From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: chasel.chiu@intel.com) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by groups.io with SMTP; Mon, 15 Jul 2019 17:07:05 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jul 2019 17:07:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,494,1557212400"; d="scan'208";a="187220726" Received: from pgsmsx103.gar.corp.intel.com ([10.221.44.82]) by fmsmga001.fm.intel.com with ESMTP; 15 Jul 2019 17:07:04 -0700 Received: from pgsmsx111.gar.corp.intel.com ([169.254.2.22]) by PGSMSX103.gar.corp.intel.com ([169.254.2.247]) with mapi id 14.03.0439.000; Tue, 16 Jul 2019 08:07:03 +0800 From: "Chiu, Chasel" To: "Desimone, Nathaniel L" , "devel@edk2.groups.io" CC: "Kubacki, Michael A" , "Chaganty, Rangasai V" Subject: Re: [edk2-platforms] [PATCH] KabylakeSiliconPkg: Possible out-of-bounds memory writes Thread-Topic: [edk2-platforms] [PATCH] KabylakeSiliconPkg: Possible out-of-bounds memory writes Thread-Index: AQHVO015Epyhr3gZM0K1jjpNhPgIyabMXgHQ Date: Tue, 16 Jul 2019 00:07:02 +0000 Message-ID: <3C3EFB470A303B4AB093197B6777CCEC5042AE5A@PGSMSX111.gar.corp.intel.com> References: <20190715203933.29256-1-nathaniel.l.desimone@intel.com> In-Reply-To: <20190715203933.29256-1-nathaniel.l.desimone@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOGFmOTFmZjktYzM1MC00YWYwLWJhYTMtZGVhYjE2ODEwNjdmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZlE0Y21DMEFSRVwvNUwyYVIxYnVaZmxoZmNGTFBieXd2THA3Rm1WZFFvRzFwazg2RGtrMnVucVRLWGhtM1wvSDJ3In0= x-ctpclassification: CTP_NT x-originating-ip: [172.30.20.205] MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please extend copyright to 2019, with that change, Reviewed-by: Chasel Chiu= > -----Original Message----- > From: Desimone, Nathaniel L > Sent: Tuesday, July 16, 2019 4:40 AM > To: devel@edk2.groups.io > Cc: Chiu, Chasel ; Kubacki, Michael A > ; Chaganty, Rangasai V > > Subject: [edk2-platforms] [PATCH] KabylakeSiliconPkg: Possible out-of-bou= nds > memory writes >=20 > - Add check for the DSDT not existing. > - Fixed logic errors in loop boundary check. >=20 > Cc: Chasel Chiu > Cc: Michael A Kubacki > Cc: Sai Chaganty >=20 > Co-authored-by: John Mathews > Signed-off-by: Nate DeSimone > --- > .../Library/DxeAslUpdateLib/DxeAslUpdateLib.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) >=20 > diff --git > a/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdateLi= b. > c > b/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdateLi= b. > c > index e6ab43db6d..a9611f750f 100644 > --- > a/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdateLi= b. > c > +++ > b/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdateLi= b. > c > @@ -59,6 +59,7 @@ InitializeAslUpdateLib ( > @param[in] Length - length of data to be overwritten >=20 > @retval EFI_SUCCESS - The function completed successfully. > + @retval EFI_NOT_FOUND - Failed to locate AcpiTable. > **/ > EFI_STATUS > UpdateNameAslCode ( > @@ -99,11 +100,14 @@ UpdateNameAslCode ( > /// Point to the beginning of the DSDT table > /// > CurrPtr =3D (UINT8 *) Table; > + if (CurrPtr =3D=3D NULL) { > + return EFI_NOT_FOUND; > + } >=20 > /// > /// Loop through the ASL looking for values that we must fix up. > /// > - for (DsdtPointer =3D CurrPtr; DsdtPointer <=3D (CurrPtr + > ((EFI_ACPI_COMMON_HEADER *) CurrPtr)->Length); DsdtPointer++) { > + for (DsdtPointer =3D CurrPtr; DsdtPointer < (CurrPtr + > ((EFI_ACPI_COMMON_HEADER *) CurrPtr)->Length); DsdtPointer++) { > /// > /// Get a pointer to compare for signature > /// > -- > 2.17.1.windows.2