[patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path
@ 2019-04-22  1:56 Dandan Bi
  2019-04-22  7:30 ` Wu, Hao A
  0 siblings, 1 reply; 2+ messages in thread
From: Dandan Bi @ 2019-04-22  1:56 UTC (permalink / raw)
  To: devel; +Cc: Hao Wu, Ray Ni, Liming Gao

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1652

Commit ffe5f7a6b4e9
"MdeModulePkg/HiiDatabase: Fix potential integer overflow "
added some new error paths, but it missed releasing the
mHiiDatabaseLock lock on those paths.
This patch releases mHiiDatabaseLock on those paths.

Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
---
 MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
index bd623cae15..a108fc6157 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
@@ -1,10 +1,10 @@
 /** @file
 Implementation for EFI_HII_IMAGE_PROTOCOL.
 
 
-Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
 
@@ -651,10 +651,11 @@ HiiNewImage (
   // Make sure the size doesn't overflow UINT32.
   // Note: 24Bit BMP occpuies 3 bytes per pixel.
   //
   NewBlockSize = (UINT32)Image->Width * Image->Height;
   if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
   NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
 
   //
@@ -678,10 +679,11 @@ HiiNewImage (
     //
     // Make sure the final package length doesn't overflow.
     // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24.
     //
     if (NewBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length) {
+      EfiReleaseLock (&mHiiDatabaseLock);
       return EFI_OUT_OF_RESOURCES;
     }
     //
     // Because ImagePackage->ImageBlockSize < ImagePackage->ImagePkgHdr.Header.Length,
     // So (ImagePackage->ImageBlockSize + NewBlockSize) <= MAX_UINT24
@@ -719,10 +721,11 @@ HiiNewImage (
     //
     // Make sure the final package length doesn't overflow.
     // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24.
     //
     if (NewBlockSize > MAX_UINT24 - (sizeof (EFI_HII_IMAGE_PACKAGE_HDR) + sizeof (EFI_HII_IIBT_END_BLOCK))) {
+      EfiReleaseLock (&mHiiDatabaseLock);
       return EFI_OUT_OF_RESOURCES;
     }
     //
     // The specified package list does not contain image package.
     // Create one to add this image block.
@@ -1159,16 +1162,18 @@ HiiSetImage (
   // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24.
   // 24Bit BMP occpuies 3 bytes per pixel.
   //
   NewBlockSize = (UINT32)Image->Width * Image->Height;
   if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
   NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
   if ((NewBlockSize > OldBlockSize) &&
       (NewBlockSize - OldBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length)
       ) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
 
   //
   // Adjust the image package to remove the original block firstly then add the new block.
-- 
2.18.0.windows.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path
  2019-04-22  1:56 [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path Dandan Bi
@ 2019-04-22  7:30 ` Wu, Hao A
  0 siblings, 0 replies; 2+ messages in thread
From: Wu, Hao A @ 2019-04-22  7:30 UTC (permalink / raw)
  To: Bi, Dandan, devel@edk2.groups.io; +Cc: Ni, Ray, Gao, Liming

> -----Original Message-----
> From: Bi, Dandan
> Sent: Monday, April 22, 2019 9:56 AM
> To: devel@edk2.groups.io
> Cc: Wu, Hao A; Ni, Ray; Gao, Liming
> Subject: [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error
> return path
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1652
> 
> Commit ffe5f7a6b4e9
> "MdeModulePkg/HiiDatabase: Fix potential integer overflow "
> added some new error paths, but it missed releasing the
> mHiiDatabaseLock lock on those paths.
> This patch releases mHiiDatabaseLock on those paths.

Reviewed-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu

> 
> Cc: Hao Wu <hao.a.wu@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Dandan Bi <dandan.bi@intel.com>
> ---
>  MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
> b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
> index bd623cae15..a108fc6157 100644
> --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
> +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
> @@ -1,10 +1,10 @@
>  /** @file
>  Implementation for EFI_HII_IMAGE_PROTOCOL.
> 
> 
> -Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> 
> 
> @@ -651,10 +651,11 @@ HiiNewImage (
>    // Make sure the size doesn't overflow UINT32.
>    // Note: 24Bit BMP occpuies 3 bytes per pixel.
>    //
>    NewBlockSize = (UINT32)Image->Width * Image->Height;
>    if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK)
> - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
> +    EfiReleaseLock (&mHiiDatabaseLock);
>      return EFI_OUT_OF_RESOURCES;
>    }
>    NewBlockSize = NewBlockSize * 3 + (sizeof
> (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
> 
>    //
> @@ -678,10 +679,11 @@ HiiNewImage (
>      //
>      // Make sure the final package length doesn't overflow.
>      // Length of the package header is represented using 24 bits. So MAX length
> is MAX_UINT24.
>      //
>      if (NewBlockSize > MAX_UINT24 - ImagePackage-
> >ImagePkgHdr.Header.Length) {
> +      EfiReleaseLock (&mHiiDatabaseLock);
>        return EFI_OUT_OF_RESOURCES;
>      }
>      //
>      // Because ImagePackage->ImageBlockSize < ImagePackage-
> >ImagePkgHdr.Header.Length,
>      // So (ImagePackage->ImageBlockSize + NewBlockSize) <= MAX_UINT24
> @@ -719,10 +721,11 @@ HiiNewImage (
>      //
>      // Make sure the final package length doesn't overflow.
>      // Length of the package header is represented using 24 bits. So MAX length
> is MAX_UINT24.
>      //
>      if (NewBlockSize > MAX_UINT24 - (sizeof (EFI_HII_IMAGE_PACKAGE_HDR) +
> sizeof (EFI_HII_IIBT_END_BLOCK))) {
> +      EfiReleaseLock (&mHiiDatabaseLock);
>        return EFI_OUT_OF_RESOURCES;
>      }
>      //
>      // The specified package list does not contain image package.
>      // Create one to add this image block.
> @@ -1159,16 +1162,18 @@ HiiSetImage (
>    // Length of the package header is represented using 24 bits. So MAX length
> is MAX_UINT24.
>    // 24Bit BMP occpuies 3 bytes per pixel.
>    //
>    NewBlockSize = (UINT32)Image->Width * Image->Height;
>    if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK)
> - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
> +    EfiReleaseLock (&mHiiDatabaseLock);
>      return EFI_OUT_OF_RESOURCES;
>    }
>    NewBlockSize = NewBlockSize * 3 + (sizeof
> (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
>    if ((NewBlockSize > OldBlockSize) &&
>        (NewBlockSize - OldBlockSize > MAX_UINT24 - ImagePackage-
> >ImagePkgHdr.Header.Length)
>        ) {
> +    EfiReleaseLock (&mHiiDatabaseLock);
>      return EFI_OUT_OF_RESOURCES;
>    }
> 
>    //
>    // Adjust the image package to remove the original block firstly then add the
> new block.
> --
> 2.18.0.windows.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-04-22  7:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-22  1:56 [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path Dandan Bi
2019-04-22  7:30 ` Wu, Hao A

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox