From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id D2D88740037 for ; Thu, 26 Oct 2023 01:05:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=SmZDLUUc0vPl+g3FEU5zavHr5Hq7Pw6ObpydaUd+TMA=; c=relaxed/simple; d=groups.io; h=Message-ID:From:To:Subject:Date:MIME-Version:Importance:References:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Length; s=20140610; t=1698282347; v=1; b=I+Iv1QLMS5ayUSjqTT5IaKmI5+8QwrIpxJubPA+Jy/DEloszH/fJL0EFMg9yVDEcfPMvhz9i bwbXL7TW25aIWJYteZv3zBoVkltIXxqoFYGCqhiyB3nbxuDbp5+Y8sIbaW0BmCXf244bjvtUlsM q38xzdPLV4xrgel4JwQpyZTQ= X-Received: by 127.0.0.2 with SMTP id TvYwYY7687511xbUVmo9cyvr; Wed, 25 Oct 2023 18:05:47 -0700 X-Received: from sonic312-28.consmr.mail.ne1.yahoo.com (sonic312-28.consmr.mail.ne1.yahoo.com [66.163.191.209]) by mx.groups.io with SMTP id smtpd.web10.190179.1698282346663155538 for ; Wed, 25 Oct 2023 18:05:46 -0700 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1698282345; bh=+qythj3zi6kWOh9vdOGSU3+UlbY40fysY2bVC8r2K04=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=rrllI/2iqka79MhXDn+XtXMV8BoNOwCaks6MMHRmDCk+rikWnbUIscTc+MeQlJJM3rItenUBFicFLgXp3ntwcC+kWAwZcM9856qtHJ3ipeHF02Bik73bDT7qPDPjuFO/d5SK0hsU4I86Ff1EPgBVUikLxQUWql5Ip3RXGo9Ragel+UtgMV0QnGqLOaCOtQjmNqa/nLemaFviBOxhJNI7GjOqzJGJ+8KkLJcOwAh0VPeOnU0g09rsByWipJ6kHsa4ZHM7c4wbPfoR776fhFmRFbfeWlWcytc81VeXsjE4eOqeq5ziQ4sD67wgzDq9depMTZcnyWkMM6fSNrY+yXeEaQ== X-YMail-OSG: SbOnxb8VM1k0.Iwo_mQTov17HK8Cj6Mjfa1PAHmNWOCGHJWmhFUs_xXRzWaNHxf wapyo56M0tOsCog8Cn9dYuKjoUIo_T6aim0ecIQFSP.rcze_0sllltajKnyJZ1bpkcXMm3dxyTG4 K_KGhj1TmI78mntYi8Kn4.5RsvXw3U91MJQZqgmSbhMYNmJk2guwpyE.Pyu5vkKyMq.zSPkZnZrr .a7K7Z5UFK3uN3Tf1gjVdBsRHpj5LaTSAozZWzezoypOt5oN_Yyr6QIpjUzEj9RretcWRm1xKbXN GIdxELtkiRIL44PIwLboUfTKs2zq0LjuwJtYQlsnLEKkJBtGLak8cXM4TMa0Ceg_khJEOhh7F5Vd pSh56PRVp14dJ7OQ_BwGSPBj6SY3ZTyo4R7O9OQ4ceCnK_wS857mQImWb.n7QZIqPwaFKFRXnywW axa6i74e1jpJa2UtUVgErXFgXmwc.zeRIzspvaBRehykerI5ShKaCAu2QW5PsnYkmKkBZkJ5fKez 8.vsF93zPCYs3INtvxIyrRFy7M54mAj5aEGnjZo07YPEV84muXsVnZUWYFxNQth.pCK1hw9bShRb .MJDmsE9RgLyIm4JS85CzJgfpuV2JIiIZHyq1As6r8pw25dyiJf8hXjODLa5Vr_Wcl7dpem.oOoD S1JBDt3zY2QDJE4wioBWzm3nTnlYoEdH_Mq7VjBk4M9EsMQOu3q8RfgPuvDzE2B0SYhz7lOTZCjb O7K.lrqmwVcD6T9blQNqJWj3VutxvZzIQ0nHYNoVuH7WA0CIrhmOtNG2O8D9pciCaq1qqhaSITjd KCT6skYHeLffaURMizrqu1zRM8Z11QlxOLBiktv4OIlB13Gu8xEaCtC4gnFaNtfqEzrgJJ2E.9lB B_RNSsFYlf7WXF2k.In4Ofp7OQ1ZoHK9LgpMEWD8pcCBr9itUmfnKMQgCEv7puFcTSRexS8IfAiD l8ePFsKiRY1MwTfCfCC822HSQZsUoSpuZuMvp5lPMAm.vz.mHGg4G5915eXnv64apTY78x2JM7Aq xbkPsuJnnvS0KF6cFJiWJY2d16T0LT9s8.LdBuTYkIbbstRv3w1x9.RuQsMypaQTUHZ0xxhkQ.aI 7skK0kphl7vneuU4wrT4RV2SVd2kmugjr3ywEnYpQgL9Pb9W1U5ipsDI4KcZPV618fB6bWDSX6L8 PyQUjNljKA9GOvndS7DouZ_diO0CJn7MXzEWSsPz6IWTvrOYZk_k49UCoH8MbPW9wb5oesoY25.d B_RdGBRsz9kYLHhqMec.qX8LeecEKDJ7iPYUYs1aO8JuMcrgQGVyNWgsnvE_IG097TniC6frWYZe 7pmPMt.AyQ2TUdPk8IcSRqiZWdeVhbmJ4O8NRmDimo969OKiu0HCv9hNc6ta_i3n9y3tmecWN.LX xmEO9GrR216OoVhVpz.trOFyXKUa2ut_Nrq1wa6WdWE7NIwqx2ULmF2Pjfzt_yhKPi.nyNWNNF_S OyIfgcnQfRT9JdhfpX4ZBUiigOiWyPXJoLPtO4cmoYR1mYQc0BdAzaGCTt18EyMhtKXFoLljwtiZ MhFITGuZsdHS_pOgKGstXYsRewLJxnoSFONAUjd5KRUbwauMlYS7nSSdmlNWSSpv8cSvWkq6lT8Y h.08Led2BDFN5vNFj.mgY_s.wnBorYhYqWPzpFd1gJZfHpzk.8i1BQAH5.qrwwO0y4GtPeGYoc3x oSwrol_mS4h3XT4bKVdS8KvLBctil7wqeuO01VDxpEHlZBcNr.S1wh3PdhbvJILBg6sVus.w5tI_ pK.bgphdvb2oKYr77kfDuGIzZ.XysjKBCO70ZGU2AZ1XwOwQLQQVWseW.dJUJixn8GEk0Rbal0Hu j_UFv3_nmRCh1Ye3o4r.gPpo2LQGG9temUgnwfUOp_qWALxR6cO8h2hjizWLU1oDeXk2DQhwzNq9 66leoePTigsfsnDdGAPNLyhIBnORvnubFrBA0uFAqYxpJWeeR1C4qQDOm1DvMeRyrkF4PizW0Gbl ebB51mjNDwPBpJT9ZaEzXggOdnKJjIxfICg0GQru4zsYQarUDvAK7ylbjMoa_pdcujk4BnnFGbtm UABO8nag6TRKOi0lHOLg.A4WJ_PBEYkxo5VycrecsjqUA34TZbx6iLmkf.uPaW3gsBrnpBUG246H ypxFltd38x3pjv4.isVhGLDvcXEZEbaN_oR5ZLycA2SsQXgbJtfOVo87_Jd.TWpCTQHtlU5BMopJ R45c3GPDQcZoJowMb8VDTnsRCfHFB X-Sonic-MF: X-Sonic-ID: 51fe7b19-ff0e-42e4-b61a-c40e61df9978 X-Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Thu, 26 Oct 2023 01:05:45 +0000 X-Received: by hermes--production-bf1-5b945b6d47-b72k6 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID fc1483d3247627d4c1ebfffe9c35ce0a; Thu, 26 Oct 2023 01:05:38 +0000 (UTC) Message-ID: <62690423D2A24D1DBB82CD22AE44EADE@DESKTOPQUG2G9K> From: "Charles Hyde" To: Subject: [edk2-devel] [PATCH v1 1/1] Bug 2861 - HiiDatabaseDxe, ConfigRouting.c, GetElementsFromRequest incorrect error handling. Date: Wed, 25 Oct 2023 21:05:35 -0400 MIME-Version: 1.0 X-Priority: 3 Importance: Normal References: <62690423D2A24D1DBB82CD22AE44EADE.ref@DESKTOPQUG2G9K> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,chip.programmer@att.net List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: lZv7A6InlcqWWe69YdlQzg2Rx7686176AA= Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=fail ("headers rsa verify failed") header.d=groups.io header.s=20140610 header.b=I+Iv1QLM; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Charles Hyde BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2861 I believe the attached ConfigRouting.txt patch will resolve bug 2861, plus resolve an uninitialized pointer issue in HiiConfigRoutingExportConfig(). The uninitialized pointer was identified when running the EDK2 Self Certification Test with all tests selected, having caused the CPU to issue an exception error (most times) or completely trashed the system (sometimes). I found a second instance of GetElementsFromRequest(), located in HiiLib.c, that also needed an update. The attached patch should address this bug and more. Signed-off-by: Charles Hyde --- diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c index 63a37ab59a..c3dc7bf558 100644 --- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c +++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c @@ -2272,8 +2272,14 @@ GetElementsFromRequest ( { EFI_STRING TmpRequest; + ASSERT (ConfigRequest !=3D NULL); + if (ConfigRequest =3D=3D NULL) + return FALSE; + TmpRequest =3D StrStr (ConfigRequest, L"PATH=3D"); ASSERT (TmpRequest !=3D NULL); + if (TmpRequest =3D=3D NULL) + return FALSE; if ((StrStr (TmpRequest, L"&OFFSET=3D") !=3D NULL) || (StrStr (TmpReques= t, L"&") !=3D NULL)) { return TRUE; diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c index 5ae6189a28..0b39f156f3 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c @@ -420,14 +420,19 @@ AppendToMultiString ( } AppendStringSize =3D StrSize (AppendString); + if (AppendStringSize <=3D sizeof(*AppendString)) // If the string is empty, there is no need to proceed further. + return EFI_SUCCESS; + MultiStringSize =3D StrSize (*MultiString); MaxLen =3D MAX_STRING_LENGTH / sizeof (CHAR16); // // Enlarge the buffer each time when length exceeds MAX_STRING_LENGTH. // - if ((MultiStringSize + AppendStringSize > MAX_STRING_LENGTH) || - (MultiStringSize > MAX_STRING_LENGTH)) + if ((MultiStringSize + AppendStringSize > MAX_STRING_LENGTH) /*|| + (MultiStringSize > MAX_STRING_LENGTH)*/) // There is no need to check the second part. + // If the first part is false, the second part will always be false. + // If the second part is true, the first part must also be true. { *MultiString =3D (EFI_STRING)ReallocatePool ( MultiStringSize, @@ -1800,8 +1805,14 @@ GetElementsFromRequest ( { EFI_STRING TmpRequest; + ASSERT (ConfigRequest !=3D NULL); + if (ConfigRequest =3D=3D NULL) + return FALSE; + TmpRequest =3D StrStr (ConfigRequest, L"PATH=3D"); ASSERT (TmpRequest !=3D NULL); + if (TmpRequest =3D=3D NULL) + return FALSE; if ((StrStr (TmpRequest, L"&OFFSET=3D") !=3D NULL) || (StrStr (TmpReques= t, L"&") !=3D NULL)) { return TRUE; @@ -5292,6 +5303,7 @@ HiiConfigRoutingExportConfig ( // IfrDataParsedFlag =3D FALSE; Progress =3D NULL; + AccessResults =3D NULL; HiiHandle =3D NULL; DefaultResults =3D NULL; Database =3D NULL; @@ -5326,6 +5338,14 @@ HiiConfigRoutingExportConfig ( &AccessResults ); if (EFI_ERROR (Status)) { + + // If an error was returned, then do not believe any results in thes= e two pointers. + Progress =3D NULL; + if (AccessResults) { + FreePool (AccessResults); + AccessResults =3D NULL; + } + // // Update AccessResults by getting default setting from IFR when HiiPackage is registered to HiiHandle // @@ -5350,6 +5370,17 @@ HiiConfigRoutingExportConfig ( } if (!EFI_ERROR (Status)) { + + // If AccessResults =3D=3D NULL, there is nothing to be done. + if (AccessResults =3D=3D NULL) { + Progress =3D NULL; + + if (ConfigRequest !=3D NULL) + FreePool (ConfigRequest); + + continue; + } + // // Update AccessResults by getting default setting from IFR when HiiPackage is registered to HiiHandle //=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110066): https://edk2.groups.io/g/devel/message/110066 Mute This Topic: https://groups.io/mt/102191640/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-