From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, mcb30@ipxe.org
Cc: mikuback@linux.microsoft.com, Dandan Bi <dandan.bi@intel.com>,
Erich McMillan <emcmillan@microsoft.com>,
Jian J Wang <jian.j.wang@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Star Zeng <star.zeng@intel.com>,
Zhichao Gao <zhichao.gao@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Michael Kubacki <michael.kubacki@microsoft.com>
Subject: Re: [edk2-devel] [PATCH v3 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Date: Tue, 14 Feb 2023 14:01:14 +0100 [thread overview]
Message-ID: <20230214130114.kp4z4zmfjgaalv47@sirius.home.kraxel.org> (raw)
In-Reply-To: <010201864b8f56cb-c9b052f6-c9e6-4c22-9d99-c87c947a7169-000000@eu-west-1.amazonses.com>
On Mon, Feb 13, 2023 at 04:15:30PM +0000, Michael Brown wrote:
> On 13/02/2023 15:48, Michael Kubacki wrote:
> > @@ -1608,9 +1610,12 @@ ParseAndAddExistingSmbiosTable (
> > //
> > // Make sure not to access memory beyond SmbiosEnd
> > //
> > - if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||
> > - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))
> > - {
> > + Status = SafeUintnAdd ((UINTN)Smbios.Raw, sizeof (SMBIOS_STRUCTURE), &SafeIntResult);
> > + if (EFI_ERROR (Status)) {
> > + return EFI_INVALID_PARAMETER;
> > + }
> > +
> > + if ((SafeIntResult > (UINTN)SmbiosEnd.Raw) || (SafeIntResult < (UINTN)Smbios.Raw)) {
> > return EFI_INVALID_PARAMETER;
> > }
>
> Could this not be expressed much more cleanly as just:
>
> if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE)) {
> return EFI_INVALID_PARAMETER;
> }
>
> without the need to hide a basic arithmetic operation behind an ugly wrapper
> function and drag in an external library?
Well, the advantage of using SafeIntLib is that (a) it is obvious even
to untrained code readers what is going on here, and (b) it is hard to
get it wrong.
When looking at the quality some of the patches being posted to the list
have I'd say that is important to consider even if you personally have
no problems avoiding integer overflows without the help of SafeIntLib.
take care,
Gerd
next prev parent reply other threads:[~2023-02-14 13:01 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-13 15:48 [PATCH v3 00/12] Enable New CodeQL Queries Michael Kubacki
2023-02-13 15:48 ` [PATCH v3 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki
2023-02-13 16:15 ` [edk2-devel] " Michael Brown
2023-02-14 13:01 ` Gerd Hoffmann [this message]
2023-02-14 13:47 ` Michael Brown
2023-02-14 14:11 ` Gerd Hoffmann
2023-02-14 14:16 ` Michael Kubacki
2023-02-14 13:53 ` Michael Kubacki
2023-02-13 15:48 ` [PATCH v3 02/12] BaseTools/PatchCheck.py: Add PCCTS to tab exemption list Michael Kubacki
2023-02-13 15:48 ` [PATCH v3 03/12] BaseTools/VfrCompile: Fix potential buffer overwrites Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 04/12] CryptoPkg: Fix conditionally uninitialized variable Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 05/12] MdeModulePkg: Fix conditionally uninitialized variables Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 06/12] MdePkg: " Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 07/12] NetworkPkg: " Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 08/12] PcAtChipsetPkg: " Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 09/12] ShellPkg: " Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 10/12] UefiCpuPkg: " Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 11/12] .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries Michael Kubacki
2023-02-13 15:49 ` [PATCH v3 12/12] .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230214130114.kp4z4zmfjgaalv47@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox