From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=XG+EbT2c;
 spf=pass (domain: arm.com, ip: 40.107.0.81, mailfrom: krzysztof.koch@arm.com)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (EUR02-AM5-obe.outbound.protection.outlook.com [40.107.0.81])
 by groups.io with SMTP; Thu, 15 Aug 2019 06:12:51 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=l2r57rwFiUji96Hcbj17iquQDRwHQcjb3WeZVndHCug=;
 b=XG+EbT2cNv1m4CdU8SJtGhOIWohwUnJvuwo8zjvx7SyQpzNRNgUm2FVq2hqKJm4QBgl14FK+dyFAUQEg9JQ1Zp7L0BlK/lJAhlZZMtfW3PeVuiMYXHjgWqRMFDpFM8vVDPrgPVhZmC1TH17Ygw893LJa3sZM6umT8yhnrAtQPmA=
Received: from VI1PR08CA0188.eurprd08.prod.outlook.com (2603:10a6:800:d2::18)
 by VI1PR0801MB1854.eurprd08.prod.outlook.com (2603:10a6:800:5c::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.14; Thu, 15 Aug
 2019 13:12:46 +0000
Received: from VE1EUR03FT008.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e09::203) by VI1PR08CA0188.outlook.office365.com
 (2603:10a6:800:d2::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend
 Transport; Thu, 15 Aug 2019 13:12:46 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during
 lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 VE1EUR03FT008.mail.protection.outlook.com (10.152.18.75) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:44 +0000
Received: ("Tessian outbound 40a263b748b4:v26"); Thu, 15 Aug 2019 13:12:44 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 6cbe08c03f781ee5
X-CR-MTA-TID: 64aa7808
Received: from 2a685ec98569.1 (cr-mta-lb-1.cr-mta-net [104.47.12.53])
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id B135B823-13E9-4A20-8CF3-AB90D2978AF3.1;
	Thu, 15 Aug 2019 13:12:38 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04lp2053.outbound.protection.outlook.com [104.47.12.53])
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2a685ec98569.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Thu, 15 Aug 2019 13:12:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=a08gIdyVhMyBRH81/sHVuctz8/O9Km/blyGX/cJ1oCTAXeub7ScT5yvDADRLrxlBAE7UFuiIVOPkzNO6eCkVaMlqaDHVg4k5cjXEURmXNwnPRDMzsOwTBDz/ZOPF3FV0pEQW8HqZ2Z4DvlYQFzXQd0IU0+6/GxFAVFvfJm1UfnVpLa5gklnqg+yEUJX2cl9B2M2F/DCFk80gxb8t47KKbZg9BUSWd70zWoWTQ0lQ4IVayIlDEMCYSrtVugoexsf/TgZ7lmnyKuiwDKa//fHTafLrAHz5yepMq5G/5215oxTh4tgGMziU7THs/9kxI8GYFDO1hVHxalEV8r/SCpD4/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=l2r57rwFiUji96Hcbj17iquQDRwHQcjb3WeZVndHCug=;
 b=ZkQO4cbLVQcMcVmZUelinfP8hpEyEmUc5aVdeoC8jzk20FqCAnh3NZRTpiaxtjKn0hu4OsPeFRDdm7SbnXpwCav+XijG31K8thKpeIDW7IXOh6/e5Wo4+0nDwct9AVKw1p6cmZ+tdQj/QD13nRgycndGbGYjucF6twPudZx6aTT3TWY9pMYwDIsmJcf+upaO6yi7eV92koQBufKHvjjag3zG4MnwPD3dHumY5P7x0JnAGD36d+njuCrVv7yAKxwHa5FTx9EJg+Fqa+5QLvsRj8B2J23ILZb9CKxkA2v8D5V6SfoMHZo1V1MJHjK0NtcISd/S6afs0yyXy6Cm2BZdNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
 is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com;
 dmarc=temperror action=none header.from=arm.com; dkim=none (message not
 signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=l2r57rwFiUji96Hcbj17iquQDRwHQcjb3WeZVndHCug=;
 b=XG+EbT2cNv1m4CdU8SJtGhOIWohwUnJvuwo8zjvx7SyQpzNRNgUm2FVq2hqKJm4QBgl14FK+dyFAUQEg9JQ1Zp7L0BlK/lJAhlZZMtfW3PeVuiMYXHjgWqRMFDpFM8vVDPrgPVhZmC1TH17Ygw893LJa3sZM6umT8yhnrAtQPmA=
Received: from HE1PR0802CA0008.eurprd08.prod.outlook.com (2603:10a6:3:bd::18)
 by AM0PR08MB4945.eurprd08.prod.outlook.com (2603:10a6:208:157::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.14; Thu, 15 Aug
 2019 13:12:35 +0000
Received: from DB5EUR03FT027.eop-EUR03.prod.protection.outlook.com
 (2a01:111:f400:7e0a::205) by HE1PR0802CA0008.outlook.office365.com
 (2603:10a6:3:bd::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2157.15 via Frontend
 Transport; Thu, 15 Aug 2019 13:12:34 +0000
Authentication-Results-Original: spf=temperror (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during
 lookup of arm.com: DNS Timeout)
Received: from nebula.arm.com (40.67.248.234) by
 DB5EUR03FT027.mail.protection.outlook.com (10.152.20.121) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id
 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:33 +0000
Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX03.Arm.com
 (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Thu, 15 Aug
 2019 13:11:36 +0000
Received: from E119924.Arm.com (10.1.199.124) by mail.arm.com (10.251.24.32)
 with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Thu, 15 Aug
 2019 13:11:36 +0000
From: "Krzysztof Koch" <krzysztof.koch@arm.com>
To: <devel@edk2.groups.io>
CC: <jaben.carsey@intel.com>, <ray.ni@intel.com>, <zhichao.gao@intel.com>,
	<Sami.Mujawar@arm.com>, <Matteo.Carlini@arm.com>, <nd@arm.com>
Subject: [PATCH v1 08/11] ShellPkg: acpiview: PPTT: Validate global pointers before use
Date: Thu, 15 Aug 2019 14:11:18 +0100
Message-ID: <20190815131121.52644-9-krzysztof.koch@arm.com>
X-Mailer: git-send-email 2.16.2.windows.1
In-Reply-To: <20190815131121.52644-1-krzysztof.koch@arm.com>
References: <20190815131121.52644-1-krzysztof.koch@arm.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 1
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(346002)(376002)(39860400002)(396003)(2980300002)(199004)(189003)(70586007)(11346002)(4326008)(16586007)(446003)(15650500001)(6666004)(8676002)(54906003)(47776003)(36756003)(476003)(81156014)(5660300002)(70206006)(126002)(486006)(2906002)(44832011)(50226002)(81166006)(53936002)(86362001)(26005)(53416004)(305945005)(478600001)(2616005)(1076003)(48376002)(50466002)(51416003)(336012)(7696005)(6916009)(356004)(8936002)(426003)(2351001)(186003)(63350400001)(63370400001)(316002)(76176011);DIR:OUT;SFP:1101;SCL:1;SRVR:AM0PR08MB4945;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f784f070-b009-406d-6b43-08d7218242ac
X-Microsoft-Antispam-Untrusted: 
 BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:AM0PR08MB4945;
X-MS-TrafficTypeDiagnostic: AM0PR08MB4945:|VI1PR0801MB1854:
X-Microsoft-Antispam-PRVS: 
	<VI1PR0801MB1854C498C40322B862B0502284AC0@VI1PR0801MB1854.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
X-MS-Oob-TLC-OOBClassifiers: OLM:3513;OLM:3513;
X-Forefront-PRVS: 01304918F3
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: 
 EHRV46GE8XIUgrYZmimI5Qj8mTwzNUaLEt7F8ntOdZ8oty/TN0fYcsRy2fPefMJzWA1TEvtI/6SuWGZoDlw8Afds4ktLamzTJJLFDU+6+eIAfHIejZEMb9s0szedLqDfu3QnKHJAUxJXIPOVV8sOEajjYq1SL9gfkp/XYbyIeQJT6mp73uu4O4rwzNjPHFRwbgbpI+o334CSN5EErfNLUQeoDtoq3XvlEpevZRC/41eoJNc8DZ1fGISe8PGO7QHGwOE/SB0TAxTKofAsHdVyy4u+snYK2LwCrZuuykOvmWRVlTehjNrsiitQoo7nQ1e/Kb4k7g3IQ8UEHUH8mZweuxaMSN60yhUqIpM6nvSyUEHjHjDvXW4xnpnoSWWthROaAuRK4cB/bP0/kQUlCyU0S5ToD40psjdWMcWs/Hw05aE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4945
Original-Authentication-Results: spf=temperror (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=temperror action=none
 header.from=arm.com;
Return-Path: Krzysztof.Koch@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 VE1EUR03FT008.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: 
	CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(376002)(346002)(396003)(136003)(39860400002)(2980300002)(189003)(199004)(51416003)(76176011)(48376002)(316002)(53416004)(50466002)(305945005)(186003)(478600001)(26005)(26826003)(2351001)(63350400001)(86362001)(426003)(7696005)(336012)(8936002)(36906005)(1076003)(50226002)(6666004)(70206006)(54906003)(16586007)(81156014)(2616005)(8676002)(15650500001)(5660300002)(6916009)(63370400001)(47776003)(11346002)(4326008)(70586007)(2906002)(81166006)(44832011)(36756003)(22756006)(76130400001)(476003)(446003)(486006)(126002);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0801MB1854;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
	8d65adbd-0f01-4523-ff51-08d721823c14
X-Microsoft-Antispam: 
	BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328);SRVR:VI1PR0801MB1854;
NoDisclaimer: True
X-Forefront-PRVS: 01304918F3
X-Microsoft-Antispam-Message-Info: 
	vq3nACWmcMaeAXRD55l+aEHHver1RwhlJwMs2fGO3C0zKIxpzCLwI9ds/84Zyj+Iqwg9eX6E4hq0oHUUqPOnZ0nkM/GU3/yMD7Ul52Zo+3BZJuX5UKz/w3cHmpFMDoSxZa3LLMAPL/KdWnFNdwgrkqVX7RU8MjLl1+qXjJKIdPLnQDxoE7tQR758W0z4JOzZeBTsOCoFGhv5hI+a/vqXz7w5UdReh8Goa7vAr7qqz9cEQqLRMUaY625+mcgh2plY1AfNv40yON7B3c8XbVgy1WzhevF1YBAE4z6D6et1UZVk/yj2xsRrit8UdMPTwjFE9GemAYerU+2LsFVDgZnHPgezvtKcboOCMVS2MTMyQV3er8dLhpuuvk/KezlJsAe38gEe3yRBILAjOj379JtmxwRvTSBVH4FM1a92mB3bSnA=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2019 13:12:44.2944
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f784f070-b009-406d-6b43-08d7218242ac
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1854
Content-Type: text/plain

Check if the NumberOfPrivateResources, ProcessorTopologyStructureType
and ProcessorTopologyStructureLength pointers have been successfully
updated before they are used for further table parsing.

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
---

Notes:
    v1:
    - Test against NULL pointers [Krzysztof]

 ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 ++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c
index 6254b9913fffb429fc54bb1301bf3e4b2e5bf161..675ba75f02b367cd5ad9f2ac23c30ed0ab58f286 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c
@@ -264,6 +264,17 @@ DumpProcessorHierarchyNodeStructure (
              PARSER_PARAMS (ProcessorHierarchyNodeStructureParser)
              );
 
+  // Check if the values used to control the parsing logic have been
+  // successfully read.
+  if (NumberOfPrivateResources == NULL) {
+    IncrementErrorCount ();
+    Print (
+      L"ERROR: Insufficient Processor Hierarchy Node length. Length = %d.\n",
+      Length
+      );
+    return;
+  }
+
   // Make sure the Private Resource array lies inside this structure
   if (Offset + (*NumberOfPrivateResources * sizeof (UINT32)) > Length) {
     IncrementErrorCount ();
@@ -387,6 +398,7 @@ ParseAcpiPptt (
              AcpiTableLength,
              PARSER_PARAMS (PpttParser)
              );
+
   ProcessorTopologyStructurePtr = Ptr + Offset;
 
   while (Offset < AcpiTableLength) {
@@ -400,6 +412,19 @@ ParseAcpiPptt (
       PARSER_PARAMS (ProcessorTopologyStructureHeaderParser)
       );
 
+    // Check if the values used to control the parsing logic have been
+    // successfully read.
+    if ((ProcessorTopologyStructureType == NULL) ||
+        (ProcessorTopologyStructureLength == NULL)) {
+      IncrementErrorCount ();
+      Print (
+        L"ERROR: Insufficient remaining table buffer length to read the " \
+          L"processor topology structure header. Length = %d.\n",
+        AcpiTableLength - Offset
+        );
+      return;
+    }
+
     // Make sure the PPTT structure lies inside the table
     if ((Offset + *ProcessorTopologyStructureLength) > AcpiTableLength) {
       IncrementErrorCount ();
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'