* [PATCH v1 0/2] Fix the possible NULL pointer dereference issue. @ 2019-01-15 1:26 Jiaxin Wu 2019-01-15 1:26 ` [PATCH v1 1/2] MdeModulePkg/NetLib.h: " Jiaxin Wu 2019-01-15 1:26 ` [PATCH v1 2/2] MdeModulePkg/Dhcp4Dxe: Use NET_LIST_FOR_EACH instead of NET_LIST_FOR_EACH_SAFE Jiaxin Wu 0 siblings, 2 replies; 5+ messages in thread From: Jiaxin Wu @ 2019-01-15 1:26 UTC (permalink / raw) To: edk2-devel; +Cc: Wu Hao A, Gao Liming, Ye Ting, Fu Siyuan, Wu Jiaxin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1456 For the NET_LIST_FOR_EACH & NET_LIST_FOR_EACH_SAFE, "Entry" should be checked whether it's NULL or not instead of using the pointer directly. Besides, NET_LIST_FOR_EACH_SAFE is defined to iterate through the double linked list in delete-safe way. It's unnecessary to use this macro if list entries won't be deleted. Cc: Wu Hao A <hao.a.wu@intel.com> Cc: Gao Liming <liming.gao@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Jiaxin Wu (2): MdeModulePkg/NetLib.h: Fix the possible NULL pointer dereference issue. MdeModulePkg/Dhcp4Dxe: Use NET_LIST_FOR_EACH instead of NET_LIST_FOR_EACH_SAFE. MdeModulePkg/Include/Library/NetLib.h | 6 +++--- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) -- 2.17.1.windows.2 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v1 1/2] MdeModulePkg/NetLib.h: Fix the possible NULL pointer dereference issue. 2019-01-15 1:26 [PATCH v1 0/2] Fix the possible NULL pointer dereference issue Jiaxin Wu @ 2019-01-15 1:26 ` Jiaxin Wu 2019-01-15 10:29 ` Laszlo Ersek 2019-01-15 1:26 ` [PATCH v1 2/2] MdeModulePkg/Dhcp4Dxe: Use NET_LIST_FOR_EACH instead of NET_LIST_FOR_EACH_SAFE Jiaxin Wu 1 sibling, 1 reply; 5+ messages in thread From: Jiaxin Wu @ 2019-01-15 1:26 UTC (permalink / raw) To: edk2-devel; +Cc: Wu Hao A, Gao Liming, Ye Ting, Fu Siyuan, Wu Jiaxin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1456 For the NET_LIST_FOR_EACH & NET_LIST_FOR_EACH_SAFE, "Entry" should be checked whether it's NULL or not instead of using the pointer directly. Cc: Wu Hao A <hao.a.wu@intel.com> Cc: Gao Liming <liming.gao@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> --- MdeModulePkg/Include/Library/NetLib.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Include/Library/NetLib.h b/MdeModulePkg/Include/Library/NetLib.h index 0977973921..5b1307553a 100644 --- a/MdeModulePkg/Include/Library/NetLib.h +++ b/MdeModulePkg/Include/Library/NetLib.h @@ -616,21 +616,21 @@ NetRandomInitSeed ( // // Iterate through the double linked list. It is NOT delete safe // #define NET_LIST_FOR_EACH(Entry, ListHead) \ - for(Entry = (ListHead)->ForwardLink; Entry != (ListHead); Entry = Entry->ForwardLink) + for(Entry = (ListHead)->ForwardLink; Entry != (ListHead), Entry != NULL; Entry = Entry->ForwardLink) // // Iterate through the double linked list. This is delete-safe. // Don't touch NextEntry. Also, don't use this macro if list // entries other than the Entry may be deleted when processing // the current Entry. // #define NET_LIST_FOR_EACH_SAFE(Entry, NextEntry, ListHead) \ - for(Entry = (ListHead)->ForwardLink, NextEntry = Entry->ForwardLink; \ - Entry != (ListHead); \ + for(Entry = (ListHead)->ForwardLink, (Entry != NULL) ? (NextEntry = Entry->ForwardLink) : (Entry = NULL); \ + Entry != (ListHead), Entry != NULL; \ Entry = NextEntry, NextEntry = Entry->ForwardLink \ ) // // Make sure the list isn't empty before getting the first/last record. -- 2.17.1.windows.2 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/2] MdeModulePkg/NetLib.h: Fix the possible NULL pointer dereference issue. 2019-01-15 1:26 ` [PATCH v1 1/2] MdeModulePkg/NetLib.h: " Jiaxin Wu @ 2019-01-15 10:29 ` Laszlo Ersek 2019-01-16 8:23 ` Wu, Jiaxin 0 siblings, 1 reply; 5+ messages in thread From: Laszlo Ersek @ 2019-01-15 10:29 UTC (permalink / raw) To: Jiaxin Wu, edk2-devel; +Cc: Wu Hao A, Ye Ting, Fu Siyuan, Gao Liming Hi Jiaxin, On 01/15/19 02:26, Jiaxin Wu wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1456 > > For the NET_LIST_FOR_EACH & NET_LIST_FOR_EACH_SAFE, "Entry" should be > checked whether it's NULL or not instead of using the pointer directly. > > Cc: Wu Hao A <hao.a.wu@intel.com> > Cc: Gao Liming <liming.gao@intel.com> > Cc: Ye Ting <ting.ye@intel.com> > Cc: Fu Siyuan <siyuan.fu@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> > --- > MdeModulePkg/Include/Library/NetLib.h | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/MdeModulePkg/Include/Library/NetLib.h b/MdeModulePkg/Include/Library/NetLib.h > index 0977973921..5b1307553a 100644 > --- a/MdeModulePkg/Include/Library/NetLib.h > +++ b/MdeModulePkg/Include/Library/NetLib.h > @@ -616,21 +616,21 @@ NetRandomInitSeed ( > > // > // Iterate through the double linked list. It is NOT delete safe > // > #define NET_LIST_FOR_EACH(Entry, ListHead) \ > - for(Entry = (ListHead)->ForwardLink; Entry != (ListHead); Entry = Entry->ForwardLink) > + for(Entry = (ListHead)->ForwardLink; Entry != (ListHead), Entry != NULL; Entry = Entry->ForwardLink) (1) The linked list from BaseLib (LIST_ENTRY) always has at least one element (the head element), and the list is empty if the head element points back to itself. In other words, ForwardLink may never be NULL. So why is it necessary to check against that case here? (2) If the NULL check is indeed necessary for some reason, then we should write Entry != (ListHead) && Entry != NULL in the controlling expression. Because, with the comma operator, the (Entry != (ListHead)) expression would be evaluated, but its result would be ignored. Thanks, Laszlo > > // > // Iterate through the double linked list. This is delete-safe. > // Don't touch NextEntry. Also, don't use this macro if list > // entries other than the Entry may be deleted when processing > // the current Entry. > // > #define NET_LIST_FOR_EACH_SAFE(Entry, NextEntry, ListHead) \ > - for(Entry = (ListHead)->ForwardLink, NextEntry = Entry->ForwardLink; \ > - Entry != (ListHead); \ > + for(Entry = (ListHead)->ForwardLink, (Entry != NULL) ? (NextEntry = Entry->ForwardLink) : (Entry = NULL); \ > + Entry != (ListHead), Entry != NULL; \ > Entry = NextEntry, NextEntry = Entry->ForwardLink \ > ) > > // > // Make sure the list isn't empty before getting the first/last record. > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1 1/2] MdeModulePkg/NetLib.h: Fix the possible NULL pointer dereference issue. 2019-01-15 10:29 ` Laszlo Ersek @ 2019-01-16 8:23 ` Wu, Jiaxin 0 siblings, 0 replies; 5+ messages in thread From: Wu, Jiaxin @ 2019-01-16 8:23 UTC (permalink / raw) To: Laszlo Ersek, edk2-devel@lists.01.org Cc: Wu, Hao A, Ye, Ting, Fu, Siyuan, Gao, Liming Hi Laszlo, Thanks review the patch. > > (1) The linked list from BaseLib (LIST_ENTRY) always has at least one > element (the head element), and the list is empty if the head element > points back to itself. In other words, ForwardLink may never be NULL. > > So why is it necessary to check against that case here? > I agree the ForwardLink in valid LIST_ENTRY can't be NULL. Here, I added the more condition check was considering the possible broken case of the LIST_ENTRY. But I also checked the other usage of *_FOR_EACH_SAFE /*_FOR_EACH, looks never or unnecessary to consider that case. If so, please drop the series patches and I will create another series patches to remove the unnecessary check after retrieving the value from list Entry. > (2) If the NULL check is indeed necessary for some reason, then we > should write > > Entry != (ListHead) && Entry != NULL > > in the controlling expression. Because, with the comma operator, the > (Entry != (ListHead)) expression would be evaluated, but its result > would be ignored. > Yes, I was also awared that, so I created patch v2 to fix that: [edk2] [PATCH v2 1/2] MdeModulePkg/NetLib.h: Fix the possible NULL pointer dereference issue. Fix the wrong condition in for cycle. Thanks, Jiaxin ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v1 2/2] MdeModulePkg/Dhcp4Dxe: Use NET_LIST_FOR_EACH instead of NET_LIST_FOR_EACH_SAFE. 2019-01-15 1:26 [PATCH v1 0/2] Fix the possible NULL pointer dereference issue Jiaxin Wu 2019-01-15 1:26 ` [PATCH v1 1/2] MdeModulePkg/NetLib.h: " Jiaxin Wu @ 2019-01-15 1:26 ` Jiaxin Wu 1 sibling, 0 replies; 5+ messages in thread From: Jiaxin Wu @ 2019-01-15 1:26 UTC (permalink / raw) To: edk2-devel; +Cc: Ye Ting, Fu Siyuan, Wu Jiaxin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1456 NET_LIST_FOR_EACH_SAFE is defined to iterate through the double linked list in delete-safe way. It's unnecessary to use this macro if list entries won't be deleted. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> --- MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c index 98a22a77b4..47a9db6489 100644 --- a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c +++ b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Io.c @@ -1493,15 +1493,15 @@ DhcpOnTimerTick ( IN EFI_EVENT Event, IN VOID *Context ) { LIST_ENTRY *Entry; - LIST_ENTRY *Next; DHCP_SERVICE *DhcpSb; DHCP_PROTOCOL *Instance; EFI_STATUS Status; + Entry = NULL; DhcpSb = (DHCP_SERVICE *) Context; Instance = DhcpSb->ActiveChild; // // 0xffff is the maximum supported value for elapsed time according to RFC. @@ -1644,11 +1644,11 @@ DhcpOnTimerTick ( ON_EXIT: // // Iterate through all the DhcpSb Children. // - NET_LIST_FOR_EACH_SAFE (Entry, Next, &DhcpSb->Children) { + NET_LIST_FOR_EACH (Entry, &DhcpSb->Children) { Instance = NET_LIST_USER_STRUCT (Entry, DHCP_PROTOCOL, Link); if ((Instance != NULL) && (Instance->Token != NULL)) { Instance->Timeout--; if (Instance->Timeout == 0) { -- 2.17.1.windows.2 ^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-01-16 8:23 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-01-15 1:26 [PATCH v1 0/2] Fix the possible NULL pointer dereference issue Jiaxin Wu 2019-01-15 1:26 ` [PATCH v1 1/2] MdeModulePkg/NetLib.h: " Jiaxin Wu 2019-01-15 10:29 ` Laszlo Ersek 2019-01-16 8:23 ` Wu, Jiaxin 2019-01-15 1:26 ` [PATCH v1 2/2] MdeModulePkg/Dhcp4Dxe: Use NET_LIST_FOR_EACH instead of NET_LIST_FOR_EACH_SAFE Jiaxin Wu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox