From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B0A60740032 for ; Thu, 25 Jan 2024 08:08:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=8nWMM4EriJjcZPDezMgzWTXJ63hRET8sgj01cH7E8iQ=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706170120; v=1; b=wCK9yZ2GYl72n86qS80Uty7I5kKR5LSEvNlrsn5QVW3VN77jKc0iuispQ0bHC5CFp3YYXY4z aa1fu4TdGzsSWIhPUL6uSCnqJ22gYkTdfusIWpGe2TGVhVnj8D8Xx5e3RLNEhrKx4xK4nNjdATO 7ev0U2lQG49vq71oyc2Rs0g4= X-Received: by 127.0.0.2 with SMTP id a900YY7687511xQtUrWuEQI3; Thu, 25 Jan 2024 00:08:40 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) by mx.groups.io with SMTP id smtpd.web10.12266.1706170119632295211 for ; Thu, 25 Jan 2024 00:08:39 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="9474795" X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="9474795" X-Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 00:08:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="28680529" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 25 Jan 2024 00:08:40 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 25 Jan 2024 00:08:38 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 25 Jan 2024 00:08:37 -0800 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 25 Jan 2024 00:08:37 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.100) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 25 Jan 2024 00:08:37 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=df1AgzZyxZ81+7nsUxasoHrVlYmh99vQ8qHopnC2W7B3jWHX8aBqgjbyVr01ZTU7rvonrJDwN7sKqgDtSo0RSYRnvjRro1LhA77OK4sAlshthrpfI2kDAL8LPblVWj5jh0dOGh6xonmbAsoJG7n5N3AsTOltT48tx8HyG5t8dBtTmrvLR/LI0QIVp0t/m77eEcP+42Bfb28envPeQncR8FqBQhYohPuGBZqY/EYQtt+Bb9/4jQishZR9yMpHUCwFBO/n5uWVb5yiT+FX8rX16qx4iYWKaEEnuHuwEfvolpj1TcuiRmS8Yiqg+Vk5LQUPZosorrZytlPaTW529yaicA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qa5rfTLTWrSD91k51MyiYTMD16xJcuxXfjOJ2s5hw8w=; b=dy3oE234fmkMvaTqp2BSDWhoLJ7ga6aS0CLCaMYjuBL+VMtfpe3wzFG1CvPeBvdNP3fsVCbK8tlbN4akval+UqSFqBkUdPuLe25D36dKnvWVZWpRxM73QCI02x5X3Du2hN/G0HDOYyAxZ/wfMSTV2n3ALn0SxL4ligfYjbTkodJgbwoUmsw6N8gTPtLE0JwF6TR2uox9L0DSx0T09svsPwGHvbW/0Xd82IKnoqgfyibNTDk31IVXmrABSuZ1Jl2gwRIkNfaBBTwV3PxNIfSBy11M8NctywXUw15DEHBRcQzQAlR/J3iyM9LSHbsIPf4oet3r0AfKYGViAcB+ujop8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from BL1PR11MB5478.namprd11.prod.outlook.com (2603:10b6:208:31d::12) by CY8PR11MB7244.namprd11.prod.outlook.com (2603:10b6:930:97::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Thu, 25 Jan 2024 08:08:36 +0000 X-Received: from BL1PR11MB5478.namprd11.prod.outlook.com ([fe80::1732:8b4d:9f8b:3e2f]) by BL1PR11MB5478.namprd11.prod.outlook.com ([fe80::1732:8b4d:9f8b:3e2f%7]) with mapi id 15.20.7228.023; Thu, 25 Jan 2024 08:08:36 +0000 From: "Guo, Gua" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Mathews, John" , "Zimmer, Vincent" , Sami Mujawar , "jmaloy@redhat.com" Subject: Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() Thread-Topic: RE: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() Thread-Index: AQHaRP6fHYo1EBEpBUarJj0my/OML7DnjM2AgAAGHwCAAWpKgIABQ+jQ Date: Thu, 25 Jan 2024 08:08:36 +0000 Message-ID: References: <20240112022521.710-1-gua.guo@intel.com> <7nmqqmemymehgdglvwh52kotfbo2b5hoktqo3enus63aqs4wc5@2jhpeq4q2bfa> In-Reply-To: Accept-Language: en-US X-Mentions: kraxel@redhat.com X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BL1PR11MB5478:EE_|CY8PR11MB7244:EE_ x-ms-office365-filtering-correlation-id: b7598f69-43e1-48c3-49de-08dc1d7cd4b4 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: +1eupxRuhmULudvj/fE8qETbZAp0C0VObXCe3akyD05/ICjxRtdcYVW7EdUZuLQqqTG0H3Og4wfMC+3Zv9OhYY8cVzL8eVhvTOqdHaA8lHPGCNb8PtfiJMasusSgZRimI4VG5V1tYCm4smvgpYH6M0Ayk0ZeJQyasZeG10Y58kpF0zGLdWd9VcOLbOqZBI1yQnDkgZu24naiFwi1QPJnhSpKvhqix+mk079yLzEnmoo04HnlQLdW+pVIMSqxD9WHeg7fjMeVxgxuwYIGgwXzjs7BFdCm4LQ8OXN1aJqKxBLgtifYyCtG9DEYWluwQJgFAYIoCt3U//dBhtb33dggiCd6xHgYQXwcrC8WmnkdxXfvcgTkkPM0VZS410pP810IQ/mYukd/bxVbnk2qKiZiLaDnl7Y4w2ptdEU0PG8nyJxriparvGBi8jw9uU+41jOacSYXHmLJUsqG1Py8iyFmycGz21RpZdN5c2RSzefyNz/y98bMjdJtHjEmzQP/GKse+m8xHyAOqbWN3vJZveWDRBz0Il3/gU1yKFoS15Gvpt8PTFAFgMDS/VdP905lmynT8kkeha6Z4/DDs6fGGQWWxu4fD58PyYUzGjlvp2Oq2zU= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?dGqKWrl7l6SilvDifXuuURH3X0wRtAs7sOogxd5ZwpQ7y8nHC0D6m7YWcCr0?= =?us-ascii?Q?LvFdu3sqM/FRJRS+CzPQee+J4Kq8bjFltlAim/aN0sEANSUoW44dzbrGdRl5?= =?us-ascii?Q?CeswKitttUv7sH98T5P85lLgHfPrC8QtHePmslCkYzyljXuWAp3fQaOtHc3v?= =?us-ascii?Q?B0YFRueQ/2PMxOKbNR4CsqO3gSGLctVanjYfl+UvUVaTUdYY3+Tk+VilNv6R?= =?us-ascii?Q?JNmnXwc/UZ0si+WntOuK1OMv/SOhvdXYHRNJPk2+w25ErCnYmWqCadNBmKN8?= =?us-ascii?Q?QYKjoRa4txwzexpRKjk6wStOw4KYl748+deSyyWuBcgU9oAOTdWhGZiCV/Tl?= =?us-ascii?Q?tPba3t9/L2CQlWdVvuUgWAMeemCEkctVr9qvqCS3K0DJPrg+bsvjJjDMAq+e?= =?us-ascii?Q?7ypNK8sT9cT3881GHlVOSBOZ1sghhY7SxO41N0C8Wiz3BpB8SdJUkC/BxvE1?= =?us-ascii?Q?Z2qkN23Ndxan7P+H8QLB/nBStHwu4fHhvDxMa+x3z+fbLtSRz8CINQmWmSy3?= =?us-ascii?Q?eNAidg7Z/pYq+UcYHUpd2XfyFiQAwuwiwKh7H9f0fWFxUpqV5rfaiEExXmbN?= =?us-ascii?Q?xiozV4q7028RhpGQTTFs9e1v0NQBla/Fv9kjcjSXUxsmunG+kke4FyIwQ79s?= =?us-ascii?Q?pIY6Wcv7J+UPPhfk4LpgFTnnXB1FF1DPoxf4hKHqf93yemLRg5Z+0vFVzFm6?= =?us-ascii?Q?097yJ/KiKMwFkGYajQUIXw9sQWgD/bR5Edlk7EAg4bnWAwRn8j5YlMbO+ZYm?= =?us-ascii?Q?AY56FRPQqKpVodYTxizPo7x3fZrRTdnekgFBR3/D3oRb+PS+HXhtfIVNvNrY?= =?us-ascii?Q?gEGIndmFoKmCbsDGInmC3H19B1Sr/0RfrDEwXwhRhzxrDgs0KMlaedbCFtoh?= =?us-ascii?Q?9mfX0sAx2Aj9/p4EhRoAAJdYmFD/8M8gjd8hz/ww4pKty02dpaWvFvfREDEp?= =?us-ascii?Q?nFlK1gxtmmwpILQD9xtw+Q4IFvFQUiCiHMUh7yJkioluS+iVqQWxzM5Vh6GQ?= =?us-ascii?Q?LOGK1sXM7b5W4GoXYwrFFIc0YCjNJm8fibirapx06M6Bll3ZXE41GOHEKL2b?= =?us-ascii?Q?sWAmsGp6B/JeiaMjPLW8/xsecK/xFC+DJ76sRXPJq6Rc37KhRtM7Hs0zKgL/?= =?us-ascii?Q?ZHC1XxJ+69xO4a3JpvU3zkwQ6sTN18vaHEfv6GVTABt57e5P/WpgT21mhOK0?= =?us-ascii?Q?eDTXw+USF//54+U4OTDTpSAfVmO9pfnvS4m0nyM7ry/csuNVEUryX6qHABgZ?= =?us-ascii?Q?EAKsqyc7f1OINcyUdTdGRmuwFuHF5Lld83zgRFuLArCZHiIIvmskrvrykyIh?= =?us-ascii?Q?KsWp4Ip+6Q4WlTQpwkJv6jSy0GceUgz3z3zzrqufmVQyTlIY8r1xiOuGFrz3?= =?us-ascii?Q?zbln3OlvF+lpO8REJXojgK3dZlnhsorMsDCbinTfqTANUjY8ug6E3AzvFbef?= =?us-ascii?Q?riMQS+5QRI3n8wfJSovASyBPTghVDUCL8mpbIo7BG2udkT9Vs5T2oNxSTHCH?= =?us-ascii?Q?R6Hgnxx5R1xhtmih3GXs6v2iuB4zjeAa8fF5iMuNRjT0LWqlm9QCbByfGiTG?= =?us-ascii?Q?zk4bpHfc6JZ/Fct3mZAUUWlB6r1/E8BG9dkOE4B2?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL1PR11MB5478.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b7598f69-43e1-48c3-49de-08dc1d7cd4b4 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2024 08:08:36.1025 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ye7U/TKa0J/MHzisdeOLSjNUcErrWn1fuWt4jmS5KTA1LJeQDPqLnoYJ6lNcBHE1Fe3BU3dngUPSFBPkdN12yw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7244 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gua.guo@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: pp1prCmXElHbjx5zZF9U4RzIx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=wCK9yZ2G; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Hi @Gerd Hoffmann It's PR https://github.com/tianocore/edk2/pull/5298 if no more concern rece= ived, will merge it tomorrow morning. Thanks, Gua -----Original Message----- From: Gerd Hoffmann =20 Sent: Wednesday, January 24, 2024 8:48 PM To: Guo, Gua Cc: devel@edk2.groups.io; Ard Biesheuvel ; Mathe= ws, John ; Zimmer, Vincent ; Sami Mujawar ; jmaloy@redhat.com Subject: Re: RE: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() On Tue, Jan 23, 2024 at 03:16:32PM +0000, Guo, Gua wrote: > For MdeModulePkg, I think no need to change because no any logic change. >=20 > For StandaloneMmPkg and EmbeddedPkg > - Don't have enough abilities to close Sami Mujawar and Ni Ray open curre= ntly, so hold on the change until I find how to introduce Panic. So give up= these two packages patch currently. On StandaloneMmPkg: I think the patch is fine, I've replied in that subthre= ad. On EmbeddedPkg: I think the BuildGuidDataHob() callsites need review whene= ver they do: (a) check the return value properly, or (b) allocate a fixed size HOB so the new check in CreateHob() can't fail. take care, Gerd -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114370): https://edk2.groups.io/g/devel/message/114370 Mute This Topic: https://groups.io/mt/103675959/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-