From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <afish@apple.com>
Received: from mail-in23.apple.com (mail-out23.apple.com [17.171.2.33])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 70EEA21D28FD6
 for <edk2-devel@lists.01.org>; Mon,  7 Aug 2017 09:24:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s;
 c=relaxed/simple; q=dns/txt; i=@apple.com; t=1502123189;
 h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=ipnzviLxNLCg1eGgbm+LtAtJyU/k8ObcJbmD6HIrsJo=;
 b=k/mFfHO+KY0PMRPJWWWujp3EgdcqUBW7rQfHbK2GDxFBM1VBubS5rjD+xVrrYobj
 UnIQk7ScF3ye388cWI99/57aJnYJrFIowaWulvzhVVTLyA00GLw7+X1Z0SylFT8x
 yrxeoT2gw0tqNCTC+5nZiMMErjkxyRpGFXCwhxDLJ1G1NEfQmjnH2E+yUOG1TRIw
 GZVEh/WS/8h0l8KlK8TtpSQdp2u+SsMORh8LNAkMimSnKN4fUFlE7xJoWAq9QK6i
 b3H3VrRF+rkvmYmkYaxPSGEP47LjHU366UQDt31VFJ2YS7+RBSEUtBJx/FJtoTj/
 FP+u1PDmQ8R5y95ZjivDNw==;
Received: from relay23.apple.com (relay23.apple.com [17.171.128.104])
 (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mail-in23.apple.com (Apple Secure Mail Relay) with SMTP id
 C8.F1.08001.5B498895; Mon,  7 Aug 2017 09:26:29 -0700 (PDT)
X-AuditID: 11ab0217-c09ff70000001f41-1d-598894b51551
Received: from ma1-mmpp-sz10.apple.com (ma1-mmpp-sz10.apple.com
 [17.171.128.150])
 by relay23.apple.com (Apple SCV relay) with SMTP id B5.25.07952.5B498895;
 Mon,  7 Aug 2017 09:26:29 -0700 (PDT)
MIME-version: 1.0
Received: from [17.234.178.91] by ma1-mmpp-sz10.apple.com
 (Oracle Communications Messaging Server 8.0.1.2.20170621 64bit (built Jun 21
 2017)) with ESMTPSA id <0OUB009R9PO1FEB0@ma1-mmpp-sz10.apple.com>; Mon,
 07 Aug 2017 09:26:29 -0700 (PDT)
Sender: afish@apple.com
From: Andrew Fish <afish@apple.com>
Message-id: <5BC1C303-CE42-4DAD-91EB-F4BB327DE88A@apple.com>
Date: Mon, 07 Aug 2017 09:26:25 -0700
In-reply-to: <1502078429-13340-1-git-send-email-yonghong.zhu@intel.com>
Cc: edk2-devel@lists.01.org, Liming Gao <liming.gao@intel.com>,
 Mike Kinney <michael.d.kinney@intel.com>
To: Yonghong Zhu <yonghong.zhu@intel.com>
References: <1502078429-13340-1-git-send-email-yonghong.zhu@intel.com>
X-Mailer: Apple Mail (2.3273)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrHLMWRmVeSWpSXmKPExsUiuLohQ3frlI5Ig/b98hZ7Dh1ltlhxbwO7
 RUfHPyaL/R1pDiwei/e8ZPLonv2PJYApissmJTUnsyy1SN8ugStjQ083Y8HSp8wVjccvsDcw
 tqxl7mLk5JAQMJFYsfcPYxcjF4eQwHomiXdNnxhhEhc2vWaHSBxmlLh5fz8TSIJXQFDix+R7
 LCA2s0CYxLX1i6CKvjJKNFxqA0sIC4hLvDuzCWwFm4CyxIr5H4CKOICabST2vreGKImSuNV2
 CqyERUBV4kHnH7D5nALuEv9n3GIFKWcWyJJ4Oo8XJCwioCnRcqObHcQWEnCTuLlqOhPEnbIS
 t2ZfYgY5QUJgDZvEp4aVjBMYhWYhOXUWklMhbC2J749ageIgK+QlDp6XhQhrSjy79wmqRFvi
 ybsLrAsY2VYxCucmZuboZuYZGeslFhTkpOol5+duYgRHCJP4DsbPrw0PMQpwMCrx8DJkdkQK
 sSaWFVfmHmKU5mBREufd9Lo1UkggPbEkNTs1tSC1KL6oNCe1+BAjEwenVANj6fUDa4v8enZz
 ayhcfeQcZCvJf3XK1z0vVn1mXdTj9auvrrf/fJVP5/We66wsfl76oZoZzu/Kr87itdhhKCNy
 kX3PpH6vBzM+ysyZ9P7UXctbW9bYSYQ8m5G3qSLcvWrbadd6/Y9lTrvvfkp+WtI312vKQ48L
 hYxyERu2bHzDrvxtlbFemO96JZbijERDLeai4kQA4qF6A3ECAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrILMWRmVeSWpSXmKPExsUiuLphmu7WKR2RBp/WSFnsOXSU2WLFvQ3s
 Fh0d/5gs9nekObB4LN7zksmje/Y/lgCmKC6blNSczLLUIn27BK6MDT3djAVLnzJXNB6/wN7A
 2LKWuYuRk0NCwETiwqbX7F2MXBxCAocZJW7e388EkuAVEJT4MfkeC4jNLBAmcW39Iqiir4wS
 DZfawBLCAuIS785sApvEJqAssWL+B6AiDqBmG4m9760hSqIkbrWdAithEVCVeND5B2w+p4C7
 xP8Zt1hBypkFsiSezuMFCYsIaEq03OhmB7GFBNwkbq6azgRxp6zErdmXmCcw8s9Cct0sJNdB
 2FoS3x+1AsVBpspLHDwvCxHWlHh27xNUibbEk3cXWBcwsq1iFCxKzUmsNDLWSywoyEnVS87P
 3cQICeiMHYzXb5odYhTgYFTi4WXI7IgUYk0sK67MPcQowcGsJMIr3wwU4k1JrKxKLcqPLyrN
 SS0+xCjNwaIkzpv4sz1SSCA9sSQ1OzW1ILUIJsvEwSnVwKi+hO1CRcEVds/QD9+OunTve7Fv
 9sXJKRZ6IX85Vr71rXfSj17RzOq9b6mWQizfg8lzOXNPSn41uHP+1c9jnXKCTYXNj6UnL1/v
 JLbW0T3gy/U3vuarJz/deCjWb7fLLj91lmeh7Po324LOMU1bmLrtwx/mfTx37Bd6hAYc5Qw0
 6npqnMuTsUmJpTgj0VCLuag4EQCTzTwXZAIAAA==
X-Content-Filtered-By: Mailman/MimeDel 2.1.22
Subject: Re: [Patch] BaseTools: Fix Segmentation fault: 11 when build AppPkg with XCODE5
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 16:24:15 -0000
Content-Type: text/plain; CHARSET=US-ASCII
Content-Transfer-Encoding: 7BIT

Should that be:
Contributed-under: TianoCore Contribution Agreement 1.1

I also noticed the PeCoff lib is going to loop and reload the .debug suction due to this mtoc bug, so it would be good to harden that code too. 

git diff MdePkg/Library/BasePeCoffLib/BasePeCoff.c
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 8d1daba..1e4c67e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -771,6 +771,8 @@ PeCoffLoaderGetImageInfo (
             }
 
             return RETURN_SUCCESS;
+          } else if (DebugEntry.Type == CODEVIEW_SIGNATURE_MTOC) {
+            return RETURN_SUCCESS;
           }
         }
       }
@@ -862,6 +864,8 @@ PeCoffLoaderGetImageInfo (
         if (DebugEntry.Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW) {
           ImageContext->DebugDirectoryEntryRva = (UINT32) (DebugDirectoryEntryRva + Index);
           return RETURN_SUCCESS;
+        } else if (DebugEntry.Type == CODEVIEW_SIGNATURE_MTOC) {
+          return RETURN_SUCCESS;
         }
       }
     }


https://bugzilla.tianocore.org/show_bug.cgi?id=663
Contributed-under: TianoCore Contribution Agreement 1.1

Thanks,

Andrew Fish


> On Aug 6, 2017, at 9:00 PM, Yonghong Zhu <yonghong.zhu@intel.com> wrote:
> 
> it is a bug in mtoc setting the size of the debug directory entry to
> the size of the .debug section, not the size of the
> EFI_IMAGE_DEBUG_DIRECTORY_ENTRY. It was causing a loop to iterate and
> get bogus EFI_IMAGE_DEBUG_DIRECTORY_ENTRY data and pass that to
> memset() and boom.
> 
> Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com>>
> Cc: Michael D Kinney <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Andrew Fish <afish@apple.com <mailto:afish@apple.com>>
> ---
> BaseTools/Source/C/GenFw/GenFw.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/BaseTools/Source/C/GenFw/GenFw.c b/BaseTools/Source/C/GenFw/GenFw.c
> index 246deb0..af60c92 100644
> --- a/BaseTools/Source/C/GenFw/GenFw.c
> +++ b/BaseTools/Source/C/GenFw/GenFw.c
> @@ -2813,10 +2813,11 @@ Returns:
>   //
>   // Get Debug, Export and Resource EntryTable RVA address.
>   // Resource Directory entry need to review.
>   //
>   Optional32Hdr = (EFI_IMAGE_OPTIONAL_HEADER32 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
> +  Optional64Hdr = (EFI_IMAGE_OPTIONAL_HEADER64 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
>   if (Optional32Hdr->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
>     SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) Optional32Hdr +  FileHdr->SizeOfOptionalHeader);
>     if (Optional32Hdr->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_EXPORT && \
>         Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_EXPORT].Size != 0) {
>       ExportDirectoryEntryRva = Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
> @@ -2833,11 +2834,10 @@ Returns:
>         Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].Size = 0;
>         Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress = 0;
>       }
>     }
>   } else {
> -    Optional64Hdr = (EFI_IMAGE_OPTIONAL_HEADER64 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
>     SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) Optional64Hdr +  FileHdr->SizeOfOptionalHeader);
>     if (Optional64Hdr->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_EXPORT && \
>         Optional64Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_EXPORT].Size != 0) {
>       ExportDirectoryEntryRva = Optional64Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
>     }
> @@ -2907,10 +2907,20 @@ Returns:
>           RsdsEntry->Unknown  = 0;
>           RsdsEntry->Unknown2 = 0;
>           RsdsEntry->Unknown3 = 0;
>           RsdsEntry->Unknown4 = 0;
>           RsdsEntry->Unknown5 = 0;
> +        } else if (RsdsEntry->Signature == CODEVIEW_SIGNATURE_MTOC) {
> +          // MTOC sets DebugDirectoryEntrySize to size of the .debug section, so fix it.
> +          if (!ZeroDebugFlag) {
> +            if (Optional32Hdr->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
> +              Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].Size = sizeof (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY);
> +            } else {
> +              Optional64Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].Size = sizeof (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY);
> +            }
> +          }
> +          break;
>         }
>       }
>     }
>   }
> 
> -- 
> 2.6.1.windows.1