From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by mx.groups.io with SMTP id smtpd.web10.5947.1625452901180092208 for ; Sun, 04 Jul 2021 19:41:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@hpe.com header.s=pps0720 header.b=F7OJdyDO; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: hpe.com, ip: 148.163.143.35, mailfrom: prvs=08201b7fa0=nickle.wang@hpe.com) Received: from pps.filterd (m0148664.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1652d5v9025702; Mon, 5 Jul 2021 02:41:34 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pps0720; bh=YBFEeho/ooS3UJiBUUf1hlMIEcTnKzb7cJRscmZQhkc=; b=F7OJdyDOx5/ssJ5IFpXTW5C3RHzJoIGYIVeo3qsOTPfwXXaKQQOrz3rKSi9GXf0bDkDu IXL3osXUTo6ecm0zsmsHiPqgjLWMgUwgAa8U9WrgUM8SW/H7MhFR0h3VlOWGsswwGhc+ CJvn1TSbsiARDeK/M2HYUiVEJxAs+qPRUMi7IBkbNcwLYG9YtgLCbr7sIFH0ef7XQpOy nFJSPNiRSG64QvRUmegLROg14OdkHcsbSpj30VAh+DDaq9CpcuiCeS2McmlzexwBdEkE MCC6d10tasAV/2bIfSGr7WKjiccLdtv7bF5wnYX3q43NOzM5djP6OVQEEIWCGvA6EVoM FQ== Received: from g4t3426.houston.hpe.com (g4t3426.houston.hpe.com [15.241.140.75]) by mx0b-002e3701.pphosted.com with ESMTP id 39jf10ub1a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 05 Jul 2021 02:41:34 +0000 Received: from g4t3433.houston.hpecorp.net (g4t3433.houston.hpecorp.net [16.208.49.245]) by g4t3426.houston.hpe.com (Postfix) with ESMTP id 3BDDB5A; Mon, 5 Jul 2021 02:41:33 +0000 (UTC) Received: from WVE00YQZQF.asiapacific.hpqcorp.net (unknown [16.169.11.206]) by g4t3433.houston.hpecorp.net (Postfix) with ESMTP id E317E45; Mon, 5 Jul 2021 02:41:31 +0000 (UTC) From: "Nickle Wang" To: devel@edk2.groups.io Cc: gaoliming@byosoft.com.cn, jian.j.wang@intel.com, hao.a.wu@intel.com, Nickle Wang Subject: [PATCH v2 1/2] MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool() Date: Mon, 5 Jul 2021 10:41:07 +0800 Message-Id: <20210705024109.605-1-nickle.wang@hpe.com> X-Mailer: git-send-email 2.31.1.windows.1 MIME-Version: 1.0 X-Proofpoint-GUID: Ay7gLRcFI6dV9jk-IiN_TzcP8PSAh-lB X-Proofpoint-ORIG-GUID: Ay7gLRcFI6dV9jk-IiN_TzcP8PSAh-lB X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790 definitions=2021-07-04_17:2021-07-02,2021-07-04 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 mlxscore=0 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107050013 Content-Transfer-Encoding: quoted-printable Memory buffer that is allocated by malloc() and realloc() will be shifted by 8 bytes because Oniguruma keeps its memory signature. This 8 bytes shift is not handled while calling free() to release memory. Add free() function to check Oniguruma signature before release memory because memory buffer is not touched when using calloc(). Signed-off-by: Nickle Wang --- .../RegularExpressionDxe/OnigurumaUefiPort.c | 19 ++++++++++++++++++- .../RegularExpressionDxe/OnigurumaUefiPort.h | 14 ++------------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.= c b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c index 9aa7b0a68e..4659c4473e 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c +++ b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.c @@ -2,7 +2,7 @@ =0D Module to rewrite stdlib references within Oniguruma=0D =0D - (C) Copyright 2014-2015 Hewlett Packard Enterprise Development LP
=0D + (C) Copyright 2014-2021 Hewlett Packard Enterprise Development LP
=0D Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D @@ -96,3 +96,20 @@ void* memset (void *dest, char ch, unsigned int count) return SetMem (dest, count, ch);=0D }=0D =0D +void free(void *ptr)=0D +{=0D + VOID *EvalOnce;=0D + ONIGMEM_HEAD *PoolHdr;=0D +=0D + EvalOnce =3D ptr;=0D + if (EvalOnce =3D=3D NULL) {=0D + return;=0D + }=0D +=0D + PoolHdr =3D (ONIGMEM_HEAD *)EvalOnce - 1;=0D + if (PoolHdr->Signature =3D=3D ONIGMEM_HEAD_SIGNATURE) {=0D + FreePool (PoolHdr);=0D + } else {=0D + FreePool (EvalOnce);=0D + }=0D +}=0D diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.= h b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h index 20b75c3361..0bdb7be529 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h +++ b/MdeModulePkg/Universal/RegularExpressionDxe/OnigurumaUefiPort.h @@ -2,7 +2,7 @@ =0D Module to rewrite stdlib references within Oniguruma=0D =0D - (C) Copyright 2014-2015 Hewlett Packard Enterprise Development LP
=0D + (C) Copyright 2014-2021 Hewlett Packard Enterprise Development LP
=0D Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D @@ -46,17 +46,6 @@ typedef INTN intptr_t; #endif=0D =0D #define calloc(n,s) AllocateZeroPool((n)*(s))=0D -=0D -#define free(p) \=0D - do { \=0D - VOID *EvalOnce; \=0D - \=0D - EvalOnce =3D (p); \=0D - if (EvalOnce !=3D NULL) { \=0D - FreePool (EvalOnce); \=0D - } \=0D - } while (FALSE)=0D -=0D #define xmemmove(Dest,Src,Length) CopyMem(Dest,Src,Length)=0D #define xmemcpy(Dest,Src,Length) CopyMem(Dest,Src,Length)=0D #define xmemset(Buffer,Value,Length) SetMem(Buffer,Length,Value)=0D @@ -98,6 +87,7 @@ void* malloc(size_t size); void* realloc(void *ptr, size_t size);=0D void* memcpy (void *dest, const void *src, unsigned int count);=0D void* memset (void *dest, char ch, unsigned int count);=0D +void free(void *ptr);=0D =0D #define exit(n) ASSERT(FALSE);=0D =0D --=20 2.31.1.windows.1