From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.7779.1676383918011539547
 for <devel@edk2.groups.io>;
 Tue, 14 Feb 2023 06:11:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=XOCt1kxN;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1676383916;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=/lS12kjL0Tnxl6Zi8vDC/n9bD4ID1ACX66hkhqsah14=;
	b=XOCt1kxNLql8XPVcFABdNVrkJBbLLQEmpBWzqV2DvwGhIoBgWytRlA0PIIOB5V3YFDtasi
	JV/6UPBmswfvhFnTI2+JJhFe2heJEM1j34jWBmp/nQsLTAO7XyJBkDBoNPxB3T7NSBtcpL
	qxeJlufAmq47bOgek+Aa8xxpI9gZ9OA=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-150--Gh6daQyNPGydJUdhx4kfg-1; Tue, 14 Feb 2023 09:11:51 -0500
X-MC-Unique: -Gh6daQyNPGydJUdhx4kfg-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 17CF51871DA7;
	Tue, 14 Feb 2023 14:11:51 +0000 (UTC)
Received: from sirius.home.kraxel.org (ovpn-195-41.brq.redhat.com [10.40.195.41])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8E2A62166B2A;
	Tue, 14 Feb 2023 14:11:48 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 18C251802381; Tue, 14 Feb 2023 15:11:47 +0100 (CET)
Date: Tue, 14 Feb 2023 15:11:47 +0100
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Michael Brown <mcb30@ipxe.org>
Cc: devel@edk2.groups.io, mikuback@linux.microsoft.com,
	Dandan Bi <dandan.bi@intel.com>,
	Erich McMillan <emcmillan@microsoft.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Star Zeng <star.zeng@intel.com>,
	Zhichao Gao <zhichao.gao@intel.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: Re: [edk2-devel] [PATCH v3 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Message-ID: <20230214141147.saswcivljvjuhdxa@sirius.home.kraxel.org>
References: <20230213154908.1993-1-mikuback@linux.microsoft.com>
 <20230213154908.1993-2-mikuback@linux.microsoft.com>
 <010201864b8f56cb-c9b052f6-c9e6-4c22-9d99-c87c947a7169-000000@eu-west-1.amazonses.com>
 <20230214130114.kp4z4zmfjgaalv47@sirius.home.kraxel.org>
 <01020186502e636e-e8e67b6b-f07a-43b9-aa39-35be69d08c68-000000@eu-west-1.amazonses.com>
MIME-Version: 1.0
In-Reply-To: <01020186502e636e-e8e67b6b-f07a-43b9-aa39-35be69d08c68-000000@eu-west-1.amazonses.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

  Hi,

> [ ... details snipped ... ]
> 
> I'd prefer it if the code were updated to avoid SafeUintnAdd() altogether.
> But if not, then at a minimum the redundant check should be removed, and the
> calculation involving Smbios.Hdr->Length should also be updated to use
> SafeUintnAdd().

Fully agreeing to that.

take care,
  Gerd