public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: kalaivanip@ami.com
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Kalaivani P <kalaivanip@ami.com>
Cc: Sundaresan S <sundaresans@ami.com>,
	Vasudevan S <vasudevans@ami.com>, Arun K <arunk@ami.com>,
	Sainadh Nagolu <sainadhn@ami.com>,
	Vasudevan S <vasudevans@ami.com>
Subject: [PATCH] ShellPkg: Multiple Coverity issues were found from EDK2 ShellPkg
Date: Tue, 29 Nov 2022 06:56:12 +0000	[thread overview]
Message-ID: <20221129065552.482-1-kalaivanip@ami.com> (raw)

Attached is the report for Coverity issues identified in ShellPkg based
on edk2-stable202205.

Cc: Vasudevan Sambandan <vasudevans@ami.com>
Cc: Sundaresan Selvaraj <sundaresans@ami.com>
Cc: Arun k <arunk@ami.com>
Cc: Sainadh N <sainadhn@ami.com>
Signed-off-by: Kalaivani P <kalaivanip@ami.com>
---
 ShellPkg/Application/Shell/ShellManParser.c   |  6 +++++-
 ShellPkg/Application/Shell/ShellProtocol.c    |  3 ++-
 .../Library/UefiShellDebug1CommandsLib/Dblk.c |  6 +++---
 .../HexEdit/BufferImage.c                     | 10 ++++++---
 .../HexEdit/FileImage.c                       |  6 +++++-
 .../UefiShellDriver1CommandsLib/DrvCfg.c      |  3 ++-
 .../Library/UefiShellLevel1CommandsLib/For.c  |  4 ++++
 .../Library/UefiShellLevel1CommandsLib/If.c   |  4 ++++
 .../Library/UefiShellLevel2CommandsLib/Vol.c  |  5 ++++-
 .../Library/UefiShellLevel3CommandsLib/Help.c |  4 ++++
 ShellPkg/Library/UefiShellLib/UefiShellLib.c  | 21 +++++++++++++++----
 11 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/ShellPkg/Application/Shell/ShellManParser.c b/ShellPkg/Application/Shell/ShellManParser.c
index 5c823cd7f5..716eb17a1d 100644
--- a/ShellPkg/Application/Shell/ShellManParser.c
+++ b/ShellPkg/Application/Shell/ShellManParser.c
@@ -2,6 +2,7 @@
   Provides interface to shell MAN file parser.



   Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   Copyright 2015 Dell Inc.

   SPDX-License-Identifier: BSD-2-Clause-Patent



@@ -601,7 +602,10 @@ ProcessManFile (
   if (TempString != NULL) {

     FileHandle = ConvertEfiFileProtocolToShellHandle (CreateFileInterfaceMem (TRUE), NULL);

     HelpSize   = StrLen (TempString) * sizeof (CHAR16);

-    ShellWriteFile (FileHandle, &HelpSize, TempString);

+    Status = ShellWriteFile (FileHandle, &HelpSize, TempString);

+    if (EFI_ERROR (Status)) {

+      return Status;

+    }

     ShellSetFilePosition (FileHandle, 0);

     HelpSize  = 0;

     BriefSize = 0;

diff --git a/ShellPkg/Application/Shell/ShellProtocol.c b/ShellPkg/Application/Shell/ShellProtocol.c
index 509eb60e40..fbe1d7e01f 100644
--- a/ShellPkg/Application/Shell/ShellProtocol.c
+++ b/ShellPkg/Application/Shell/ShellProtocol.c
@@ -5,6 +5,7 @@
   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>

   (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>

   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -2518,7 +2519,7 @@ ShellSearchHandle (
               EfiShellClose (ShellInfoNode->Handle);

               ShellInfoNode->Handle = NULL;

             }

-          } else if (!EFI_ERROR (Status)) {

+          } else if (!EFI_ERROR (Status) && (ShellInfoNode->FullName == NULL)) {

             //

             // should be a file

             //

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
index 97a4b57a93..08372d9fa4 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
@@ -3,6 +3,7 @@


   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>

   Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -45,8 +46,7 @@ DisplayTheBlocks (
   if (EFI_ERROR (Status)) {

     return (SHELL_NOT_FOUND);

   }

-

-  BufferSize = BlockIo->Media->BlockSize * BlockCount;

+  BufferSize = BlockIo->Media->BlockSize * (UINTN)BlockCount;

   if (BlockIo->Media->IoAlign == 0) {

     BlockIo->Media->IoAlign = 1;

   }

@@ -55,7 +55,7 @@ DisplayTheBlocks (
     OriginalBuffer = AllocateZeroPool (BufferSize + BlockIo->Media->IoAlign);

     Buffer         = ALIGN_POINTER (OriginalBuffer, BlockIo->Media->IoAlign);

   } else {

-    ShellPrintEx (-1, -1, L"  BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", BlockIo->Media->BlockSize, BlockCount);

+    ShellPrintEx (-1, -1, L"  BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", BlockIo->Media->BlockSize,(UINTN)BlockCount);

     OriginalBuffer = NULL;

     Buffer         = NULL;

   }

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
index be77e31a40..e68ab7c21a 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c
@@ -3,6 +3,7 @@
   as well as the event handlers for editing the file



   Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved. <BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -2036,7 +2037,8 @@ HBufferImageAddCharacterToBuffer (
   UINTN  OldPos;



   UINTN  NewPos;

-

+  EFI_STATUS   Status;

+

   Size = HBufferImageGetTotalSize ();



   //

@@ -2083,10 +2085,12 @@ HBufferImageAddCharacterToBuffer (
   Size += Count;



   HBufferImageFreeLines ();

-

-  HBufferImageBufferToList (Buffer, Size);

+  Status = HBufferImageBufferToList (Buffer, Size);



   FreePool (Buffer);

+  if (EFI_ERROR (Status)) {

+    return Status;

+  }



   Link = HMainEditor.BufferImage->ListHead->ForwardLink;

   for (Index = 0; Index < (INTN)NewPos / 0x10; Index++) {

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
index d8818dd958..8907a66845 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c
@@ -2,6 +2,7 @@
   Functions to deal with file buffer.



   Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved. <BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -245,6 +246,7 @@ HFileImageRead (
   @retval EFI_SUCCESS           The operation was successful.

   @retval EFI_OUT_OF_RESOURCES  A memory allocation failed.

   @retval EFI_LOAD_ERROR        A load error occurred.

+  @retval EFI_INVALID_PARAMETER FileName input parameter is NULL.

 **/

 EFI_STATUS

 HFileImageSave (

@@ -264,7 +266,9 @@ HFileImageSave (


   BufferTypeBackup        = HBufferImage.BufferType;

   HBufferImage.BufferType = FileTypeFileBuffer;

-

+  if (FileName == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

   //

   // if is the old file

   //

diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c b/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
index 9bbbb1444d..04b46256df 100644
--- a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
+++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
@@ -3,6 +3,7 @@


   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>

   Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -355,7 +356,7 @@ ConfigFromFile (
   }



   MainBuffer = AllocateZeroPool ((UINTN)MainBufferSize);

-  if (EFI_ERROR (Status)) {

+   if (MainBuffer == NULL) {

     ShellPrintHiiEx (

       -1,

       -1,

diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c b/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
index 8a6a940f28..6e413a1813 100644
--- a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
+++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c
@@ -3,6 +3,7 @@


   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>

   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -335,6 +336,9 @@ ShellCommandRunFor (


   CurrentScriptFile = ShellCommandGetCurrentScriptFile ();

   ASSERT (CurrentScriptFile != NULL);

+  if (CurrentScriptFile == NULL) {

+    return (SHELL_DEVICE_ERROR);

+  }



   if ((CurrentScriptFile->CurrentCommand != NULL) && (CurrentScriptFile->CurrentCommand->Data == NULL)) {

     FirstPass = TRUE;

diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c b/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
index b4a6966edb..5607ef6e82 100644
--- a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
+++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c
@@ -3,6 +3,7 @@


   (C) Copyright 2013-2015 Hewlett-Packard Development Company, L.P.<BR>

   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -100,6 +101,9 @@ IsValidProfile (


   ProfilesString = ShellGetEnvironmentVariable (L"profiles");

   ASSERT (ProfilesString != NULL);

+  if (ProfilesString == NULL) {

+    return FALSE;

+  }

   TempLocation = StrStr (ProfilesString, String);

   if ((TempLocation != NULL) && (*(TempLocation-1) == L';') && (*(TempLocation+StrLen (String)) == L';')) {

     return (TRUE);

diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
index 8f7310c074..045577203b 100644
--- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
+++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
@@ -3,6 +3,7 @@


   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>

   Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -97,7 +98,9 @@ HandleVol (
   }



   ASSERT (SysInfo != NULL);

-

+  if (SysInfo == NULL) {

+    return (SHELL_OUT_OF_RESOURCES);;

+  }

   if (Delete) {

     *((CHAR16 *)SysInfo->VolumeLabel) = CHAR_NULL;

     SysInfo->Size                     = SIZE_OF_EFI_FILE_SYSTEM_INFO + StrSize (SysInfo->VolumeLabel);

diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
index 7f146bb9fb..17fb989d02 100644
--- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
+++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
@@ -3,6 +3,7 @@


   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. <BR>

   Copyright (c) 2014, ARM Limited. All rights reserved. <BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>



   SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -118,6 +119,9 @@ CopyListOfCommandNames (
 {

   CONST COMMAND_LIST  *Node;



+  if (SourceList == NULL) {

+      return SHELL_INVALID_PARAMETER;;

+  }

   for ( Node = (COMMAND_LIST *)GetFirstNode (&SourceList->Link)

         ; SourceList != NULL && !IsListEmpty (&SourceList->Link) && !IsNull (&SourceList->Link, &Node->Link)

         ; Node = (COMMAND_LIST *)GetNextNode (&SourceList->Link, &Node->Link)

diff --git a/ShellPkg/Library/UefiShellLib/UefiShellLib.c b/ShellPkg/Library/UefiShellLib/UefiShellLib.c
index a72767bd86..eae6553d91 100644
--- a/ShellPkg/Library/UefiShellLib/UefiShellLib.c
+++ b/ShellPkg/Library/UefiShellLib/UefiShellLib.c
@@ -1,9 +1,11 @@
+

 /** @file

   Provides interface to shell functionality for shell commands and applications.



   (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>

   Copyright 2016-2018 Dell Technologies.<BR>

   Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>

   SPDX-License-Identifier: BSD-2-Clause-Patent



 **/

@@ -1761,7 +1763,9 @@ ShellCloseFileMetaArg (
   // ASSERT that ListHead is not NULL

   //

   ASSERT (ListHead != NULL);

-

+  if (ListHead == NULL) {

+    return (SHELL_INVALID_PARAMETER);

+  }

   //

   // Check for UEFI Shell 2.0 protocols

   //

@@ -2221,6 +2225,10 @@ InternalCommandLineParse (
       if (CurrentItemPackage->Name == NULL) {

         ShellCommandLineFreeVarList (*CheckPackage);

         *CheckPackage = NULL;

+        // Fixing memory leak here

+        SHELL_FREE_NON_NULL (CurrentItemPackage);

         return (EFI_OUT_OF_RESOURCES);

       }



@@ -2323,6 +2331,10 @@ InternalCommandLineParse (
       if (CurrentItemPackage->Value == NULL) {

         ShellCommandLineFreeVarList (*CheckPackage);

         *CheckPackage = NULL;

+        // Fixing memory leak here

+        SHELL_FREE_NON_NULL (CurrentItemPackage);

         return (EFI_OUT_OF_RESOURCES);

       }



@@ -4377,9 +4389,10 @@ ShellFileHandleReadLine (
     return (EFI_INVALID_PARAMETER);

   }



-  if (Buffer == NULL) {

-    ASSERT (*Size == 0);

-  } else {

+  if ((Buffer == NULL) || (*Size == 0)) {

+    return EFI_INVALID_PARAMETER;

+  }

+  else {

     *Buffer = CHAR_NULL;

   }



--
2.36.0.windows.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.

             reply	other threads:[~2022-11-29  6:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-29  6:56 kalaivanip [this message]
2022-12-19  7:52 ` [edk2-devel] [PATCH] ShellPkg: Multiple Coverity issues were found from EDK2 ShellPkg Kalaivani P
  -- strict thread matches above, loose matches on Subject: below --
2022-12-28 11:00 Kalaivani P

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221129065552.482-1-kalaivanip@ami.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox