From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=x7Vqrq0d;
 spf=pass (domain: arm.com, ip: 40.107.15.81, mailfrom: krzysztof.koch@arm.com)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (EUR01-DB5-obe.outbound.protection.outlook.com [40.107.15.81])
 by groups.io with SMTP; Thu, 15 Aug 2019 06:13:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bHX7GHe/SdQGVmo99dU8M1GGCiCmG+k/3yaXEwSzzl8=;
 b=x7Vqrq0dfTI78revySklmMHXIud01I914nzYx5Cjjj6KabicRtCciEeSv7hxJIL7QL4/AIdWIVPBn91iA/1+TJvQvJ/yt+BCjl0DOXlmqMg0Go55WtVJPiMzGSC+nwzAMd/JZsU7uIAnyGrLL0CVSl68iqFmjiRWTG0oeH5dQlA=
Received: from VI1PR08CA0167.eurprd08.prod.outlook.com (2603:10a6:800:d1::21)
 by HE1PR0802MB2601.eurprd08.prod.outlook.com (2603:10a6:3:d8::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Thu, 15 Aug
 2019 13:13:04 +0000
Received: from DB5EUR03FT020.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e0a::206) by VI1PR08CA0167.outlook.office365.com
 (2603:10a6:800:d1::21) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2157.16 via Frontend
 Transport; Thu, 15 Aug 2019 13:13:04 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during
 lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 DB5EUR03FT020.mail.protection.outlook.com (10.152.20.134) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:13:03 +0000
Received: ("Tessian outbound 40a263b748b4:v26"); Thu, 15 Aug 2019 13:13:03 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 400698d2cdefa8eb
X-CR-MTA-TID: 64aa7808
Received: from 8ec41b02b547.1 (cr-mta-lb-1.cr-mta-net [104.47.9.54])
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id BB180F35-9BB1-42FE-8792-5512C76E62A2.1;
	Thu, 15 Aug 2019 13:12:58 +0000
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03lp2054.outbound.protection.outlook.com [104.47.9.54])
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8ec41b02b547.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384);
    Thu, 15 Aug 2019 13:12:58 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=XaSFd4fM6ledVegxbMBs/c1pAOvXUluIlX7xfk3Peh0EjQXcbSgfYjEx31fHhovKVkDPwZwx0l3qk7AInpD1bOurjSwaIVosdQj3GeCnW4OlZDe7n4P/x+OX1i24Q8ufJmSoWxhA2cc3OHlCC2V29NKtIub142MnRmQ+/zvKdEsO/W/qhbj71MoujS4lxN5e6v9U4ayAZEzWULPCEZoPYBx1bcfL2g+H6lbhNIDg/O560dIdAs+lGg+UYosVrencAPE9TMOYqJCF73fPTNwOMrz5p/CBcsrNq7yrr4KfCjPFU+Cz1gwV2NxihQ5RPfz9mYGf9y9fn5JLGURF8PKthQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bHX7GHe/SdQGVmo99dU8M1GGCiCmG+k/3yaXEwSzzl8=;
 b=O3gTE/iNrkPr0/FBmo0D+rstua5IBv0co8HMk8ASHj3HtqWkpQWHgH62iUkmqqSYyssW7G4j8re0sQyag0xwQzIO7RtNQF2H4yNwpl9daMxErY4rydc31nBAS1ZY8zJD46NBR/LOAmuWmdI9ReBmrk3eMdyxleOyBnm37MpIAqJRyCheb+1G9NNdBwHsDt2EavWWGniSxTKnQCrFpuXJJqsJdDHpUiIv+yxZkbYNB+zBOpCh8QeDBRXrRF/b5GY64JSeVsyFs0UpT8rJXrLiSDINrXLKN8lvrKwVskUnXuISGTdnH6DDlh0MJpBMsCamPwrl3JIAT8Pep0BKyRBnRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
 is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com;
 dmarc=temperror action=none header.from=arm.com; dkim=none (message not
 signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=bHX7GHe/SdQGVmo99dU8M1GGCiCmG+k/3yaXEwSzzl8=;
 b=x7Vqrq0dfTI78revySklmMHXIud01I914nzYx5Cjjj6KabicRtCciEeSv7hxJIL7QL4/AIdWIVPBn91iA/1+TJvQvJ/yt+BCjl0DOXlmqMg0Go55WtVJPiMzGSC+nwzAMd/JZsU7uIAnyGrLL0CVSl68iqFmjiRWTG0oeH5dQlA=
Received: from VI1PR0802CA0016.eurprd08.prod.outlook.com
 (2603:10a6:800:aa::26) by VI1PR0801MB1855.eurprd08.prod.outlook.com
 (2603:10a6:800:59::10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.15; Thu, 15 Aug
 2019 13:12:55 +0000
Received: from DB5EUR03FT050.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e0a::203) by VI1PR0802CA0016.outlook.office365.com
 (2603:10a6:800:aa::26) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend
 Transport; Thu, 15 Aug 2019 13:12:55 +0000
Authentication-Results-Original: spf=temperror (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during
 lookup of arm.com: DNS Timeout)
Received: from nebula.arm.com (40.67.248.234) by
 DB5EUR03FT050.mail.protection.outlook.com (10.152.21.128) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id
 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:54 +0000
Received: from AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) by AZ-NEU-EX04.Arm.com
 (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1415.2; Thu, 15 Aug
 2019 13:11:38 +0000
Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX01.Emea.Arm.com
 (10.251.26.4) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1415.2; Thu, 15
 Aug 2019 13:11:37 +0000
Received: from E119924.Arm.com (10.1.199.124) by mail.arm.com (10.251.24.32)
 with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Thu, 15 Aug
 2019 13:11:37 +0000
From: "Krzysztof Koch" <krzysztof.koch@arm.com>
To: <devel@edk2.groups.io>
CC: <jaben.carsey@intel.com>, <ray.ni@intel.com>, <zhichao.gao@intel.com>,
	<Sami.Mujawar@arm.com>, <Matteo.Carlini@arm.com>, <nd@arm.com>
Subject: [PATCH v1 11/11] ShellPkg: acpiview: DBG2: Validate global pointers before use
Date: Thu, 15 Aug 2019 14:11:21 +0100
Message-ID: <20190815131121.52644-12-krzysztof.koch@arm.com>
X-Mailer: git-send-email 2.16.2.windows.1
In-Reply-To: <20190815131121.52644-1-krzysztof.koch@arm.com>
References: <20190815131121.52644-1-krzysztof.koch@arm.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 1
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(346002)(396003)(376002)(136003)(2980300002)(199004)(189003)(53416004)(81156014)(44832011)(36756003)(336012)(2351001)(48376002)(2906002)(63370400001)(5660300002)(426003)(486006)(2616005)(6916009)(63350400001)(126002)(1076003)(50226002)(8936002)(70586007)(446003)(15650500001)(11346002)(70206006)(476003)(81166006)(305945005)(16586007)(6666004)(316002)(50466002)(8676002)(4326008)(26005)(54906003)(7696005)(47776003)(356004)(186003)(53936002)(478600001)(86362001)(76176011)(51416003);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0801MB1855;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 67c94a5a-e22e-4c2b-30d3-08d721824e1c
X-Microsoft-Antispam-Untrusted: 
 BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:VI1PR0801MB1855;
X-MS-TrafficTypeDiagnostic: VI1PR0801MB1855:|HE1PR0802MB2601:
X-Microsoft-Antispam-PRVS: 
	<HE1PR0802MB2601633DE01C073C249F50B884AC0@HE1PR0802MB2601.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
X-MS-Oob-TLC-OOBClassifiers: OLM:3383;OLM:3383;
X-Forefront-PRVS: 01304918F3
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: 
 F3OLmqDGQDJqFXKKT/dE+fXL6SPP+d0feIt1dKb3SGX0QyZqvENtf6cyd5OtmweP/9TXccAiTpGZeX6vOv8UzE5EhT8AedsGKE3k032PSj7USfeS4rruXwxY07DCr8iZgQU9sBS94rofjqJ4aSxFsW5PMHQ3550+9wtcO2PoO3vhq96Y01+i7HvdzwGR+egwzrRh1Ju6LZn5twN5fIhOcFkr6GLjObVM5fCwwsDhIvhGJ36vpBYOjcTaZNP0reWzCzLBlOvoEU9rKb6ppvM5mYfPQZpoQlPeLOS9hea2B9wXblITdNT8fqx5hHVv3T6lDydzf91Od0zcFVOKMDychS4DtIxUZ7ZT8+GvzWm+pOol9l0lXx54Kk9K4N+2hheCwnG0PrflB3e0/BTjqOjHJujGlyURMZTc4p3rbSmC9M4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1855
Original-Authentication-Results: spf=temperror (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Return-Path: Krzysztof.Koch@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 DB5EUR03FT020.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: 
	CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(376002)(346002)(39860400002)(136003)(2980300002)(189003)(199004)(63370400001)(51416003)(8676002)(81166006)(81156014)(305945005)(44832011)(76176011)(7696005)(8936002)(76130400001)(50226002)(47776003)(70586007)(70206006)(26005)(186003)(16586007)(316002)(11346002)(446003)(63350400001)(478600001)(426003)(336012)(54906003)(26826003)(2616005)(476003)(126002)(486006)(5660300002)(2351001)(6666004)(1076003)(2906002)(86362001)(53416004)(36756003)(48376002)(6916009)(50466002)(15650500001)(4326008)(22756006);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR0802MB2601;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
	aaf19ab3-535f-41d1-8835-08d72182489d
X-Microsoft-Antispam: 
	BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328);SRVR:HE1PR0802MB2601;
NoDisclaimer: True
X-Forefront-PRVS: 01304918F3
X-Microsoft-Antispam-Message-Info: 
	EVacEqgz39EtwxH3fdBfFapqmBdN9SGH6K/Z40CWkQu2dKcBszsHBc9Am2+ctE+oOtcFebT7pnICHiCHBvInjNS/x9Yj089cuf0+gT0JVrwyzgq9q8YNYw4M4XhpXJv+uY4ZqwUu/X8s82g70/MKUl5bF4dBf0USffCfEFyQ35UxeOqslUmx0FCc9IGKsAUfev78/P3379MuLauzA8yF3nVpG3alKrAebC+PN2yYtqDiiWCXhbTf2t7Cmt8ZYD0krtuIHlhO24httzlBN1XPDfC+nj6Uw3hl/SVgl0wMx877eIFk7fdg11eFEGsC19DQNn9Dke9eD21Ox/+8mATo8JaioJXvW8fdWxxiuEtpqKTO0j/XVgMNy7rosymEx5fjPNZSFi1aSXWyNk/tgaeimlRUujQGR3poercNzxdnRuI=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2019 13:13:03.5569
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 67c94a5a-e22e-4c2b-30d3-08d721824e1c
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2601
Content-Type: text/plain

Check if global (in the scope of the DBG2 parser) pointers have been
successfully updated before they are used for further table parsing.

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
---

Notes:
    v1:
    - Test against NULL pointers [Krzysztof]

 ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | 43 ++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c
index 869e700b9beda4886bf7bc5ae4ced3ab9a59efa3..0f730a306a94329a23fbaf54b59f1833b44616ba 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c
@@ -123,6 +123,24 @@ DumpDbgDeviceInfo (
     PARSER_PARAMS (DbgDevInfoParser)
     );
 
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if ((GasCount == NULL)              ||
+      (NameSpaceStringLength == NULL) ||
+      (NameSpaceStringOffset == NULL) ||
+      (OEMDataLength == NULL)         ||
+      (OEMDataOffset == NULL)         ||
+      (BaseAddrRegOffset == NULL)     ||
+      (AddrSizeOffset == NULL)) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient Debug Device Information Structure length. " \
+        L"Length = %d.\n",
+      Length
+      );
+    return;
+  }
+
   // GAS
   Index = 0;
   Offset = *BaseAddrRegOffset;
@@ -224,6 +242,18 @@ ParseAcpiDbg2 (
              PARSER_PARAMS (Dbg2Parser)
              );
 
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if ((OffsetDbgDeviceInfo == NULL) ||
+      (NumberDbgDeviceInfo == NULL)) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient table length. AcpiTableLength = %d\n",
+      AcpiTableLength
+      );
+    return;
+  }
+
   Offset = *OffsetDbgDeviceInfo;
   Index = 0;
 
@@ -239,6 +269,19 @@ ParseAcpiDbg2 (
       PARSER_PARAMS (DbgDevInfoHeaderParser)
       );
 
+    // Check if the values used to control the parsing logic have been
+    // successfully read.
+    if (DbgDevInfoLen == NULL) {
+      IncrementErrorCount ();
+      Print (
+        L"ERROR: Insufficient remaining table buffer length to read the " \
+          L"Debug Device Information structure's 'Length' field. " \
+          L"RemainingTableBufferLength = %d.\n",
+        AcpiTableLength - Offset
+        );
+      return;
+    }
+
     // Make sure the Debug Device Information structure lies inside the table.
     if ((Offset + *DbgDevInfoLen) > AcpiTableLength) {
       IncrementErrorCount ();
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'