From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web09.58.1668015181642626306
 for <devel@edk2.groups.io>;
 Wed, 09 Nov 2022 09:33:01 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=ReIX0eap;
 spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com)
Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id AE60820B9F81;
	Wed,  9 Nov 2022 09:32:58 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com AE60820B9F81
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1668015181;
	bh=HlXJuABQ/DNfSsvJE2y/QSC+nl9D7WTEIx7eFVeEgr0=;
	h=From:To:Cc:Subject:Date:From;
	b=ReIX0eap9Yo046Mm+XXYJt6i0xC+RwOB0dS9ckHnxy4Bxp0JkH+q/H9U1tI2IRvjj
	 ox0/G+fDvT8xulFJh5dPHR2gyRfuql1f+/gf2Qf1QPCw1zMwlqUCE6vo8+q3DJKTG2
	 S/BvwYr9cuJpJu5sNI6OEgkbN3g9FgJOUfTI5D64=
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Eric Dong <eric.dong@intel.com>,
	Erich McMillan <emcmillan@microsoft.com>,
	Guomin Jiang <guomin.jiang@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Jiaxin Wu <jiaxin.wu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Maciej Rabeda <maciej.rabeda@linux.intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Siyuan Fu <siyuan.fu@intel.com>,
	Star Zeng <star.zeng@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Yuwei Chen <yuwei.chen@intel.com>,
	Zhichao Gao <zhichao.gao@intel.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [PATCH v1 00/12] Enable New CodeQL Queries
Date: Wed,  9 Nov 2022 12:32:34 -0500
Message-Id: <20221109173246.174-1-mikuback@linux.microsoft.com>
X-Mailer: git-send-email 2.28.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Michael Kubacki <michael.kubacki@microsoft.com>

Adds queries for the following:

1. cpp/conditionallyuninitializedvariable
2. cpp/pointer-overflow-check
3. cpp/overrunning-write
4. cpp/overrunning-write-with-float
5. cpp/very-likely-overrunning-write

These check for vulnerabilities with the following CWEs:

  - https://cwe.mitre.org/data/definitions/120.html
  - https://cwe.mitre.org/data/definitions/457.html
  - https://cwe.mitre.org/data/definitions/676.html
  - https://cwe.mitre.org/data/definitions/758.html
  - https://cwe.mitre.org/data/definitions/787.html
  - https://cwe.mitre.org/data/definitions/805.html

The first part of this patch series contains fixes for CodeQL alerts
across various packages that are produced by the new queries being
enabled.

The second part updates the CodeQL queries.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Erich McMillan (1):
  MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts

Michael Kubacki (11):
  BaseTools/PatchCheck.py: Add PCCTS to tab exemption list
  BaseTools/VfrCompile: Fix potential buffer overwrites
  CryptoPkg: Fix conditionally uninitialized variable
  MdeModulePkg: Fix conditionally uninitialized variables
  MdePkg: Fix conditionally uninitialized variables
  NetworkPkg: Fix conditionally uninitialized variables
  PcAtChipsetPkg: Fix conditionally uninitialized variables
  ShellPkg: Fix conditionally uninitialized variables
  UefiCpuPkg: Fix conditionally uninitialized variables
  .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
  .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries

 BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c               | 10 ++--
 BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c              |  4 +-
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c                 | 21 ++++-=
---
 MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c                        |  5 +-
 MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c                           | 24 +++++=
----
 MdeModulePkg/Core/Dxe/Mem/Page.c                              | 17 +++--=
-
 MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c | 25 +++++=
----
 MdeModulePkg/Library/FileExplorerLib/FileExplorer.c           |  5 +-
 MdeModulePkg/Universal/BdsDxe/BdsEntry.c                      | 33 +++++=
+------
 MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c      | 11 ++--
 MdeModulePkg/Universal/HiiDatabaseDxe/Font.c                  | 14 +++--
 MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c                  |  4 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c         |  2 +-
 MdePkg/Library/BaseLib/String.c                               | 20 ++++-=
--
 NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c                    |  2 +-
 NetworkPkg/TcpDxe/TcpInput.c                                  |  3 ++
 PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c            |  9 ++--
 ShellPkg/Application/Shell/Shell.c                            |  2 +-
 ShellPkg/Application/Shell/ShellProtocol.c                    |  4 +-
 ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c    | 56 +++++=
++++++---------
 ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c            | 18 ++++-=
--
 ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c   |  9 ++--
 ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c        | 14 ++---
 ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c     | 17 +++--=
-
 ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c        | 21 ++++-=
---
 UefiCpuPkg/CpuMpPei/CpuBist.c                                 |  8 ++-
 UefiCpuPkg/CpuMpPei/CpuMpPei.c                                |  8 ++-
 UefiCpuPkg/CpuMpPei/CpuPaging.c                               |  9 +++-
 .github/codeql/edk2.qls                                       | 10 ++++
 BaseTools/Scripts/PatchCheck.py                               |  4 +-
 MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf                |  1 +
 31 files changed, 238 insertions(+), 152 deletions(-)

--=20
2.28.0.windows.1