From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id EFEAF940EDC for ; Fri, 8 Sep 2023 01:00:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=KglHDtogUiqAyImTgUe9YpuQinT3Fz0mILFJuoz8lg4=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1694134809; v=1; b=ddZ853nOevi/uFV6LhUPUO9vRkC9fdyBN8+SQS1WX1hhZJYCzUe6cdawwWAg+RsaCWzQoyl+ GIvP9pFhzaWYhBt15yVrshSY8MPn+3mKN6ibALkqYaZdxWuwugEKGQss4e9sbxewO+YfptMz+Gd T2fykR2h2PCXv3aiqrjh9/1w= X-Received: by 127.0.0.2 with SMTP id pZDSYY7687511xogIMpJC13p; Thu, 07 Sep 2023 18:00:09 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.29734.1694134808985020228 for ; Thu, 07 Sep 2023 18:00:09 -0700 X-Received: from [192.168.4.22] (unknown [47.201.241.95]) by linux.microsoft.com (Postfix) with ESMTPSA id 063D8212B5BE; Thu, 7 Sep 2023 18:00:07 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 063D8212B5BE Message-ID: <450acce3-1f73-902f-f30e-123186ba2adc@linux.microsoft.com> Date: Thu, 7 Sep 2023 21:00:06 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: =?UTF-8?B?UmU6IOWbnuWkjTogW2VkazItZGV2ZWxdIFtQQVRDSCB2MSAxLzFdIFNoZWxsUGtnL1VlZmlTaGVsbE5ldHdvcmsyQ29tbWFuZHNMaWI6IENoZWNrIGFycmF5IGluZGV4IGJlZm9yZSBhY2Nlc3M=?= To: gaoliming , devel@edk2.groups.io Cc: 'Zhichao Gao' , 'Michael D Kinney' References: <20230906174033.1878-1-mikuback@linux.microsoft.com> <006d01d9e1ed$1f1997d0$5d4cc770$@byosoft.com.cn> From: "Michael Kubacki" In-Reply-To: <006d01d9e1ed$1f1997d0$5d4cc770$@byosoft.com.cn> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: lsBbZPXnCNwM8g6GZIdcZF1Ix7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ddZ853nO; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Liming, I'm running the CodeQL CLI=20 (https://docs.github.com/en/code-security/codeql-cli/getting-started-with-t= he-codeql-cli)=20 locally against the code with some new queries. The queries in the codeql/cpp-queries pack listed here are relatively=20 easy to experiment with https://codeql.github.com/codeql-query-help/cpp/. The particular query related to this patch was=20 https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range= -check/. Thanks, Michael On 9/7/2023 8:40 PM, gaoliming wrote: > Michael: > How do you detect those issues? Do you use the tool or do code review? >=20 > For this change, Reviewed-by: Liming Gao >=20 >> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- >> =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io = =E4=BB=A3=E8=A1=A8 Michael >> Kubacki >> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2023=E5=B9=B49=E6=9C=887=E6=97=A5 = 1:41 >> =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io >> =E6=8A=84=E9=80=81: Zhichao Gao ; Michael D Kinne= y >> >> =E4=B8=BB=E9=A2=98: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwor= k2CommandsLib: >> Check array index before access >> >> From: Michael Kubacki >> >> Moves the range check for the index into the array before attempting >> any accesses using the array index. >> >> Cc: Zhichao Gao >> Cc: Michael D Kinney >> Signed-off-by: Michael Kubacki >> --- >> ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c >> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c >> index 7c80bba46581..5cb92c485b47 100644 >> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c >> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c >> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr ( >> >> ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN >> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle); >> >> - while ((Ip->Addr[Index] =3D=3D 0) && (Ip->Addr[Index + 1] =3D=3D = 0) && >> (Index < PREFIXMAXLEN)) { >> + while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] =3D=3D 0) && >> (Ip->Addr[Index + 1] =3D=3D 0)) { >> Index =3D Index + 2; >> if (Index > PREFIXMAXLEN - 2) { >> break; >> -- >> 2.42.0.windows.2 >> >> >> >> -=3D-=3D-=3D-=3D-=3D-=3D >> Groups.io Links: You receive all messages sent to this group. >> View/Reply Online (#108336): >> https://edk2.groups.io/g/devel/message/108336 >> Mute This Topic: https://groups.io/mt/101198333/4905953 >> Group Owner: devel+owner@edk2.groups.io >> Unsubscribe: https://edk2.groups.io/g/devel/unsub >> [gaoliming@byosoft.com.cn] >> -=3D-=3D-=3D-=3D-=3D-=3D >> >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108432): https://edk2.groups.io/g/devel/message/108432 Mute This Topic: https://groups.io/mt/101228328/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-