From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.27801.1678473905694120874
 for <devel@edk2.groups.io>;
 Fri, 10 Mar 2023 10:45:05 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=E6yKANx2;
 spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com)
Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 236D42057658;
	Fri, 10 Mar 2023 10:45:04 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 236D42057658
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1678473905;
	bh=15Gf3GAP0jSmWOQU2ULp0V2mvpQLoXFX82ffK3iP4uE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=E6yKANx2LqEQKpCbBCcm8BNGvVOnSx1C11NXfzlwU2xO6talVOJiKY8W1UublDU3n
	 o9LugAz01YxzNuikLNw6ETF5f41Xn4HEJ/xJSk7YU3Rk3nB0yh1hsd7bqM6BvvvHDY
	 huNJzRL9sPDn9dD/DGZ5K6tMQy3+VUP9ZY3ojeEA=
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Dandan Bi <dandan.bi@intel.com>,
	Erich McMillan <emcmillan@microsoft.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Star Zeng <star.zeng@intel.com>,
	Zhichao Gao <zhichao.gao@intel.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [PATCH v4 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Date: Fri, 10 Mar 2023 13:42:27 -0500
Message-Id: <20230310184238.2999-2-mikuback@linux.microsoft.com>
X-Mailer: git-send-email 2.39.2.windows.1
In-Reply-To: <20230310184238.2999-1-mikuback@linux.microsoft.com>
References: <20230310184238.2999-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Erich McMillan <emcmillan@microsoft.com>

Details for these CodeQL alerts can be found here:

- Pointer overflow check (cpp/pointer-overflow-check):
  - https://cwe.mitre.org/data/definitions/758.html

- Potential buffer overflow check (cpp/potential-buffer-overflow):
  - https://cwe.mitre.org/data/definitions/676.html

CodeQL alert:

  - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
    - Type: Pointer overflow check
    - Severity: Low
    - Problem: Range check relying on pointer overflow

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Erich McMillan <emcmillan@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
 MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/=
Universal/SmbiosDxe/SmbiosDxe.c
index 1d43adc7662c..dd077bb0cf19 100644
--- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
+++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
@@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable (
     //
     // Make sure not to access memory beyond SmbiosEnd
     //
-    if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||
-        (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))
-    {
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE))=
 {
       return EFI_INVALID_PARAMETER;
     }
=20
@@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable (
     // Make sure not to access memory beyond SmbiosEnd
     // Each structure shall be terminated by a double-null (0000h).
     //
-    if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEn=
d.Raw) ||
-        (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.R=
aw))
-    {
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U))=
 {
       return EFI_INVALID_PARAMETER;
     }
=20
--=20
2.39.2.windows.1