From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+108045+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 33DAF740037
	for <rebecca@openfw.io>; Sun, 27 Aug 2023 10:57:25 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=4n1BdyNP4OvGMYRvcQ76GegnsJUAh97fB6STcdC5dtM=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1693133843; v=1;
 b=lS0vB12u+Y45JxOGQV5eL2H1J4t0PM8OaNrW1pN5Ez+WG1swDIfkcyU4SrhXri60BqdRgeXt
 BYqOngJTXR/lv1Q2RFyid9G1cNtL9/+IxmZ0etXMXWqhk3nMtYvG+MmgmIZAPlgChus/h6muEwk
 sa5m5CL6gjEaSxkWaApN5kNg=
X-Received: by 127.0.0.2 with SMTP id J5NsYY7687511x9PceXakH8P; Sun, 27 Aug 2023 03:57:23 -0700
X-Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46])
 by mx.groups.io with SMTP id smtpd.web11.25131.1693133843138782705
 for <devel@edk2.groups.io>;
 Sun, 27 Aug 2023 03:57:23 -0700
X-Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-5007f3d3235so3559755e87.2
        for <devel@edk2.groups.io>; Sun, 27 Aug 2023 03:57:22 -0700 (PDT)
X-Gm-Message-State: MFdwF4AUhjbm39KaUJGRkEs0x7686176AA=
X-Google-Smtp-Source: AGHT+IE4jSVfGW2ys5rEyEWZRB9T/b6CzMWazSl/Tq+uljV7hPIKL0gmYtiDyqk1YPNYZ0VseS+a5w==
X-Received: by 2002:a19:4302:0:b0:500:7a21:3e78 with SMTP id q2-20020a194302000000b005007a213e78mr12503504lfa.55.1693133841315;
        Sun, 27 Aug 2023 03:57:21 -0700 (PDT)
X-Received: from localhost.localdomain ([79.164.221.98])
        by smtp.gmail.com with ESMTPSA id i11-20020ac2522b000000b004fb9fe34c27sm1085825lfl.92.2023.08.27.03.57.20
        (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
        Sun, 27 Aug 2023 03:57:20 -0700 (PDT)
From: "Mike Maslenkin" <mike.maslenkin@gmail.com>
To: devel@edk2.groups.io
Cc: abner.chang@amd.com,
	nicklew@nvidia.com,
	igork@ami.com,
	Mike Maslenkin <mike.maslenkin@gmail.com>
Subject: [edk2-devel] [PATCH 2/5] RedfishClientPkg: fix access to uninitialized variable
Date: Sun, 27 Aug 2023 13:56:37 +0300
Message-Id: <20230827105640.94731-3-mike.maslenkin@gmail.com>
In-Reply-To: <20230827105640.94731-1-mike.maslenkin@gmail.com>
References: <20230827105640.94731-1-mike.maslenkin@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mike.maslenkin@gmail.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=lS0vB12u;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

This patch fixes access to uninitialized variable, causing ASSERT from
FreePool at least.

Before this patch RedfishSettingsResponse was initialized by
GetResourceByUri under 'if (JsonValue !=3D NULL)' condition.
But freed under 'if (Private->Payload !=3D NULL)' condition.
Thus uninitialized pointers caused ASSERT on attempt to free memory.

Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
---
 RedfishClientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/RedfishClientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.c b/RedfishC=
lientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.c
index e7ac8779581c..f5562fb49cab 100644
--- a/RedfishClientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.c
+++ b/RedfishClientPkg/Features/Bios/v1_0_9/Dxe/BiosDxe.c
@@ -128,6 +128,8 @@ RedfishResourceConsumeResource (
     return Status;=0D
   }=0D
 =0D
+  ZeroMem (&RedfishSettingsResponse, sizeof (REDFISH_RESPONSE));=0D
+=0D
   ExpectedResponse   =3D &Response;=0D
   RedfishSettingsUri =3D NULL;=0D
   JsonValue          =3D RedfishJsonInPayload (Response.Payload);=0D
--=20
2.32.0 (Apple Git-132)



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108045): https://edk2.groups.io/g/devel/message/108045
Mute This Topic: https://groups.io/mt/100988472/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-