From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.85]) by mx.groups.io with SMTP id smtpd.web10.142745.1669704974966437602 for ; Mon, 28 Nov 2022 22:56:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ami.com header.s=selector1 header.b=cfGnbLFt; spf=pass (domain: ami.com, ip: 40.107.220.85, mailfrom: kalaivanip@ami.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FxLFwKolM6bFSicKzHZEQI4ISv521UmEiTy/X6dwCJ1AaJQAJZRPCAReE5yUBKpprD4jRiU11nLj1RsppiXn5Q1cPCxS9G7jKh5Lu2z+lW7A8V+2UF9kJ4V4fGHd2iAvGLEwdgKOUtahXhyPRrvCp9QzqcLadHhW58BXdyA33AVsf3Dtkq+4qM0jvb4N5aCiDB4ThO5Aje1g+QtMnepgrAYpT7wmL/B3tueU3OdlxUXU3l06z70Hw4cZGA8INCD563YOyIuM4txI6ULYc3Zl5qh35hxDkHkcuwLxAhJvJP9GbHxgCh5MYr8ASJiTuGYIO55B8l17TMFYhhLOURRLAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6qi6LFRTtrUvpfWWZqvM0cyQJxgYoYKBymgbEQAPl6E=; b=SkOja8m6BssrrIQET10VD8bSznyQQflvvqWyWSC1BzrRiJlQS5fKjuRbpvAmnnrypr1qUjFhysEossF+lnokgEC36BN+gsFV7gaJXsPA5m7b4o7FQB/yqTu+xd4YRsIfLLJtT8Pk1irlCpaIYJICUhXX8oSEiki+USaMsje166SutZtMsbKL7l7+rr7395mOAhMvMYT2jiLIQBJ3e1KP6uh+cULlkK1Jyer9MxUsPsRnPqBP41TGoiQNMWbDmTdPk+Q157jpbGo3wtrNR3BI7ZshWzYTi+FSB89uV7SjPiMior/K/1xA5bSGoOReknN6J4u1q1GMTFmXv5rtUxE6/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ami.com; dmarc=pass action=none header.from=ami.com; dkim=pass header.d=ami.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ami.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6qi6LFRTtrUvpfWWZqvM0cyQJxgYoYKBymgbEQAPl6E=; b=cfGnbLFtqN4NfTgCot3ZxDE8FkXN4k5SldSmUH0rcSfCmH//OQK8GK3rRX6a2QgdtOf8pVsEX2e+hURf/US1bY56FmRDhnchB6NxmYGopJTHFkgHKI8z2YVkxidgyvbVKh6VCr+1Ig5aEn6YfK0F55uW26mKP4GMf0MMt5bgSlc= Received: from PH7PR10MB5831.namprd10.prod.outlook.com (2603:10b6:510:132::19) by CY8PR10MB6825.namprd10.prod.outlook.com (2603:10b6:930:9c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Tue, 29 Nov 2022 06:56:12 +0000 Received: from PH7PR10MB5831.namprd10.prod.outlook.com ([fe80::16c9:3d68:c72c:364c]) by PH7PR10MB5831.namprd10.prod.outlook.com ([fe80::16c9:3d68:c72c:364c%9]) with mapi id 15.20.5857.023; Tue, 29 Nov 2022 06:56:12 +0000 From: kalaivanip@ami.com To: "devel@edk2.groups.io" , Kalaivani P CC: Sundaresan S , Vasudevan S , Arun K , Sainadh Nagolu , Vasudevan S Subject: [PATCH] ShellPkg: Multiple Coverity issues were found from EDK2 ShellPkg Thread-Topic: [PATCH] ShellPkg: Multiple Coverity issues were found from EDK2 ShellPkg Thread-Index: AQHZA7+qZsrxrDS6ZUuAszBpixN6TA== Date: Tue, 29 Nov 2022 06:56:12 +0000 Message-ID: <20221129065552.482-1-kalaivanip@ami.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ami.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR10MB5831:EE_|CY8PR10MB6825:EE_ x-ms-office365-filtering-correlation-id: f106054d-eba9-40e6-0aa9-08dad1d6cd5b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oegmMeyT8bHJyEzeP6D6KqaFe1P3RF659/69ip7GGkxh2VCaPIlAGgfTdpl99jrsaxa61O7AF1TJoVfVdxjAWv0DEMjLaDm4AkRRQtCeZR1ILrD91d7ZiH0lN4toB1tS12IbouHj1/qp4rRw534NA/CNXPxGL1vEEDYmuU/uej2qL9eddZ8mGmbsE03j9pk/tm2Wex+pdUzzr1MYdw4NUvFjz28viN2vCE1DdVgttYf+lL2UHbBRPE0DI5FY0xQtHkluW52crPfYS09fAj/NfR9eyQOeeutq5ppfvQLBoWarWsIW5466ZmDk+rNOJVJbFJKQAK29PFwXer54Cy0uQB6246KGTh//9x3k2yAJoUkTgR94qXBiqQf4olJEgiiRgCyhMeIfp8NMx8N5nyAcIVdMxcG9foTQT7XLY2UA3lVxVCKreBr+pHNYXrIqZw1qaK98UIDTyTDwf9yz5ls7rsKBZTv1ZMVS/ttDgfnWLt/uWBTJ89y77dqebyprWV8qQugtJqyPKsmGHTEYmR0ldRhGcQIiOa+I01ZyDPDkf/8JXOY4SJsTUGNp4GGxJjXsUkOSatPZWBk+lzBHdZFRdhiOjppYtH8wRZK5FDtYykcb6fouil+Kb3jOY7fSi4fImR4gAZVuujtwkO2J9visupJ8FZ5sCRjSTmRHsN0dwm3DuNTsBFdCGNeTnaeN/49JA7SZxI1qdE5YKHo2SEhM/YoH8LSk2eylpf1do8gwX94= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR10MB5831.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(39850400004)(366004)(396003)(136003)(451199015)(478600001)(316002)(2906002)(76116006)(19627235002)(91956017)(66946007)(6486002)(40140700001)(110136005)(7049001)(71200400001)(54906003)(36756003)(122000001)(38100700002)(83380400001)(26005)(6506007)(86362001)(6512007)(186003)(2616005)(1076003)(38070700005)(66899015)(30864003)(5660300002)(8936002)(41300700001)(66446008)(66476007)(66556008)(64756008)(8676002)(4326008)(403724002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?Y1B3ZGPgflgCDmgx5mPW55QjQop7MtBntrSb/jnE1bIXwvSfOesM0sVYgw?= =?iso-8859-1?Q?y7Ee2jzgKyPaLgnpDbA/JH7C+zu8T7MSCNnm70z33pwKcfY+MM8bXLtwo/?= =?iso-8859-1?Q?VXJo8Z/TxU/JkVRwSLFrHNiWUWiR0LWzc6VD5tbxcHgwDg5McPFsTfgMOi?= =?iso-8859-1?Q?ScO8lOP7Kadj+CB8S/Ld2lgRXXPodexOy09LMk1Tg3OZM8FeisYm9aT5oK?= =?iso-8859-1?Q?Jitg+iEeHUsdivaGYKvn5LK+OV1fd9axpm8Ums7i4RXyz6Vph9VF4NS+Bu?= =?iso-8859-1?Q?ynNr1UZF1jsP4xzcFYXpFtLTjR0839NAggaZCoT3MfvfdbnCMggOCvwzlA?= =?iso-8859-1?Q?4S0rH0RZFjXErI5YaqK6u30i8ITGoMW4PBix/yzniEhYIwy2dksxBvZpW4?= =?iso-8859-1?Q?5rtRMub9xJxXiCYmwEwL6E6kqtNvoxdQluQIFSLwK2Si0N61C889lOHCeD?= =?iso-8859-1?Q?cHohLoO3suhigrjtoIApf6z7Tiv8w8WymWmKuJup/OmD6PJXAfz6NW+lTN?= =?iso-8859-1?Q?QgjvNufzBjQ5PB6sd1Ugr0ta0xFD/vKlKqiIw43k3D5JehP1UHhCMZ1GXZ?= =?iso-8859-1?Q?MKpUv6Zc/YSwEmaU/gltxQ/cS6CvKJ2ef6WT9jGydQu+f56YlOaItB8Jb0?= =?iso-8859-1?Q?cP3UuDL+5Vojf0MMQt/y/iJJGxeZ+aV0s9yPv+IU/sL2lDw9adjyUv8Llh?= =?iso-8859-1?Q?LQXLT3P3GR8pC24Omg37L+dklPX69NejECxDaTCCm6me6ElZYgvaVaG6BK?= =?iso-8859-1?Q?tLy7w7m6H4Yy7+5WYahga1A97IJxJDOOq7QfRTv6NR5TbOEXwbhlTqc3Dx?= =?iso-8859-1?Q?4IPpCwHWUYJTxOCX1d6/NO0e1NQD4GYlN2qRKx1G7WVShTqgHhYUAu410k?= =?iso-8859-1?Q?SiwsassBQoOHpQV7mjRnvKS5zvrB1mJsaEWnAtj/leUDVjxYTVFvb9/ek6?= =?iso-8859-1?Q?EsdKJRsL21w6Uiwwagk2pBQo+B+sgx+Pwkv9J/Vimyg09gSYnbdHkbvUVr?= =?iso-8859-1?Q?gefVvyako6Jh65b81EYeut4znIuL4EeDhuAG+Kt5hKm0sF2QB8GX9vcIpV?= =?iso-8859-1?Q?9ePEfEA2MrK2h7KqkT4GZm1nrOFWx3/ArIHHozBF3Y0mLh48ncFvgJptdf?= =?iso-8859-1?Q?JTzbUOD0bFCv3hSkXez68ac+SZvleE7BZPU/tCbg02qO/Vt6G67fc1+QM0?= =?iso-8859-1?Q?bmn+NYse4JJNv769wRxBZbxOVdjAl3jncpcajhDeR4nAb7fh8bmDthmpL8?= =?iso-8859-1?Q?1OkWNVKKIiYiUEHw4gHHuwEKfovL1SOlO95fOuqhRqG6X/9f4QfPEzGQXP?= =?iso-8859-1?Q?FUJo5NLsH39VRf/UtsWzTvL+yyNZMI72O98e2dxvnu5d8GaPCW6ZpJ38mD?= =?iso-8859-1?Q?mGpxGM9AJ9wdwg6LwsGlfc+Ecu7pgYFOQHfEBdg5ugF0NHnoB3Er3gb1p/?= =?iso-8859-1?Q?qEBIQJpLC27kIH8YL5Bpbniot9qhqUJQh3691LVx4/EY7NF/RJXt4cddaD?= =?iso-8859-1?Q?ql4NxqLGir1c2MPPKQS6lvim94HuW4U2YxI/jbfJ+X4zqcArNHNf26eV/Q?= =?iso-8859-1?Q?rinEZaMMNwE3UpoJpgy4O6Mb/LQ0n3suVtHgZL4ypXkyMK0g8e8IRWlqov?= =?iso-8859-1?Q?az+RE7KtUAqgS8UWkEs6nUie6un7G9BAT7?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR10MB5831.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f106054d-eba9-40e6-0aa9-08dad1d6cd5b X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2022 06:56:12.4380 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iQrhddfH6NsfzqWkvLoT5h7/8nFg66oZuZq5ahjNQwPY9BuuMtxt2hAcKdvLYaXIy7zYHJ9nzUwWJz0sCxbf8g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR10MB6825 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Attached is the report for Coverity issues identified in ShellPkg based on edk2-stable202205. Cc: Vasudevan Sambandan Cc: Sundaresan Selvaraj Cc: Arun k Cc: Sainadh N Signed-off-by: Kalaivani P --- ShellPkg/Application/Shell/ShellManParser.c | 6 +++++- ShellPkg/Application/Shell/ShellProtocol.c | 3 ++- .../Library/UefiShellDebug1CommandsLib/Dblk.c | 6 +++--- .../HexEdit/BufferImage.c | 10 ++++++--- .../HexEdit/FileImage.c | 6 +++++- .../UefiShellDriver1CommandsLib/DrvCfg.c | 3 ++- .../Library/UefiShellLevel1CommandsLib/For.c | 4 ++++ .../Library/UefiShellLevel1CommandsLib/If.c | 4 ++++ .../Library/UefiShellLevel2CommandsLib/Vol.c | 5 ++++- .../Library/UefiShellLevel3CommandsLib/Help.c | 4 ++++ ShellPkg/Library/UefiShellLib/UefiShellLib.c | 21 +++++++++++++++---- 11 files changed, 57 insertions(+), 15 deletions(-) diff --git a/ShellPkg/Application/Shell/ShellManParser.c b/ShellPkg/Applica= tion/Shell/ShellManParser.c index 5c823cd7f5..716eb17a1d 100644 --- a/ShellPkg/Application/Shell/ShellManParser.c +++ b/ShellPkg/Application/Shell/ShellManParser.c @@ -2,6 +2,7 @@ Provides interface to shell MAN file parser. Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
Copyright 2015 Dell Inc. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -601,7 +602,10 @@ ProcessManFile ( if (TempString !=3D NULL) { FileHandle =3D ConvertEfiFileProtocolToShellHandle (CreateFileInterfac= eMem (TRUE), NULL); HelpSize =3D StrLen (TempString) * sizeof (CHAR16); - ShellWriteFile (FileHandle, &HelpSize, TempString); + Status =3D ShellWriteFile (FileHandle, &HelpSize, TempString); + if (EFI_ERROR (Status)) { + return Status; + } ShellSetFilePosition (FileHandle, 0); HelpSize =3D 0; BriefSize =3D 0; diff --git a/ShellPkg/Application/Shell/ShellProtocol.c b/ShellPkg/Applicat= ion/Shell/ShellProtocol.c index 509eb60e40..fbe1d7e01f 100644 --- a/ShellPkg/Application/Shell/ShellProtocol.c +++ b/ShellPkg/Application/Shell/ShellProtocol.c @@ -5,6 +5,7 @@ (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -2518,7 +2519,7 @@ ShellSearchHandle ( EfiShellClose (ShellInfoNode->Handle); ShellInfoNode->Handle =3D NULL; } - } else if (!EFI_ERROR (Status)) { + } else if (!EFI_ERROR (Status) && (ShellInfoNode->FullName =3D= =3D NULL)) { // // should be a file // diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c b/ShellPkg/= Library/UefiShellDebug1CommandsLib/Dblk.c index 97a4b57a93..08372d9fa4 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c @@ -3,6 +3,7 @@ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -45,8 +46,7 @@ DisplayTheBlocks ( if (EFI_ERROR (Status)) { return (SHELL_NOT_FOUND); } - - BufferSize =3D BlockIo->Media->BlockSize * BlockCount; + BufferSize =3D BlockIo->Media->BlockSize * (UINTN)BlockCount; if (BlockIo->Media->IoAlign =3D=3D 0) { BlockIo->Media->IoAlign =3D 1; } @@ -55,7 +55,7 @@ DisplayTheBlocks ( OriginalBuffer =3D AllocateZeroPool (BufferSize + BlockIo->Media->IoAl= ign); Buffer =3D ALIGN_POINTER (OriginalBuffer, BlockIo->Media->IoAl= ign); } else { - ShellPrintEx (-1, -1, L" BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", = BlockIo->Media->BlockSize, BlockCount); + ShellPrintEx (-1, -1, L" BlockSize: 0x%08x, BlockCount: 0x%08x\r\n", = BlockIo->Media->BlockSize,(UINTN)BlockCount); OriginalBuffer =3D NULL; Buffer =3D NULL; } diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImag= e.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c index be77e31a40..e68ab7c21a 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/BufferImage.c @@ -3,6 +3,7 @@ as well as the event handlers for editing the file Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -2036,7 +2037,8 @@ HBufferImageAddCharacterToBuffer ( UINTN OldPos; UINTN NewPos; - + EFI_STATUS Status; + Size =3D HBufferImageGetTotalSize (); // @@ -2083,10 +2085,12 @@ HBufferImageAddCharacterToBuffer ( Size +=3D Count; HBufferImageFreeLines (); - - HBufferImageBufferToList (Buffer, Size); + Status =3D HBufferImageBufferToList (Buffer, Size); FreePool (Buffer); + if (EFI_ERROR (Status)) { + return Status; + } Link =3D HMainEditor.BufferImage->ListHead->ForwardLink; for (Index =3D 0; Index < (INTN)NewPos / 0x10; Index++) { diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.= c b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c index d8818dd958..8907a66845 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c @@ -2,6 +2,7 @@ Functions to deal with file buffer. Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -245,6 +246,7 @@ HFileImageRead ( @retval EFI_SUCCESS The operation was successful. @retval EFI_OUT_OF_RESOURCES A memory allocation failed. @retval EFI_LOAD_ERROR A load error occurred. + @retval EFI_INVALID_PARAMETER FileName input parameter is NULL. **/ EFI_STATUS HFileImageSave ( @@ -264,7 +266,9 @@ HFileImageSave ( BufferTypeBackup =3D HBufferImage.BufferType; HBufferImage.BufferType =3D FileTypeFileBuffer; - + if (FileName =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } // // if is the old file // diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c b/ShellP= kg/Library/UefiShellDriver1CommandsLib/DrvCfg.c index 9bbbb1444d..04b46256df 100644 --- a/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c +++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c @@ -3,6 +3,7 @@ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -355,7 +356,7 @@ ConfigFromFile ( } MainBuffer =3D AllocateZeroPool ((UINTN)MainBufferSize); - if (EFI_ERROR (Status)) { + if (MainBuffer =3D=3D NULL) { ShellPrintHiiEx ( -1, -1, diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c b/ShellPkg/L= ibrary/UefiShellLevel1CommandsLib/For.c index 8a6a940f28..6e413a1813 100644 --- a/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c +++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/For.c @@ -3,6 +3,7 @@ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -335,6 +336,9 @@ ShellCommandRunFor ( CurrentScriptFile =3D ShellCommandGetCurrentScriptFile (); ASSERT (CurrentScriptFile !=3D NULL); + if (CurrentScriptFile =3D=3D NULL) { + return (SHELL_DEVICE_ERROR); + } if ((CurrentScriptFile->CurrentCommand !=3D NULL) && (CurrentScriptFile-= >CurrentCommand->Data =3D=3D NULL)) { FirstPass =3D TRUE; diff --git a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c b/ShellPkg/Li= brary/UefiShellLevel1CommandsLib/If.c index b4a6966edb..5607ef6e82 100644 --- a/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c +++ b/ShellPkg/Library/UefiShellLevel1CommandsLib/If.c @@ -3,6 +3,7 @@ (C) Copyright 2013-2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -100,6 +101,9 @@ IsValidProfile ( ProfilesString =3D ShellGetEnvironmentVariable (L"profiles"); ASSERT (ProfilesString !=3D NULL); + if (ProfilesString =3D=3D NULL) { + return FALSE; + } TempLocation =3D StrStr (ProfilesString, String); if ((TempLocation !=3D NULL) && (*(TempLocation-1) =3D=3D L';') && (*(Te= mpLocation+StrLen (String)) =3D=3D L';')) { return (TRUE); diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/L= ibrary/UefiShellLevel2CommandsLib/Vol.c index 8f7310c074..045577203b 100644 --- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c +++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c @@ -3,6 +3,7 @@ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -97,7 +98,9 @@ HandleVol ( } ASSERT (SysInfo !=3D NULL); - + if (SysInfo =3D=3D NULL) { + return (SHELL_OUT_OF_RESOURCES);; + } if (Delete) { *((CHAR16 *)SysInfo->VolumeLabel) =3D CHAR_NULL; SysInfo->Size =3D SIZE_OF_EFI_FILE_SYSTEM_INFO + S= trSize (SysInfo->VolumeLabel); diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/= Library/UefiShellLevel3CommandsLib/Help.c index 7f146bb9fb..17fb989d02 100644 --- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c +++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c @@ -3,6 +3,7 @@ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
Copyright (c) 2014, ARM Limited. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -118,6 +119,9 @@ CopyListOfCommandNames ( { CONST COMMAND_LIST *Node; + if (SourceList =3D=3D NULL) { + return SHELL_INVALID_PARAMETER;; + } for ( Node =3D (COMMAND_LIST *)GetFirstNode (&SourceList->Link) ; SourceList !=3D NULL && !IsListEmpty (&SourceList->Link) && !IsN= ull (&SourceList->Link, &Node->Link) ; Node =3D (COMMAND_LIST *)GetNextNode (&SourceList->Link, &Node->= Link) diff --git a/ShellPkg/Library/UefiShellLib/UefiShellLib.c b/ShellPkg/Librar= y/UefiShellLib/UefiShellLib.c index a72767bd86..eae6553d91 100644 --- a/ShellPkg/Library/UefiShellLib/UefiShellLib.c +++ b/ShellPkg/Library/UefiShellLib/UefiShellLib.c @@ -1,9 +1,11 @@ + /** @file Provides interface to shell functionality for shell commands and applica= tions. (C) Copyright 2016 Hewlett Packard Enterprise Development LP
Copyright 2016-2018 Dell Technologies.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 1985 - 2022, American Megatrends International LLC.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1761,7 +1763,9 @@ ShellCloseFileMetaArg ( // ASSERT that ListHead is not NULL // ASSERT (ListHead !=3D NULL); - + if (ListHead =3D=3D NULL) { + return (SHELL_INVALID_PARAMETER); + } // // Check for UEFI Shell 2.0 protocols // @@ -2221,6 +2225,10 @@ InternalCommandLineParse ( if (CurrentItemPackage->Name =3D=3D NULL) { ShellCommandLineFreeVarList (*CheckPackage); *CheckPackage =3D NULL; + // Fixing memory leak here + SHELL_FREE_NON_NULL (CurrentItemPackage); return (EFI_OUT_OF_RESOURCES); } @@ -2323,6 +2331,10 @@ InternalCommandLineParse ( if (CurrentItemPackage->Value =3D=3D NULL) { ShellCommandLineFreeVarList (*CheckPackage); *CheckPackage =3D NULL; + // Fixing memory leak here + SHELL_FREE_NON_NULL (CurrentItemPackage); return (EFI_OUT_OF_RESOURCES); } @@ -4377,9 +4389,10 @@ ShellFileHandleReadLine ( return (EFI_INVALID_PARAMETER); } - if (Buffer =3D=3D NULL) { - ASSERT (*Size =3D=3D 0); - } else { + if ((Buffer =3D=3D NULL) || (*Size =3D=3D 0)) { + return EFI_INVALID_PARAMETER; + } + else { *Buffer =3D CHAR_NULL; } -- 2.36.0.windows.1 -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= .