From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by mx.groups.io with SMTP id smtpd.web12.9619.1584511953085378720
 for <devel@edk2.groups.io>;
 Tue, 17 Mar 2020 23:12:33 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: wei6.xu@intel.com)
IronPort-SDR: HAViRe/I8tuG39DsLu9z8mfYw44MRA2ckV50KACaOWToNhl4Ji7XKzXZ9H4Dt8Jw8INlWvyZz1
 umeOn6kGzsWg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2020 23:12:32 -0700
IronPort-SDR: G8Mcwi2TCAJZGJSi8nvGvZLE9wlqbhCDMDcT4jZkI5WWgrefgSa7Fde9hAFUvSER9pszl43FoX
 5Ic2gS49AVTA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,566,1574150400"; 
   d="scan'208";a="391333731"
Received: from shwdeopenpsi174.ccr.corp.intel.com ([10.239.157.39])
  by orsmga004.jf.intel.com with ESMTP; 17 Mar 2020 23:12:30 -0700
From: "Xu, Wei6" <wei6.xu@intel.com>
To: devel@edk2.groups.io
Cc: Kun Qin <kuqin@microsoft.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <liming.gao@intel.com>
Subject: [edk2-devel] [PATCH] FmpDevicePkg/FmpDxe: Fix uninitialized pointer dereference
Date: Wed, 18 Mar 2020 14:12:27 +0800
Message-Id: <20200318061227.12480-1-wei6.xu@intel.com>
X-Mailer: git-send-email 2.16.2.windows.1

From: Kun Qin <kuqin@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2602

Zero the allocated buffer in case GetImageInfo `continue` in the middle of
a loop. This will cause unexpected GetImageInfo failure not clearing the
corresponding entry and lead to GP faults when dereferencing this entry.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 FmpDevicePkg/FmpDxe/Dependency.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/FmpDevicePkg/FmpDxe/Dependency.c b/FmpDevicePkg/FmpDxe/Dependency.c
index 8f97c42916..65c23989c6 100644
--- a/FmpDevicePkg/FmpDxe/Dependency.c
+++ b/FmpDevicePkg/FmpDxe/Dependency.c
@@ -550,11 +550,11 @@ EvaluateImageDependencies (
                 );
   if (EFI_ERROR (Status)) {
     return EFI_ABORTED;
   }
 
-  mFmpImageInfoBuf = AllocatePool (sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR *) * mNumberOfFmpInstance);
+  mFmpImageInfoBuf = AllocateZeroPool (sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR *) * mNumberOfFmpInstance);
   if (mFmpImageInfoBuf == NULL) {
     return EFI_OUT_OF_RESOURCES;
   }
 
   for (Index = 0; Index < mNumberOfFmpInstance; Index ++) {
-- 
2.16.2.windows.1