From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=hao.a.wu@intel.com;
 receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8066E21959CB2
 for <edk2-devel@lists.01.org>; Tue, 12 Feb 2019 03:22:11 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 12 Feb 2019 03:22:10 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,361,1544515200"; d="scan'208";a="125820226"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by orsmga003.jf.intel.com with ESMTP; 12 Feb 2019 03:22:09 -0800
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 12 Feb 2019 03:22:10 -0800
Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 12 Feb 2019 03:22:08 -0800
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.102]) by
 SHSMSX108.ccr.corp.intel.com ([169.254.8.36]) with mapi id 14.03.0415.000;
 Tue, 12 Feb 2019 19:22:06 +0800
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Zhang, Chao B"
 <chao.b.zhang@intel.com>, "Gao, Liming" <liming.gao@intel.com>
Thread-Topic: [PATCH v2] MdeModulePkg/CapsuleApp: Fix memory leak issue.
Thread-Index: AQHUwqhyFxChNrdURk+fzf/ZDVRqhaXcAeZg
Date: Tue, 12 Feb 2019 11:22:06 +0000
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C8961C8@SHSMSX104.ccr.corp.intel.com>
References: <20190212075610.176300-1-chen.a.chen@intel.com>
In-Reply-To: <20190212075610.176300-1-chen.a.chen@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2] MdeModulePkg/CapsuleApp: Fix memory leak issue.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 11:22:11 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: Chen, Chen A
> Sent: Tuesday, February 12, 2019 3:56 PM
> To: edk2-devel@lists.01.org
> Cc: Chen, Chen A; Wang, Jian J; Wu, Hao A; Zhang, Chao B; Gao, Liming
> Subject: [PATCH v2] MdeModulePkg/CapsuleApp: Fix memory leak issue.
>=20
> This issue is caused by FileInfoBuffer variable. This is a pointer array
> and each elements also pointer to a memory buffer that is allocated and
> returned by AllocateCopyPool function.
>=20
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Cc: Zhang Chao B <chao.b.zhang@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 83
> ++++++++++++++++-------
>  1 file changed, 58 insertions(+), 25 deletions(-)
>=20
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index ba2583accb..732472bb9c 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -806,48 +806,69 @@ DumpCapsuleFromDisk (
>    Status =3D Fs->OpenVolume (Fs, &Root);
>    if (EFI_ERROR (Status)) {
>      Print (L"Cannot open volume. Status =3D %r\n", Status);
> -    return EFI_NOT_FOUND;
> +    goto Done;
>    }
>=20
>    Status =3D Root->Open (Root, &DirHandle, EFI_CAPSULE_FILE_DIRECTORY,
> EFI_FILE_MODE_READ | EFI_FILE_MODE_WRITE , 0);
>    if (EFI_ERROR (Status)) {
>      Print (L"Cannot open %s. Status =3D %r\n", EFI_CAPSULE_FILE_DIRECTOR=
Y,
> Status);
> -    return EFI_NOT_FOUND;
> +    goto Done;
>    }
>=20
>    //
>    // Get file count first
>    //
> -  for ( Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo)
> -      ; !EFI_ERROR(Status) && !NoFile
> -      ; Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile)
> -     ){
> -    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) =3D=
=3D 0) {
> -      continue;
> +  do {
> +    Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo);
> +    if (EFI_ERROR (Status) || FileInfo =3D=3D NULL) {
> +      Print (L"Get File Info Fail. Status =3D %r\n", Status);
> +      goto Done;
>      }
> -    FileCount++;
> -  }
> +
> +    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) !=
=3D 0) {
> +      FileCount++;
> +    }
> +
> +    Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile);
> +    if (EFI_ERROR (Status)) {
> +      Print (L"Get Next File Fail. Status =3D %r\n", Status);
> +      goto Done;
> +    }
> +  } while (!NoFile);
>=20
>    if (FileCount =3D=3D 0) {
>      Print (L"Error: No capsule file found!\n");
> -    return EFI_NOT_FOUND;
> +    Status =3D EFI_NOT_FOUND;
> +    goto Done;
>    }
>=20
>    FileInfoBuffer =3D AllocatePool (sizeof(FileInfo) * FileCount);

For me, AllocateZeroPool() should be used here.

Please refer to the reason below.

> +  if (FileInfoBuffer =3D=3D NULL) {
> +    Status =3D EFI_OUT_OF_RESOURCES;
> +    goto Done;
> +  }
>    NoFile =3D FALSE;
>=20
>    //
>    // Get all file info
>    //
> -  for ( Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo)
> -      ; !EFI_ERROR (Status) && !NoFile
> -      ; Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile)
> -     ){
> -    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) =3D=
=3D 0) {
> -      continue;
> +  do {
> +    Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo);
> +    if (EFI_ERROR (Status) || FileInfo =3D=3D NULL) {
> +      Print (L"Get File Info Fail. Status =3D %r\n", Status);
> +      goto Done;
> +    }
> +
> +    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) !=
=3D 0) {
> +      FileInfoBuffer[Index++] =3D AllocateCopyPool ((UINTN)FileInfo->Siz=
e,
> FileInfo);

If the memory allocation somehow fails during the 'do-while' loop, the
elements within array 'FileInfoBuffer' will not all have valid pointer
values.

So I believe, an 'AllocateZeroPool' should be used above.

With this addressed,
Reviewed-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu

>      }
> -    FileInfoBuffer[Index++] =3D AllocateCopyPool ((UINTN)FileInfo->Size,
> FileInfo);
> -  }
> +
> +    Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile);
> +    if (EFI_ERROR (Status)) {
> +      Print (L"Get Next File Fail. Status =3D %r\n", Status);
> +      goto Done;
> +    }
> +  } while (!NoFile);
>=20
>    //
>    // Sort FileInfoBuffer by alphabet order
> @@ -866,7 +887,8 @@ DumpCapsuleFromDisk (
>    }
>=20
>    if (!DumpCapsuleInfo) {
> -    return EFI_SUCCESS;
> +    Status =3D EFI_SUCCESS;
> +    goto Done;
>    }
>=20
>    Print(L"The infomation of the capsules:\n");
> @@ -875,19 +897,20 @@ DumpCapsuleFromDisk (
>      FileHandle =3D NULL;
>      Status =3D DirHandle->Open (DirHandle, &FileHandle,
> FileInfoBuffer[Index]->FileName, EFI_FILE_MODE_READ, 0);
>      if (EFI_ERROR (Status)) {
> -      break;
> +      goto Done;
>      }
>=20
>      Status =3D FileHandleGetSize (FileHandle, (UINT64 *) &FileSize);
>      if (EFI_ERROR (Status)) {
>        Print (L"Cannot read file %s. Status =3D %r\n", FileInfoBuffer[Ind=
ex]-
> >FileName, Status);
>        FileHandleClose (FileHandle);
> -      return Status;
> +      goto Done;
>      }
>=20
>      FileBuffer =3D AllocatePool (FileSize);
>      if (FileBuffer =3D=3D NULL) {
> -      return RETURN_OUT_OF_RESOURCES;
> +      Status =3D EFI_OUT_OF_RESOURCES;
> +      goto Done;
>      }
>=20
>      Status =3D FileHandleRead (FileHandle, &FileSize, FileBuffer);
> @@ -895,7 +918,7 @@ DumpCapsuleFromDisk (
>        Print (L"Cannot read file %s. Status =3D %r\n", FileInfoBuffer[Ind=
ex]-
> >FileName, Status);
>        FreePool (FileBuffer);
>        FileHandleClose (FileHandle);
> -      return Status;
> +      goto Done;
>      }
>=20
>      Print (L"**************************\n");
> @@ -906,7 +929,17 @@ DumpCapsuleFromDisk (
>      FreePool (FileBuffer);
>    }
>=20
> -  return EFI_SUCCESS;
> +Done:
> +  if (FileInfoBuffer !=3D NULL) {
> +    for (Index =3D 0; Index < FileCount; Index++) {
> +      if (FileInfoBuffer[Index] !=3D NULL) {
> +        FreePool (FileInfoBuffer[Index]);
> +      }
> +    }
> +    FreePool (FileInfoBuffer);
> +  }
> +
> +  return Status;
>  }
>=20
>  /**
> --
> 2.16.2.windows.1