From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: hao.a.wu@intel.com) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by groups.io with SMTP; Mon, 22 Apr 2019 00:31:35 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Apr 2019 00:31:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,381,1549958400"; d="scan'208";a="163672477" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga002.fm.intel.com with ESMTP; 22 Apr 2019 00:31:34 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 22 Apr 2019 00:31:34 -0700 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 22 Apr 2019 00:30:30 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.92]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.153]) with mapi id 14.03.0415.000; Mon, 22 Apr 2019 15:30:29 +0800 From: "Wu, Hao A" To: "Bi, Dandan" , "devel@edk2.groups.io" CC: "Ni, Ray" , "Gao, Liming" Subject: Re: [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path Thread-Topic: [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return path Thread-Index: AQHU+K6ZQBLUDo3uUE+YO1PeQZkkJqZHyOww Date: Mon, 22 Apr 2019 07:30:29 +0000 Message-ID: References: <20190422015607.14620-1-dandan.bi@intel.com> In-Reply-To: <20190422015607.14620-1-dandan.bi@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Bi, Dandan > Sent: Monday, April 22, 2019 9:56 AM > To: devel@edk2.groups.io > Cc: Wu, Hao A; Ni, Ray; Gao, Liming > Subject: [patch] MdeModulePkg/HiiDatabaseDxe: Release lock on all error > return path >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1652 >=20 > Commit ffe5f7a6b4e9 > "MdeModulePkg/HiiDatabase: Fix potential integer overflow " > added some new error paths, but it missed releasing the > mHiiDatabaseLock lock on those paths. > This patch releases mHiiDatabaseLock on those paths. Reviewed-by: Hao Wu Best Regards, Hao Wu >=20 > Cc: Hao Wu > Cc: Ray Ni > Cc: Liming Gao > Signed-off-by: Dandan Bi > --- > MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c > b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c > index bd623cae15..a108fc6157 100644 > --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c > +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c > @@ -1,10 +1,10 @@ > /** @file > Implementation for EFI_HII_IMAGE_PROTOCOL. >=20 >=20 > -Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 >=20 > @@ -651,10 +651,11 @@ HiiNewImage ( > // Make sure the size doesn't overflow UINT32. > // Note: 24Bit BMP occpuies 3 bytes per pixel. > // > NewBlockSize =3D (UINT32)Image->Width * Image->Height; > if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLO= CK) > - sizeof (EFI_HII_RGB_PIXEL))) / 3) { > + EfiReleaseLock (&mHiiDatabaseLock); > return EFI_OUT_OF_RESOURCES; > } > NewBlockSize =3D NewBlockSize * 3 + (sizeof > (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL)); >=20 > // > @@ -678,10 +679,11 @@ HiiNewImage ( > // > // Make sure the final package length doesn't overflow. > // Length of the package header is represented using 24 bits. So MAX= length > is MAX_UINT24. > // > if (NewBlockSize > MAX_UINT24 - ImagePackage- > >ImagePkgHdr.Header.Length) { > + EfiReleaseLock (&mHiiDatabaseLock); > return EFI_OUT_OF_RESOURCES; > } > // > // Because ImagePackage->ImageBlockSize < ImagePackage- > >ImagePkgHdr.Header.Length, > // So (ImagePackage->ImageBlockSize + NewBlockSize) <=3D MAX_UINT24 > @@ -719,10 +721,11 @@ HiiNewImage ( > // > // Make sure the final package length doesn't overflow. > // Length of the package header is represented using 24 bits. So MAX= length > is MAX_UINT24. > // > if (NewBlockSize > MAX_UINT24 - (sizeof (EFI_HII_IMAGE_PACKAGE_HDR) = + > sizeof (EFI_HII_IIBT_END_BLOCK))) { > + EfiReleaseLock (&mHiiDatabaseLock); > return EFI_OUT_OF_RESOURCES; > } > // > // The specified package list does not contain image package. > // Create one to add this image block. > @@ -1159,16 +1162,18 @@ HiiSetImage ( > // Length of the package header is represented using 24 bits. So MAX l= ength > is MAX_UINT24. > // 24Bit BMP occpuies 3 bytes per pixel. > // > NewBlockSize =3D (UINT32)Image->Width * Image->Height; > if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLO= CK) > - sizeof (EFI_HII_RGB_PIXEL))) / 3) { > + EfiReleaseLock (&mHiiDatabaseLock); > return EFI_OUT_OF_RESOURCES; > } > NewBlockSize =3D NewBlockSize * 3 + (sizeof > (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL)); > if ((NewBlockSize > OldBlockSize) && > (NewBlockSize - OldBlockSize > MAX_UINT24 - ImagePackage- > >ImagePkgHdr.Header.Length) > ) { > + EfiReleaseLock (&mHiiDatabaseLock); > return EFI_OUT_OF_RESOURCES; > } >=20 > // > // Adjust the image package to remove the original block firstly then = add the > new block. > -- > 2.18.0.windows.1