* [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check @ 2019-06-25 3:22 Gao, Zhichao 2019-06-25 6:53 ` Wu, Hao A 0 siblings, 1 reply; 3+ messages in thread From: Gao, Zhichao @ 2019-06-25 3:22 UTC (permalink / raw) To: devel; +Cc: Jian J Wang, Hao A Wu, Ray Ni, Star Zeng REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1935 Before use the memory that is allocated through AllocateZeroPool, we should check the memory pointer is valid to avoid using the NULL pointer. Add check for VariableArrayAddress that is returned from GetScatterGatherHeadEntries. If it is NULL, directly return the error status. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> --- MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c index 8d4ae69bb2..51afab7b05 100644 --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries ( // if ((ValidIndex + 1) >= TempListLength) { EnlargedTempList = AllocateZeroPool (TempListLength * 2); + if (EnlargedTempList == NULL) { + DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n")); + return EFI_OUT_OF_RESOURCES; + } CopyMem (EnlargedTempList, TempList, TempListLength); FreePool (TempList); TempList = EnlargedTempList; @@ -1056,7 +1060,7 @@ CapsuleCoalesce ( // Get SG list entries // Status = GetScatterGatherHeadEntries (&ListLength, &VariableArrayAddress); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || VariableArrayAddress == NULL) { DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entries. Status = %r\n", __FUNCTION__, Status)); goto Done; } -- 2.21.0.windows.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check 2019-06-25 3:22 [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check Gao, Zhichao @ 2019-06-25 6:53 ` Wu, Hao A 2019-06-26 8:10 ` [edk2-devel] " Wu, Hao A 0 siblings, 1 reply; 3+ messages in thread From: Wu, Hao A @ 2019-06-25 6:53 UTC (permalink / raw) To: Gao, Zhichao, devel@edk2.groups.io; +Cc: Wang, Jian J, Ni, Ray, Zeng, Star > -----Original Message----- > From: Gao, Zhichao > Sent: Tuesday, June 25, 2019 11:23 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J; Wu, Hao A; Ni, Ray; Zeng, Star > Subject: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1935 > > Before use the memory that is allocated through AllocateZeroPool, > we should check the memory pointer is valid to avoid using the > NULL pointer. > Add check for VariableArrayAddress that is returned from > GetScatterGatherHeadEntries. If it is NULL, directly return > the error status. > > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Cc: Star Zeng <star.zeng@intel.com> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > --- > MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > index 8d4ae69bb2..51afab7b05 100644 > --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries ( > // > if ((ValidIndex + 1) >= TempListLength) { > EnlargedTempList = AllocateZeroPool (TempListLength * 2); > + if (EnlargedTempList == NULL) { > + DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n")); > + return EFI_OUT_OF_RESOURCES; > + } > CopyMem (EnlargedTempList, TempList, TempListLength); > FreePool (TempList); > TempList = EnlargedTempList; > @@ -1056,7 +1060,7 @@ CapsuleCoalesce ( > // Get SG list entries > // > Status = GetScatterGatherHeadEntries (&ListLength, > &VariableArrayAddress); > - if (EFI_ERROR (Status)) { > + if (EFI_ERROR (Status) || VariableArrayAddress == NULL) { Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Best Regards, Hao Wu > DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entries. > Status = %r\n", __FUNCTION__, Status)); > goto Done; > } > -- > 2.21.0.windows.1 ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check 2019-06-25 6:53 ` Wu, Hao A @ 2019-06-26 8:10 ` Wu, Hao A 0 siblings, 0 replies; 3+ messages in thread From: Wu, Hao A @ 2019-06-26 8:10 UTC (permalink / raw) To: devel@edk2.groups.io, Wu, Hao A, Gao, Zhichao Cc: Wang, Jian J, Ni, Ray, Zeng, Star > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Wu, Hao A > Sent: Tuesday, June 25, 2019 2:54 PM > To: Gao, Zhichao; devel@edk2.groups.io > Cc: Wang, Jian J; Ni, Ray; Zeng, Star > Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/CapsulePei: Add > memory pointer check > > > -----Original Message----- > > From: Gao, Zhichao > > Sent: Tuesday, June 25, 2019 11:23 AM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J; Wu, Hao A; Ni, Ray; Zeng, Star > > Subject: [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1935 > > > > Before use the memory that is allocated through AllocateZeroPool, > > we should check the memory pointer is valid to avoid using the > > NULL pointer. > > Add check for VariableArrayAddress that is returned from > > GetScatterGatherHeadEntries. If it is NULL, directly return > > the error status. > > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Hao A Wu <hao.a.wu@intel.com> > > Cc: Ray Ni <ray.ni@intel.com> > > Cc: Star Zeng <star.zeng@intel.com> > > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> > > --- > > MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++- > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > > b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > > index 8d4ae69bb2..51afab7b05 100644 > > --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > > +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c > > @@ -965,6 +965,10 @@ GetScatterGatherHeadEntries ( > > // > > if ((ValidIndex + 1) >= TempListLength) { > > EnlargedTempList = AllocateZeroPool (TempListLength * 2); > > + if (EnlargedTempList == NULL) { > > + DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n")); > > + return EFI_OUT_OF_RESOURCES; > > + } > > CopyMem (EnlargedTempList, TempList, TempListLength); > > FreePool (TempList); > > TempList = EnlargedTempList; > > @@ -1056,7 +1060,7 @@ CapsuleCoalesce ( > > // Get SG list entries > > // > > Status = GetScatterGatherHeadEntries (&ListLength, > > &VariableArrayAddress); > > - if (EFI_ERROR (Status)) { > > + if (EFI_ERROR (Status) || VariableArrayAddress == NULL) { > > > Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Pushed via commit 846b1652d9. Best Regards, Hao Wu > > Best Regards, > Hao Wu > > > > DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head > Entries. > > Status = %r\n", __FUNCTION__, Status)); > > goto Done; > > } > > -- > > 2.21.0.windows.1 > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-06-26 8:10 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-25 3:22 [PATCH] MdeModulePkg/CapsulePei: Add memory pointer check Gao, Zhichao 2019-06-25 6:53 ` Wu, Hao A 2019-06-26 8:10 ` [edk2-devel] " Wu, Hao A
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox