From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: hao.a.wu@intel.com)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by groups.io with SMTP; Wed, 26 Jun 2019 01:10:40 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jun 2019 01:10:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,419,1557212400"; 
   d="scan'208";a="313352543"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by orsmga004.jf.intel.com with ESMTP; 26 Jun 2019 01:10:39 -0700
Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 26 Jun 2019 01:10:39 -0700
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 26 Jun 2019 01:10:39 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.173]) with mapi id 14.03.0439.000;
 Wed, 26 Jun 2019 16:10:37 +0800
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Wu, Hao A"
	<hao.a.wu@intel.com>, "Gao, Zhichao" <zhichao.gao@intel.com>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
	"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check
Thread-Topic: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add memory
 pointer check
Thread-Index: AQHVKwVNde9zkn+2/0e1I/MABUFDraar70lggAGn1gA=
Date: Wed, 26 Jun 2019 08:10:37 +0000
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C8F4691@SHSMSX104.ccr.corp.intel.com>
References: <20190625032249.28116-1-zhichao.gao@intel.com>
 <B80AF82E9BFB8E4FBD8C89DA810C6A093C8F3FDF@SHSMSX104.ccr.corp.intel.com>
In-Reply-To: <B80AF82E9BFB8E4FBD8C89DA810C6A093C8F3FDF@SHSMSX104.ccr.corp.intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: hao.a.wu@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Wu, Hao A
> Sent: Tuesday, June 25, 2019 2:54 PM
> To: Gao, Zhichao; devel@edk2.groups.io
> Cc: Wang, Jian J; Ni, Ray; Zeng, Star
> Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add
> memory pointer check
>=20
> > -----Original Message-----
> > From: Gao, Zhichao
> > Sent: Tuesday, June 25, 2019 11:23 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J; Wu, Hao A; Ni, Ray; Zeng, Star
> > Subject: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1935
> >
> > Before use the memory that is allocated through AllocateZeroPool,
> > we should check the memory pointer is valid to avoid using the
> > NULL pointer.
> > Add check for VariableArrayAddress that is returned from
> > GetScatterGatherHeadEntries. If it is NULL, directly return
> > the error status.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Hao A Wu <hao.a.wu@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > Cc: Star Zeng <star.zeng@intel.com>
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > ---
> >  MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
> > b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
> > index 8d4ae69bb2..51afab7b05 100644
> > --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
> > +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
> > @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries (
> >      //
> >      if ((ValidIndex + 1) >=3D TempListLength) {
> >        EnlargedTempList =3D AllocateZeroPool (TempListLength * 2);
> > +      if (EnlargedTempList =3D=3D NULL) {
> > +        DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n"));
> > +        return EFI_OUT_OF_RESOURCES;
> > +      }
> >        CopyMem (EnlargedTempList, TempList, TempListLength);
> >        FreePool (TempList);
> >        TempList =3D EnlargedTempList;
> > @@ -1056,7 +1060,7 @@ CapsuleCoalesce (
> >    // Get SG list entries
> >    //
> >    Status =3D GetScatterGatherHeadEntries (&ListLength,
> > &VariableArrayAddress);
> > -  if (EFI_ERROR (Status)) {
> > +  if (EFI_ERROR (Status) || VariableArrayAddress =3D=3D NULL) {
>=20
>=20
> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>


Pushed via commit 846b1652d9.

Best Regards,
Hao Wu


>=20
> Best Regards,
> Hao Wu
>=20
>=20
> >      DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head
> Entries.
> > Status =3D %r\n", __FUNCTION__, Status));
> >      goto Done;
> >    }
> > --
> > 2.21.0.windows.1
>=20
>=20
>=20