcpy (PeFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
+ return EFI_ABORTED;
+ }
+ strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 12/17] BaseTools/GenVtf: Add/refine boundary checks for strcpy/strcat calls
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (10 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 11/17] BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 13/17] BaseTools/VfrCompile: Add/refine boundary checks for strcpy/strcat Hao Wu
` (5 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenVtf/GenVtf.c | 43 ++++++++++++++++++++++++++++++++------
1 file changed, 37 insertions(+), 6 deletions(-)
diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
index 2ae9a7be2c..65ae08eece 100644
--- a/BaseTools/Source/C/GenVtf/GenVtf.c
+++ b/BaseTools/Source/C/GenVtf/GenVtf.c
@@ -362,10 +362,20 @@ Returns:
}
} else if (strnicmp (*TokenStr, "COMP_BIN", 8) == 0) {
TokenStr++;
- strcpy (VtfInfo->CompBinName, *TokenStr);
+ if (strlen (*TokenStr) >= FILE_NAME_SIZE) {
+ Error (NULL, 0, 3000, "Invalid", "The 'COMP_BIN' name is too long.");
+ return ;
+ }
+ strncpy (VtfInfo->CompBinName, *TokenStr, FILE_NAME_SIZE - 1);
+ VtfInfo->CompBinName[FILE_NAME_SIZE - 1] = 0;
} else if (strnicmp (*TokenStr, "COMP_SYM", 8) == 0) {
TokenStr++;
- strcpy (VtfInfo->CompSymName, *TokenStr);
+ if (strlen (*TokenStr) >= FILE_NAME_SIZE) {
+ Error (NULL, 0, 3000, "Invalid", "The 'COMP_SYM' name is too long.");
+ return ;
+ }
+ strncpy (VtfInfo->CompSymName, *TokenStr, FILE_NAME_SIZE - 1);
+ VtfInfo->CompSymName[FILE_NAME_SIZE - 1] = 0;
} else if (strnicmp (*TokenStr, "COMP_SIZE", 9) == 0) {
TokenStr++;
if (strnicmp (*TokenStr, "-", 1) == 0) {
@@ -444,14 +454,24 @@ Returns:
if (SectionOptionFlag) {
if (stricmp (*TokenStr, "IA32_RST_BIN") == 0) {
TokenStr++;
- strcpy (IA32BinFile, *TokenStr);
+ if (strlen (*TokenStr) >= FILE_NAME_SIZE) {
+ Error (NULL, 0, 3000, "Invalid", "The 'IA32_RST_BIN' name is too long.");
+ break;
+ }
+ strncpy (IA32BinFile, *TokenStr, FILE_NAME_SIZE - 1);
+ IA32BinFile[FILE_NAME_SIZE - 1] = 0;
}
}
if (SectionCompFlag) {
if (stricmp (*TokenStr, "COMP_NAME") == 0) {
TokenStr++;
- strcpy (FileListPtr->CompName, *TokenStr);
+ if (strlen (*TokenStr) >= COMPONENT_NAME_SIZE) {
+ Error (NULL, 0, 3000, "Invalid", "The 'COMP_NAME' name is too long.");
+ break;
+ }
+ strncpy (FileListPtr->CompName, *TokenStr, COMPONENT_NAME_SIZE - 1);
+ FileListPtr->CompName[COMPONENT_NAME_SIZE - 1] = 0;
TokenStr++;
ParseAndUpdateComponents (FileListPtr);
}
@@ -2240,9 +2260,20 @@ Returns:
//
// Use the file name minus extension as the base for tokens
//
- strcpy (BaseToken, SourceFileName);
+ if (strlen (SourceFileName) >= MAX_LONG_FILE_PATH) {
+ fclose (SourceFile);
+ Error (NULL, 0, 2000, "Invalid parameter", "The source file name is too long.");
+ return EFI_ABORTED;
+ }
+ strncpy (BaseToken, SourceFileName, MAX_LONG_FILE_PATH - 1);
+ BaseToken[MAX_LONG_FILE_PATH - 1] = 0;
strtok (BaseToken, ". \t\n");
- strcat (BaseToken, "__");
+ if (strlen (BaseToken) + strlen ("__") >= MAX_LONG_FILE_PATH) {
+ fclose (SourceFile);
+ Error (NULL, 0, 2000, "Invalid parameter", "The source file name is too long.");
+ return EFI_ABORTED;
+ }
+ strncat (BaseToken, "__", MAX_LONG_FILE_PATH - strlen (BaseToken) - 1);
//
// Open the destination file
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 13/17] BaseTools/VfrCompile: Add/refine boundary checks for strcpy/strcat
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (11 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 12/17] BaseTools/GenVtf: " Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 14/17] BaseTools/VfrCompile: Resolve uninit class variables in constructor Hao Wu
` (4 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index 0fe14b0d29..4866639aab 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "stdio.h"
#include "stdlib.h"
+#include "assert.h"
#include "CommonLib.h"
#include "VfrUtilityLib.h"
#include "VfrFormPkg.h"
@@ -842,7 +843,9 @@ CVfrVarDataTypeDB::InternalTypesListInit (
for (Index = 0; gInternalTypesTable[Index].mTypeName != NULL; Index++) {
New = new SVfrDataType;
if (New != NULL) {
- strcpy (New->mTypeName, gInternalTypesTable[Index].mTypeName);
+ assert (strlen (gInternalTypesTable[Index].mTypeName) < MAX_NAME_LEN);
+ strncpy (New->mTypeName, gInternalTypesTable[Index].mTypeName, MAX_NAME_LEN - 1);
+ New->mTypeName[MAX_NAME_LEN - 1] = 0;
New->mType = gInternalTypesTable[Index].mType;
New->mAlign = gInternalTypesTable[Index].mAlign;
New->mTotalSize = gInternalTypesTable[Index].mSize;
@@ -1084,7 +1087,8 @@ CVfrVarDataTypeDB::SetNewTypeName (
}
}
- strcpy(mNewDataType->mTypeName, TypeName);
+ strncpy(mNewDataType->mTypeName, TypeName, MAX_NAME_LEN - 1);
+ mNewDataType->mTypeName[MAX_NAME_LEN - 1] = 0;
return VFR_RETURN_SUCCESS;
}
@@ -1145,7 +1149,8 @@ CVfrVarDataTypeDB::DataTypeAddBitField (
MaxDataTypeSize = mNewDataType->mTotalSize;
if (FieldName != NULL) {
- strcpy (pNewField->mFieldName, FieldName);
+ strncpy (pNewField->mFieldName, FieldName, MAX_NAME_LEN - 1);
+ pNewField->mFieldName[MAX_NAME_LEN - 1] = 0;
}
pNewField->mFieldType = pFieldType;
pNewField->mIsBitField = TRUE;
@@ -1239,7 +1244,8 @@ CVfrVarDataTypeDB::DataTypeAddField (
if ((pNewField = new SVfrDataField) == NULL) {
return VFR_RETURN_OUT_FOR_RESOURCES;
}
- strcpy (pNewField->mFieldName, FieldName);
+ strncpy (pNewField->mFieldName, FieldName, MAX_NAME_LEN - 1);
+ pNewField->mFieldName[MAX_NAME_LEN - 1] = 0;
pNewField->mFieldType = pFieldType;
pNewField->mArrayNum = ArrayNum;
pNewField->mIsBitField = FALSE;
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 14/17] BaseTools/VfrCompile: Resolve uninit class variables in constructor
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (12 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 13/17] BaseTools/VfrCompile: Add/refine boundary checks for strcpy/strcat Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 15/17] BaseTools/GenFfs: Enlarge the size of 'AlignmentBuffer' Hao Wu
` (3 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
The commit initializes those possibly uninitialized class variables in
class constructors.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/VfrCompile/VfrError.cpp | 1 +
BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp | 6 ++++++
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 3 +++
3 files changed, 10 insertions(+)
diff --git a/BaseTools/Source/C/VfrCompile/VfrError.cpp b/BaseTools/Source/C/VfrCompile/VfrError.cpp
index 0f8f7dd891..2366fac5a7 100644
--- a/BaseTools/Source/C/VfrCompile/VfrError.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrError.cpp
@@ -67,6 +67,7 @@ CVfrErrorHandle::CVfrErrorHandle (
mScopeRecordListTail = NULL;
mVfrErrorHandleTable = VFR_ERROR_HANDLE_TABLE;
mVfrWarningHandleTable = VFR_WARNING_HANDLE_TABLE;
+ mWarningAsError = FALSE;
}
CVfrErrorHandle::~CVfrErrorHandle (
diff --git a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
index b8350623f2..0f0efd4c6d 100644
--- a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
@@ -104,8 +104,13 @@ CFormPkg::CFormPkg (
SBufferNode *Node;
mPkgLength = 0;
+ mBufferSize = 0;
mBufferNodeQueueHead = NULL;
+ mBufferNodeQueueTail = NULL;
mCurrBufferNode = NULL;
+ mReadBufferNode = NULL;
+ mReadBufferOffset = 0;
+ PendingAssignList = NULL;
Node = new SBufferNode;
if (Node == NULL) {
@@ -2421,6 +2426,7 @@ CIfrObj::CIfrObj (
mObjBinLen = (ObjBinLen == 0) ? gOpcodeSizesScopeTable[OpCode].mSize : ObjBinLen;
mObjBinBuf = ((DelayEmit == FALSE) && (gCreateOp == TRUE)) ? gCFormPkg.IfrBinBufferGet (mObjBinLen) : new CHAR8[EFI_IFR_MAX_LENGTH];
mRecordIdx = (gCreateOp == TRUE) ? gCIfrRecordInfoDB.IfrRecordRegister (0xFFFFFFFF, mObjBinBuf, mObjBinLen, mPkgOffset) : EFI_IFR_RECORDINFO_IDX_INVALUD;
+ mLineNo = 0;
assert (mObjBinBuf != NULL);
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index 4866639aab..c536498d77 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -958,6 +958,7 @@ CVfrVarDataTypeDB::CVfrVarDataTypeDB (
mPackAlign = DEFAULT_PACK_ALIGN;
mPackStack = NULL;
mFirstNewDataTypeName = NULL;
+ mCurrDataType = NULL;
InternalTypesListInit ();
}
@@ -1605,6 +1606,7 @@ SVfrVarStorageNode::SVfrVarStorageNode (
IN EFI_VARSTORE_ID VarStoreId
)
{
+ memset (&mGuid, 0, sizeof (EFI_GUID));
if (StoreName != NULL) {
mVarStoreName = new CHAR8[strlen(StoreName) + 1];
strcpy (mVarStoreName, StoreName);
@@ -1616,6 +1618,7 @@ SVfrVarStorageNode::SVfrVarStorageNode (
mVarStoreType = EFI_VFR_VARSTORE_NAME;
mStorageInfo.mNameSpace.mNameTable = new EFI_VARSTORE_ID[DEFAULT_NAME_TABLE_ITEMS];
mStorageInfo.mNameSpace.mTableSize = 0;
+ mAssignedFlag = FALSE;
}
SVfrVarStorageNode::~SVfrVarStorageNode (
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 15/17] BaseTools/GenFfs: Enlarge the size of 'AlignmentBuffer'
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (13 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 14/17] BaseTools/VfrCompile: Resolve uninit class variables in constructor Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 16/17] BaseTools/GenSec: Fix potential memory leak Hao Wu
` (2 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
As a workaround for the static code checkers, enlarge the size of the
string buffer 'AlignmentBuffer' so that it can hold all the digits of an
unsigned 32-bit integer plus the size unit character (e.g. 'M' & 'K').
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenFfs/GenFfs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/GenFfs/GenFfs.c b/BaseTools/Source/C/GenFfs/GenFfs.c
index 3b4a9b7761..eb40c30ea7 100644
--- a/BaseTools/Source/C/GenFfs/GenFfs.c
+++ b/BaseTools/Source/C/GenFfs/GenFfs.c
@@ -606,7 +606,12 @@ Returns:
UINT8 PeSectionNum;
UINT32 HeaderSize;
UINT32 Alignment;
- CHAR8 AlignmentBuffer[8];
+ //
+ // Workaround for static code checkers.
+ // Ensures the size of 'AlignmentBuffer' can hold all the digits of an
+ // unsigned 32-bit integer plus the size unit character.
+ //
+ CHAR8 AlignmentBuffer[16];
//
// Init local variables
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 16/17] BaseTools/GenSec: Fix potential memory leak
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (14 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 15/17] BaseTools/GenFfs: Enlarge the size of 'AlignmentBuffer' Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-19 3:29 ` [PATCH 17/17] BaseTools/GenSec: Fix potential null pointer dereference Hao Wu
2017-12-25 1:48 ` [PATCH 00/17] BaseTools/C: Code refinements Gao, Liming
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenSec/GenSec.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c
index 5545f12b74..01d3bc4448 100644
--- a/BaseTools/Source/C/GenSec/GenSec.c
+++ b/BaseTools/Source/C/GenSec/GenSec.c
@@ -1670,7 +1670,11 @@ Finish:
if (OutFile != NULL) {
fclose (OutFile);
}
-
+
+ if (DummyFileBuffer != NULL) {
+ free (DummyFileBuffer);
+ }
+
VerboseMsg ("%s tool done with return code is 0x%x.", UTILITY_NAME, GetUtilityStatus ());
return GetUtilityStatus ();
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 17/17] BaseTools/GenSec: Fix potential null pointer dereference
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (15 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 16/17] BaseTools/GenSec: Fix potential memory leak Hao Wu
@ 2017-12-19 3:29 ` Hao Wu
2017-12-25 1:48 ` [PATCH 00/17] BaseTools/C: Code refinements Gao, Liming
17 siblings, 0 replies; 19+ messages in thread
From: Hao Wu @ 2017-12-19 3:29 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Liming Gao, Yonghong Zhu
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
BaseTools/Source/C/GenSec/GenSec.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/BaseTools/Source/C/GenSec/GenSec.c b/BaseTools/Source/C/GenSec/GenSec.c
index 01d3bc4448..fb5bc5e992 100644
--- a/BaseTools/Source/C/GenSec/GenSec.c
+++ b/BaseTools/Source/C/GenSec/GenSec.c
@@ -1333,10 +1333,20 @@ Returns:
DummyFileSize = ftell (DummyFile);
fseek (DummyFile, 0, SEEK_SET);
DummyFileBuffer = (UINT8 *) malloc (DummyFileSize);
+ if (DummyFileBuffer == NULL) {
+ fclose(DummyFile);
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allcoated");
+ goto Finish;
+ }
+
fread(DummyFileBuffer, 1, DummyFileSize, DummyFile);
fclose(DummyFile);
DebugMsg (NULL, 0, 9, "Dummy files", "the dummy file name is %s and the size is %u bytes", DummyFileName, (unsigned) DummyFileSize);
+ if (InputFileName == NULL) {
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allcoated");
+ goto Finish;
+ }
InFile = fopen(LongFilePath(InputFileName[0]), "rb");
if (InFile == NULL) {
Error (NULL, 0, 0001, "Error opening file", InputFileName[0]);
@@ -1347,6 +1357,12 @@ Returns:
InFileSize = ftell (InFile);
fseek (InFile, 0, SEEK_SET);
InFileBuffer = (UINT8 *) malloc (InFileSize);
+ if (InFileBuffer == NULL) {
+ fclose(InFile);
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allcoated");
+ goto Finish;
+ }
+
fread(InFileBuffer, 1, InFileSize, InFile);
fclose(InFile);
DebugMsg (NULL, 0, 9, "Input files", "the input file name is %s and the size is %u bytes", InputFileName[0], (unsigned) InFileSize);
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH 00/17] BaseTools/C: Code refinements
2017-12-19 3:28 [PATCH 00/17] BaseTools/C: Code refinements Hao Wu
` (16 preceding siblings ...)
2017-12-19 3:29 ` [PATCH 17/17] BaseTools/GenSec: Fix potential null pointer dereference Hao Wu
@ 2017-12-25 1:48 ` Gao, Liming
17 siblings, 0 replies; 19+ messages in thread
From: Gao, Liming @ 2017-12-25 1:48 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org
Reviewed-by: Liming Gao <liming.gao@intel.com>
>-----Original Message-----
>From: Wu, Hao A
>Sent: Tuesday, December 19, 2017 11:29 AM
>To: edk2-devel@lists.01.org
>Cc: Wu, Hao A <hao.a.wu@intel.com>; Gao, Liming <liming.gao@intel.com>;
>Zhu, Yonghong <yonghong.zhu@intel.com>
>Subject: [PATCH 00/17] BaseTools/C: Code refinements
>
>The series refines the C/C++ source codes within BaseTools for the below
>catagories:
>* Resolve uninitialized:
> Local variables and
> Class variables in constructor
>
>* Add/refine boundary checks when accessing (string) buffers.
>
>* Add/refine status checks for the usage of file handles
>
>* Remove redundant explicit type casts
>
>* Resolve possible resource/memory leaks
>
>* Resolve possible NULL pointer dereferences
>
>Cc: Liming Gao <liming.gao@intel.com>
>Cc: Yonghong Zhu <yonghong.zhu@intel.com>
>
>Hao Wu (17):
> BaseTools/C/Common: Add checks for array access
> BaseTools/EfiRom: Refine the logic in main()
> BaseTools/LzmaCompress: Fix possible uninitialized variable
> BaseTools/C/Common: Remove redundant type cast
> BaseTools/VfrCompile: Assign 'NULL' for closed file handle
> BaseTools/GenFv: Add check to ensure the file handle status is correct
> BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls
> BaseTools/C/Common: Refine using sprintf() with '%s' in format string
> BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls
> BaseTools/GenBootSector: Add/refine boundary checks for strcpy/strcat
> BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls
> BaseTools/GenVtf: Add/refine boundary checks for strcpy/strcat calls
> BaseTools/VfrCompile: Add/refine boundary checks for strcpy/strcat
> BaseTools/VfrCompile: Resolve uninit class variables in constructor
> BaseTools/GenFfs: Enlarge the size of 'AlignmentBuffer'
> BaseTools/GenSec: Fix potential memory leak
> BaseTools/GenSec: Fix potential null pointer dereference
>
> BaseTools/Source/C/Common/BasePeCoff.c | 12 +++----
> BaseTools/Source/C/Common/CommonLib.c | 24 +++++++++----
> BaseTools/Source/C/Common/Decompress.c | 8 ++---
> BaseTools/Source/C/Common/EfiUtilityMsgs.c | 30 ++++++++---------
> BaseTools/Source/C/Common/SimpleFileParsing.c | 12 +++----
> BaseTools/Source/C/EfiRom/EfiRom.c | 20 +++++++----
> BaseTools/Source/C/GenBootSector/GenBootSector.c | 17 ++++++++--
> BaseTools/Source/C/GenFfs/GenFfs.c | 7 +++-
> BaseTools/Source/C/GenFv/GenFv.c | 38 +++++++++++----------
> BaseTools/Source/C/GenFv/GenFvInternalLib.c | 26 +++++++++++---
> BaseTools/Source/C/GenSec/GenSec.c | 22 +++++++++++-
> BaseTools/Source/C/GenVtf/GenVtf.c | 43 ++++++++++++++++++++-
>---
> BaseTools/Source/C/LzmaCompress/Sdk/C/7zFile.c | 2 +-
> BaseTools/Source/C/VfrCompile/VfrCompiler.cpp | 3 +-
> BaseTools/Source/C/VfrCompile/VfrError.cpp | 1 +
> BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp | 6 ++++
> BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 17 +++++++---
> 17 files changed, 204 insertions(+), 84 deletions(-)
>
>--
>2.12.0.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread