From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (EUR01-HE1-obe.outbound.protection.outlook.com [40.107.13.75]) by mx.groups.io with SMTP id smtpd.web12.9149.1579518872371146975 for ; Mon, 20 Jan 2020 03:14:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=1o0q9Wl/; spf=pass (domain: arm.com, ip: 40.107.13.75, mailfrom: krzysztof.koch@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xbLsXS/cNKfpg3dKgpcfFt4SmkVIkYENWGLisyf6f+U=; b=1o0q9Wl/sZ8trQCmGyyPvSWdzrQ3b95Sk3PCLbG7fDEPfBh5EsnXB1sxiNpd8i/rOGrRauCOB80TGAET7hWc4MrdomCHi+bNclY8piSONbHNlnUVR9SxwTxgORIHtOyLWAfREr+0M585YrXh71Z4/ztm+FoSx3/ZbEBy3MJ4dDk= Received: from VI1PR0802CA0015.eurprd08.prod.outlook.com (2603:10a6:800:aa::25) by HE1PR0802MB2571.eurprd08.prod.outlook.com (2603:10a6:3:e2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.24; Mon, 20 Jan 2020 11:14:28 +0000 Received: from DB5EUR03FT062.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::204) by VI1PR0802CA0015.outlook.office365.com (2603:10a6:800:aa::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.19 via Frontend Transport; Mon, 20 Jan 2020 11:14:28 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT062.mail.protection.outlook.com (10.152.20.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:28 +0000 Received: ("Tessian outbound ba41a0333779:v40"); Mon, 20 Jan 2020 11:14:28 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 17ce00c538a2498d X-CR-MTA-TID: 64aa7808 Received: from a98c313ca029.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 52E4AC4E-1A97-4BE5-B8B3-24CFC9D90D9F.1; Mon, 20 Jan 2020 11:14:22 +0000 Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a98c313ca029.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 20 Jan 2020 11:14:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DHkQ3S7SUsqicudulYOgykTBml884IGOQ0LaO7FoaGBTWcrYVmegwIkGNe68ds7gZswMyK++uAS/Zu13EvTG3joyk8b3D3/9IqWXSkDjyopQ6daHkLu/cjNpnouB6pZ8dm36dcY59ismfuss4VZP+ZzuF2wlAAAb9k8t7IFRMRb+5i9fHORt06AJ3aCx+5Ctm0eOXIoKgCEV4adfPwB/6ro+nf6iy/v+WMFj9NeVmboQ0ToteFsvs8kFD4MCapRhSsb57+UDqbfoWy0ng/9hgWG5zfD26NDBFgNwDsc6sUgNUQheK0b/WvmnQTTsEu47Wa5FbbERLX6GJ45khNz3Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xbLsXS/cNKfpg3dKgpcfFt4SmkVIkYENWGLisyf6f+U=; b=fn6kVIpOLTGCZdaIi7F5noWiha/tfiShTv2WyKI9i9NqQ/d5eG59QdMFrnMfDI30s6KXnOaoTlpxiY0lE8Pxe5zMaNITRL3nxuy+UXE4piGZaxNik9ZKYe5DCU47ztkMlOj2+Vwd/qe4IygAoU8VYW7wRNtvPAs112SzcgmN0hvnYOznfvBBwZgL/TPZ4KqNAp4T0zswyg+Y2SAlb8toAddZWdsNvQla82lreTi5byzWztOvtly1vJfj/SLaRnEYDD+O2GUvCd32aVt4qjhBmDOFyOxuB0kM0yXjDH+HnG0N+EpDMV/ze0jN0pLG4RI1f8KpdcD753L7wGC9d8jdbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=bestguesspass action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xbLsXS/cNKfpg3dKgpcfFt4SmkVIkYENWGLisyf6f+U=; b=1o0q9Wl/sZ8trQCmGyyPvSWdzrQ3b95Sk3PCLbG7fDEPfBh5EsnXB1sxiNpd8i/rOGrRauCOB80TGAET7hWc4MrdomCHi+bNclY8piSONbHNlnUVR9SxwTxgORIHtOyLWAfREr+0M585YrXh71Z4/ztm+FoSx3/ZbEBy3MJ4dDk= Received: from VI1PR0802CA0023.eurprd08.prod.outlook.com (2603:10a6:800:aa::33) by DB8PR08MB5052.eurprd08.prod.outlook.com (2603:10a6:10:e8::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20; Mon, 20 Jan 2020 11:14:20 +0000 Received: from VE1EUR03FT059.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::201) by VI1PR0802CA0023.outlook.office365.com (2603:10a6:800:aa::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.19 via Frontend Transport; Mon, 20 Jan 2020 11:14:20 +0000 Authentication-Results-Original: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by VE1EUR03FT059.mail.protection.outlook.com (10.152.19.60) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:20 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Mon, 20 Jan 2020 11:14:07 +0000 Received: from E119924.Arm.com (10.37.9.56) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Mon, 20 Jan 2020 11:14:07 +0000 From: "Krzysztof Koch" To: CC: , , , , Subject: [PATCH v3 08/11] ShellPkg: acpiview: PPTT: Validate global pointers before use Date: Mon, 20 Jan 2020 11:13:48 +0000 Message-ID: <20200120111351.29184-9-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20200120111351.29184-1-krzysztof.koch@arm.com> References: <20200120111351.29184-1-krzysztof.koch@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(346002)(39860400002)(376002)(396003)(136003)(189003)(199004)(2616005)(7696005)(426003)(478600001)(36756003)(70586007)(70206006)(2906002)(4326008)(81166006)(356004)(6666004)(81156014)(44832011)(8676002)(6916009)(54906003)(86362001)(15650500001)(316002)(5660300002)(8936002)(186003)(26005)(1076003)(336012);DIR:OUT;SFP:1101;SCL:1;SRVR:DB8PR08MB5052;H:nebula.arm.com;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4af09bb9-ed4a-4a68-27d1-08d79d99ea3a X-MS-TrafficTypeDiagnostic: DB8PR08MB5052:|HE1PR0802MB2571: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: True X-MS-Oob-TLC-OOBClassifiers: OLM:3968;OLM:3968; X-Forefront-PRVS: 0288CD37D9 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: sE1h0Pa5nstmjtDWEEwglKlJg+Cb8cLIKG9/JPGnukSN1+34OlVGRoGZhfFZ1LIwreX8HqFOcw8+WjkNcRvfKOi9T6E4JzsNjjZRbDcFetUKyo0JQI3eG54PXFYQbtgX7JBUKBuiWCjGmoCq6UUlEHHLgAMrcxj0ziiX+FjTx5iUMJOlac/01KBPEPBCtZXmQU2no43b4iY24amXdVGazLjWBNQUGFWnkDvCE6PH2ZptmUw5CRLA51aLVaT25Y4tgq1+nvhpqqpivG/iGG2bR/bw82GmQi/DFaNJYJI60+PZKVPq8gd28GY1zmzd9A5eGu7NStNyU0zP3RjrPfPr1bosQa5TA6v9Jxb04uniN7hxKkr9dX2s8n+8ShG2A+X0uPXthzX1W2EXF1Ty5oILN2c8/u0FUG++7yCpY3H/68iagrk0MCMg/ktThGc3BskO X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5052 Original-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT062.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(199004)(189003)(86362001)(70206006)(70586007)(2906002)(478600001)(26005)(36756003)(426003)(2616005)(26826003)(6916009)(54906003)(15650500001)(316002)(5660300002)(81166006)(81156014)(8936002)(8676002)(44832011)(336012)(6666004)(186003)(4326008)(1076003)(7696005);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR0802MB2571;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 64991e39-98c4-4ba0-eda5-08d79d99e584 X-Forefront-PRVS: 0288CD37D9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PdbsKcdHIISEhQBaX94yK0eMNTgADd+JcVlFNdcwS04MK3ceoNnFDn6VZVBPuDlbVm7XOAGKdId8sw9mvvfivHuJqPvUVphnJ8vGs3LXw58mR7oeIcGgAKOT+XjH1TmeHwORgwt9vSQZiMAogdz80KBaUFCt8x2x9S2MaFva/p5WLvUk0nKuSHwK/qov67i422EtN8wGbPtvYb4sy8wzdFmIlhepoaNgcmkgFwRIArBLUHyIceECzUZV1lGFmJJQuIfj2bbQcF2Xt0332Tdi5QCGVavVlRcaxSCH7OFFqhPQ6dsoLohF54UxSucQP089/PviFrrK3y+c7r+Nhlm4oVI+ya1uNr+Lkb/tQ4cnJLkMJzPr4UG9riSo76uwyNmzGfVoPXHgm1mB36efHjgqGxM5DQ9PD0nqNG6P8uZOERWIFmbSkC9XSvGlDsdOD6Lq X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2020 11:14:28.0911 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4af09bb9-ed4a-4a68-27d1-08d79d99ea3a X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2571 Content-Type: text/plain Check if the NumberOfPrivateResources, ProcessorTopologyStructureType and ProcessorTopologyStructureLength pointers have been successfully updated before they are used for further table parsing. Signed-off-by: Krzysztof Koch --- Notes: v3: - Rebase on latest master [Krzysztof] v1: - Test against NULL pointers [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 ++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c index 6254b9913fffb429fc54bb1301bf3e4b2e5bf161..675ba75f02b367cd5ad9f2ac23c30ed0ab58f286 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c @@ -264,6 +264,17 @@ DumpProcessorHierarchyNodeStructure ( PARSER_PARAMS (ProcessorHierarchyNodeStructureParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if (NumberOfPrivateResources == NULL) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient Processor Hierarchy Node length. Length = %d.\n", + Length + ); + return; + } + // Make sure the Private Resource array lies inside this structure if (Offset + (*NumberOfPrivateResources * sizeof (UINT32)) > Length) { IncrementErrorCount (); @@ -387,6 +398,7 @@ ParseAcpiPptt ( AcpiTableLength, PARSER_PARAMS (PpttParser) ); + ProcessorTopologyStructurePtr = Ptr + Offset; while (Offset < AcpiTableLength) { @@ -400,6 +412,19 @@ ParseAcpiPptt ( PARSER_PARAMS (ProcessorTopologyStructureHeaderParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((ProcessorTopologyStructureType == NULL) || + (ProcessorTopologyStructureLength == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient remaining table buffer length to read the " \ + L"processor topology structure header. Length = %d.\n", + AcpiTableLength - Offset + ); + return; + } + // Make sure the PPTT structure lies inside the table if ((Offset + *ProcessorTopologyStructureLength) > AcpiTableLength) { IncrementErrorCount (); -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'