From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue
Date: Mon, 11 Feb 2019 13:02:48 +0000 [thread overview]
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C895CC7@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <20190211061126.45552-1-chen.a.chen@intel.com>
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Chen
> A Chen
> Sent: Monday, February 11, 2019 2:11 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A; Gao, Liming
> Subject: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer
> dereference issue
>
> To avoid potential NULL pointer dereference issue. Initialize them at
> the beginning of the function. This patch is a supplement which was missed
> at e98212cb5d59fff8f385d9179ad7f1a3ce9cf215 commit.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
> ---
> MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 23
> +++++++++++++---------
> .../Application/CapsuleApp/CapsuleOnDisk.c | 5 ++++-
> 2 files changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index 33d2ecc582..cbbfda1424 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -1001,12 +1001,15 @@ DumpProvisionedCapsule (
> EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Fs;
> EFI_SHELL_PROTOCOL *ShellProtocol;
>
> - ShellProtocol = GetShellProtocol ();
> -
> Index = 0;
> CapsuleDataPtr64 = NULL;
> BootNext = NULL;
> - ShellProtocol = NULL;
> +
> + ShellProtocol = GetShellProtocol ();
> + if (ShellProtocol == NULL) {
> + Print (L"Get Shell Protocol Fail\n");
> + return ;
> + }
>
> //
> // Dump capsule provisioned on Memory
> @@ -1033,16 +1036,16 @@ DumpProvisionedCapsule (
> (VOID **) &CapsuleDataPtr64,
> NULL
> );
> - if (EFI_ERROR (Status)) {
> + if (EFI_ERROR (Status) || CapsuleDataPtr64 == NULL) {
> if (Index == 0) {
> Print (L"No data.\n");
> }
> break;
> - } else {
> - Index++;
> - Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> - DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
> }
> +
> + Index++;
> + Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> + DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
> }
>
> //
> @@ -1057,7 +1060,9 @@ DumpProvisionedCapsule (
> (VOID **) &BootNext,
> NULL
> );
> - if (!EFI_ERROR (Status)) {
> + if (EFI_ERROR (Status) || BootNext == NULL) {
> + Print (L"Get BootNext Variable Fail. Status = %r\n", Status);
> + } else {
> UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x",
> *BootNext);
> Status = EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOptionEntry);
> if (!EFI_ERROR (Status)) {
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> index 4faa863bca..f6e46cbdb1 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> @@ -445,7 +445,10 @@ GetUpdateFileSystem (
> (VOID **)&BootNextData,
> NULL
> );
> - if (!EFI_ERROR (Status)) {
> + if (EFI_ERROR (Status) || BootNextData == NULL) {
> + Print (L"Get Boot Next Data Fail. Status = %r\n", Status);
> + return EFI_NOT_FOUND;
> + } else {
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Best Regards,
Hao Wu
> UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x",
> *BootNextData);
> Status = EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOption);
> if (!EFI_ERROR (Status)) {
> --
> 2.16.2.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2019-02-11 13:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-11 6:11 [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue Chen A Chen
2019-02-11 13:02 ` Wu, Hao A [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-02-01 2:06 Chen A Chen
2019-02-02 5:21 ` Gao, Liming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=B80AF82E9BFB8E4FBD8C89DA810C6A093C895CC7@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox