From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194])
 by mx.groups.io with SMTP id smtpd.web10.5003.1680029523670746465
 for <devel@edk2.groups.io>;
 Tue, 28 Mar 2023 11:52:03 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=permanent DNS error (domain: smith-denny.com, ip: 74.208.4.194, mailfrom: osd@smith-denny.com)
Received: from [10.137.194.171] ([131.107.8.107]) by mrelay.perfora.net
 (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MSthj-1pqsvB1Onl-00Ru1r;
 Tue, 28 Mar 2023 20:51:48 +0200
Message-ID: <575d7034-291c-c43d-ca2b-3d6a0364b60b@smith-denny.com>
Date: Tue, 28 Mar 2023 11:51:42 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.8.0
Subject: Re: [edk2-devel] [PATCH v7 00/12] Enable New CodeQL Queries
To: devel@edk2.groups.io, mikuback@linux.microsoft.com
Cc: Bob Feng <bob.c.feng@intel.com>, Dandan Bi <dandan.bi@intel.com>,
 Eric Dong <eric.dong@intel.com>, Erich McMillan <emcmillan@microsoft.com>,
 Guomin Jiang <guomin.jiang@intel.com>, Jian J Wang <jian.j.wang@intel.com>,
 Jiaxin Wu <jiaxin.wu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>,
 Maciej Rabeda <maciej.rabeda@linux.intel.com>, Michael Brown
 <mcb30@ipxe.org>, Michael D Kinney <michael.d.kinney@intel.com>,
 Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
 Sean Brogan <sean.brogan@microsoft.com>, Siyuan Fu <siyuan.fu@intel.com>,
 Star Zeng <star.zeng@intel.com>, Xiaoyu Lu <xiaoyu1.lu@intel.com>,
 Yuwei Chen <yuwei.chen@intel.com>, Zhichao Gao <zhichao.gao@intel.com>,
 Zhiguang Liu <zhiguang.liu@intel.com>
References: <20230324223034.1560-1-mikuback@linux.microsoft.com>
From: "Oliver Smith-Denny" <osd@smith-denny.com>
In-Reply-To: <20230324223034.1560-1-mikuback@linux.microsoft.com>
X-Provags-ID: V03:K1:vsrsaLozeD9NitGQHeVWJPt22JO/vDolY9E8tJVJt5PSPVxGMk8
 FIBjy5j/UxgsOnuLrzahnSA8AdvkSH7aLECJ1BusNDXX8J2SgHlACii5efdTgt19yIOcxy0
 SyTTn5WayPuICooJpJCjZPo7sS7yrJzprHY0xhxB7ODjqo7qAztfZi9nrke4aOIONJsMQGR
 U+ADbbpVJ7JjHu8r2BscA==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:xmN9b5dy9lY=;ssi7JE4Qhfqfp48xb5qPueOCgQG
 LuxHW26JF4GRI1u4RBICZHUajeEC+r8Ko6iSyzxciDpEcbhisEs3hvyk31F7B5H8GeyoRJ7A7
 UouszltjFYambiMuQSP0eSMmG0E3EHg1sPAszylFG2Z2xDz4uH3TvyXmTqQ7dhWH/Wr/9H7hg
 lJ/HBjDRH3YpIeMAq6gEa0DzSlw2LstHkqAqxjpnt2ciyWVAIHIE3aLRSunN1EZYaatTZJy25
 eLTxx9/ZEAlxDDKzISuCw9KoxyTUYWJuIMQZ3H2sxS69dQ0rxfDecBE+vIywXRkJEDQ6nD9Fk
 Oa56PWs/bWmY0S9ULoGyFTf0SP6V1Kyf3MOCwnrfI0S5Z6DhoJ8RPmJ3sDI/QvaFSpi9JjaiW
 B2gPI9PPohRufFEg1gOOVVfqGITTLuYQDAFW9mk9ObqTmC6gLXgGume7Cm3Wkc5xHs5K2gKaE
 DAR2CqeTxlAED+5BKpz/vn5jA0u1sdCcnGsG8pae8eiiUcMWg4nHtQy7S5owmzisXS/aMBeIY
 XeUUInkf+Ybvv+TOCxyqr5kI+UPm5ijXIz+9inQTwoW+Y5lO++iUc03M/SzSPNXF/kpC9T73M
 93LHY730jPGpLUsWmyuY5PEW7Yfn0lLn7XSvHJlCW0cpbxw7YcbSMWxGjiYhCZPlJMH7PCASC
 AdYuSf8ZlMioKm2F5jMwch0lAuKc3bUPA/CrcyxVgw==
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

With comments and for the patchset:

Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>

Thanks!

On 3/24/2023 3:30 PM, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Adds queries for the following:
> 
> 1. cpp/conditionallyuninitializedvariable
> 2. cpp/pointer-overflow-check
> 3. cpp/overrunning-write
> 4. cpp/overrunning-write-with-float
> 5. cpp/very-likely-overrunning-write
> 
> These check for vulnerabilities with the following CWEs:
> 
>    - https://cwe.mitre.org/data/definitions/120.html
>    - https://cwe.mitre.org/data/definitions/457.html
>    - https://cwe.mitre.org/data/definitions/676.html
>    - https://cwe.mitre.org/data/definitions/758.html
>    - https://cwe.mitre.org/data/definitions/787.html
>    - https://cwe.mitre.org/data/definitions/805.html
> 
> The first part of this patch series contains fixes for CodeQL alerts
> across various packages that are produced by the new queries being
> enabled.
> 
> The second part updates the CodeQL queries.
> 
> Note: The changes are currently in the following pull request
> https://github.com/tianocore/edk2/pull/4133
> 
> v7 series changes:
> 
> 1. Added R-b tag to UefiCpuPkg patch
> 2. Merged Rebecca's patch https://edk2.groups.io/g/devel/message/101819
>     into [PATCH v7 02/12]
> 
> v6 series changes:
> 
> 1. Also change "1u" to "1" in:
>     - UefiCpuPkg/CpuMpPei/CpuPaging.c
>     - UefiCpuPkg/CpuMpPei/CpuMpPei.c
> 
> v5 series changes:
> 
> 1. Changed "1u" to "1" in UefiCpuPkg/CpuMpPei/CpuBist.c
> 2. Added Rb tags from v4 series
> 
> v4 series changes:
> 
> 1. Simplify conditional logic in Patch 1 per Michael Brown's
>     suggestion.
> 
> v3 series changes:
> 
> 1. Rebased series onto 93a21b4 (current edk2/master)
> 
> 2. Added v2 Rb tags
> 
> V2 series changes:
> 
> 1. MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
>     - Applied SafeUintnAdd() to both variables in the comparison
>       in ParseAndAddExistingSmbiosTable()
> 
>      Addresses feedback from: Mike Kinney
> 
> 2. CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
>     - Changes:
> 
>       if (!(Inf & 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {
> 
>       To:
> 
>       if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {
> 
>      Addresses feedback from: Mike Kinney
> 
> 3. MdePkg/Library/BaseLib/String.c
>     - Removes: #include <Uefi/UefiBaseType.h>
>     - Changes conditional style in changes to if statement from
>       ternary for changes made throughout the file
>     - Updates commit message to describe change in return value
> 
>     Addresses feedback from: Mike Kinney
> 
> 4. NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
>     - Changes:
> 
>       if (!EFI_ERROR (Status) && (Data > HTTP_URI_PORT_MAX_NUM)) {
>         Status = EFI_INVALID_PARAMETER;
>         goto ON_EXIT;
>       }
> 
>       To:
> 
>       if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) {
>         Status = EFI_INVALID_PARAMETER;
>         goto ON_EXIT;
>       }
> 
>     Addresses feedback from: Mike Kinney
> 
> 5. ShellPkg/Application/Shell/Shell.c
>     - Initializes CalleeStatus to EFI_SUCCESS in DoStartupScript()
>     - Restores original if statement logic in DoStartupScript()
> 
>     Addresses feedback from: Zhichao Gao
> 
> 6. ShellPkg/Application/Shell/ShellProtocol.c
>     - Adds additional check for return value from
>       PARSE_HANDLE_DATABASE_UEFI_DRIVERS() in EfiShellGetDeviceName()
> 
>     Addresses feedback from: Zhichao Gao
> 
> 7. Includes up-to-date R-b tags
> 
> ---
> 
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Erich McMillan <emcmillan@microsoft.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Michael Brown <mcb30@ipxe.org>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Michael Kubacki <mikuback@linux.microsoft.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Erich McMillan (1):
>    MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
> 
> Michael Kubacki (11):
>    BaseTools/PatchCheck.py: Add PCCTS to tab exemption list
>    BaseTools/VfrCompile: Fix potential buffer overwrites
>    CryptoPkg: Fix conditionally uninitialized variable
>    MdeModulePkg: Fix conditionally uninitialized variables
>    MdePkg: Fix conditionally uninitialized variables
>    NetworkPkg: Fix conditionally uninitialized variables
>    PcAtChipsetPkg: Fix conditionally uninitialized variables
>    ShellPkg: Fix conditionally uninitialized variables
>    UefiCpuPkg: Fix conditionally uninitialized variables
>    .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
>    .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries
> 
>   BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c               | 10 ++--
>   BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c              |  4 +-
>   CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c                 | 21 ++++---
>   MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c                        |  5 +-
>   MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c                           | 24 +++++---
>   MdeModulePkg/Core/Dxe/Mem/Page.c                              | 17 +++---
>   MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c | 25 ++++----
>   MdeModulePkg/Library/FileExplorerLib/FileExplorer.c           |  5 +-
>   MdeModulePkg/Universal/BdsDxe/BdsEntry.c                      | 33 ++++++-----
>   MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c      | 11 ++--
>   MdeModulePkg/Universal/HiiDatabaseDxe/Font.c                  | 14 +++--
>   MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c                  |  8 +--
>   MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c         |  2 +-
>   MdePkg/Library/BaseLib/String.c                               | 40 ++++++++++---
>   NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c                    |  2 +-
>   NetworkPkg/TcpDxe/TcpInput.c                                  |  3 +
>   PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c            |  9 ++-
>   ShellPkg/Application/Shell/Shell.c                            |  1 +
>   ShellPkg/Application/Shell/ShellProtocol.c                    | 60 ++++++++++----------
>   ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c    | 56 +++++++++---------
>   ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c            | 18 +++---
>   ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c   |  9 ++-
>   ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c        | 14 +++--
>   ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c     | 17 ++++--
>   ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c        | 21 +++----
>   UefiCpuPkg/CpuMpPei/CpuBist.c                                 |  8 ++-
>   UefiCpuPkg/CpuMpPei/CpuMpPei.c                                |  8 ++-
>   UefiCpuPkg/CpuMpPei/CpuPaging.c                               |  9 ++-
>   .github/codeql/edk2.qls                                       | 10 ++++
>   BaseTools/Scripts/PatchCheck.py                               |  5 +-
>   30 files changed, 286 insertions(+), 183 deletions(-)
>