From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: hao.a.wu@intel.com) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by groups.io with SMTP; Mon, 24 Jun 2019 23:53:47 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Jun 2019 23:53:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,415,1557212400"; d="scan'208";a="166585879" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga006.jf.intel.com with ESMTP; 24 Jun 2019 23:53:46 -0700 Received: from fmsmsx122.amr.corp.intel.com (10.18.125.37) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 24 Jun 2019 23:53:46 -0700 Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by fmsmsx122.amr.corp.intel.com (10.18.125.37) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 24 Jun 2019 23:53:45 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by SHSMSX108.ccr.corp.intel.com ([169.254.8.236]) with mapi id 14.03.0439.000; Tue, 25 Jun 2019 14:53:44 +0800 From: "Wu, Hao A" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Ni, Ray" , "Zeng, Star" Subject: Re: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check Thread-Topic: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check Thread-Index: AQHVKwVNde9zkn+2/0e1I/MABUFDraar70lg Date: Tue, 25 Jun 2019 06:53:43 +0000 Message-ID: References: <20190625032249.28116-1-zhichao.gao@intel.com> In-Reply-To: <20190625032249.28116-1-zhichao.gao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Gao, Zhichao > Sent: Tuesday, June 25, 2019 11:23 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J; Wu, Hao A; Ni, Ray; Zeng, Star > Subject: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1935 >=20 > Before use the memory that is allocated through AllocateZeroPool, > we should check the memory pointer is valid to avoid using the > NULL pointer. > Add check for VariableArrayAddress that is returned from > GetScatterGatherHeadEntries. If it is NULL, directly return > the error status. >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Ray Ni > Cc: Star Zeng > Signed-off-by: Zhichao Gao > --- > MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > index 8d4ae69bb2..51afab7b05 100644 > --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries ( > // > if ((ValidIndex + 1) >=3D TempListLength) { > EnlargedTempList =3D AllocateZeroPool (TempListLength * 2); > + if (EnlargedTempList =3D=3D NULL) { > + DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n")); > + return EFI_OUT_OF_RESOURCES; > + } > CopyMem (EnlargedTempList, TempList, TempListLength); > FreePool (TempList); > TempList =3D EnlargedTempList; > @@ -1056,7 +1060,7 @@ CapsuleCoalesce ( > // Get SG list entries > // > Status =3D GetScatterGatherHeadEntries (&ListLength, > &VariableArrayAddress); > - if (EFI_ERROR (Status)) { > + if (EFI_ERROR (Status) || VariableArrayAddress =3D=3D NULL) { Reviewed-by: Hao A Wu Best Regards, Hao Wu > DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entr= ies. > Status =3D %r\n", __FUNCTION__, Status)); > goto Done; > } > -- > 2.21.0.windows.1