From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 386B4AC146E for ; Tue, 23 Jan 2024 15:16:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=zCsonelFdXHr1x7H25a/vGTpl8tr8UQY7FPBHd4BaP8=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706022999; v=1; b=FfrVb+XscSz2ML7bF9v9sGLn7hq0459aGmBANyfJu5PH2hnc14Gim8Gliq5Jxb8seE82Otn2 BpkBXwaa8asuSbMEykX4j2KNe0UZ8l9Vfey4H9kM2+t2dzMjqMHWfVmf2dxcoTDaVfjJoAmetbL Nq71h6ni8/Jg7DkUWHP45bQ0= X-Received: by 127.0.0.2 with SMTP id gPhiYY7687511xcVsUGCY7VB; Tue, 23 Jan 2024 07:16:39 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by mx.groups.io with SMTP id smtpd.web11.15256.1706022998881715296 for ; Tue, 23 Jan 2024 07:16:39 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="8918082" X-IronPort-AV: E=Sophos;i="6.05,214,1701158400"; d="scan'208";a="8918082" X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 07:16:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="786089736" X-IronPort-AV: E=Sophos;i="6.05,214,1701158400"; d="scan'208";a="786089736" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 23 Jan 2024 07:16:37 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 23 Jan 2024 07:16:37 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 23 Jan 2024 07:16:37 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 23 Jan 2024 07:16:37 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 23 Jan 2024 07:16:36 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hVJwSUYbmQtA7/o5lCyr8fKaF8AjTZ6dUtNkNlOhPOW4kYz55TsK8BfHkTFlW0/8bjdDHNHQxgZecf+oFy9IFcf0ViGGYAmzpN76nJjiolGKSCbY/sb7BRddi9pol5itZRB8zBpPE1DaZoXEN9lsB3F9dBCGV5/zujaB8LZi00IjH6ZlgPegHZerkxd/fmtocAvvl9wkU/e2mXmtKCJpa+Z250LshApX/RZbpu2kyFp3rH9w4qPMNF/DMNw3Klf1sPTPAsvmHVsvLVx2Clk6qlYSRt12HmtRdEDwOokhtgRA7uNDYdtRIH8aJnYmO0oKPW2G94mnjQWOTbDgcrSSgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S43IWvQSq+dJTtIDWH6kgPgrp/EHHsnOxlE4mRGLUpw=; b=a1qKXrdfbz1yVRLoxJnp7pkQmGl2/Zf3hFvrUBRjsYi76ir+vJY2WEFoCoARqlqnqr/frJHt8pFXvgFTiJdhBAxOXn9p9hQht0LKZn1sRW3lXreZHqkkEbrGX0B59DjlDI8jPA8PkrG71zddlLI+/4skXzK7AIYvwv8z2qRE1ghIfC++HQNJpptHy3O8PbMS8YIWbVCXSTyWxWYN1Vwn5zH+z3EozZ9vXx7Ml2XlecMe05Xcp0SghzYIpvI0rlxkDEC3hD+1EGXsJOfP5BiVIq7cVjaZa3r9SpBfRkQrMjj6d12tzBngp8hzXpWWCJM/I5NH98EN1T+pxzOmn6BtSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from BL1PR11MB5478.namprd11.prod.outlook.com (2603:10b6:208:31d::12) by MW4PR11MB5892.namprd11.prod.outlook.com (2603:10b6:303:16a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37; Tue, 23 Jan 2024 15:16:33 +0000 X-Received: from BL1PR11MB5478.namprd11.prod.outlook.com ([fe80::1732:8b4d:9f8b:3e2f]) by BL1PR11MB5478.namprd11.prod.outlook.com ([fe80::1732:8b4d:9f8b:3e2f%7]) with mapi id 15.20.7228.022; Tue, 23 Jan 2024 15:16:32 +0000 From: "Guo, Gua" To: Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Mathews, John" , "Zimmer, Vincent" , Sami Mujawar , "jmaloy@redhat.com" Subject: Re: [edk2-devel] [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() Thread-Topic: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() Thread-Index: AQHaRP6fHYo1EBEpBUarJj0my/OML7DnjM2AgAAGHwA= Date: Tue, 23 Jan 2024 15:16:32 +0000 Message-ID: References: <20240112022521.710-1-gua.guo@intel.com> <7nmqqmemymehgdglvwh52kotfbo2b5hoktqo3enus63aqs4wc5@2jhpeq4q2bfa> In-Reply-To: <7nmqqmemymehgdglvwh52kotfbo2b5hoktqo3enus63aqs4wc5@2jhpeq4q2bfa> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BL1PR11MB5478:EE_|MW4PR11MB5892:EE_ x-ms-office365-filtering-correlation-id: 2040bd65-0ac3-46d6-fe0f-08dc1c264851 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: yvU1ypUaeK3f+u2MU6S0wL+0R7R0VpEZgHBPbvJI+Vg7Cr0huefarGU3qEeo45mYYGikNpB08KCAZaU599XQD3/PDJSwyySvK1XbhBwedYcxnsocOh5kmwEtOHBm6ko0bWNaWoY+5PkaOMDgASSe9jYoO8+WzkZR3Frp7kxS3ywHk54cmBsTb/CpWOuzTCHbEM75RBz+NAF5SkhhG4vSPk3bmxQFvH5v/gryNnDitWOBzlZt3o3tTBjR0NRvEiy9XhZkVaPWuA/FjlEmDSlE95jGQGyAf/+sd5UPoki+fCO+N+c/XRH8r1Lh0G5yCruBVyV3TSCPTQIhnZSVLoktV1vVfyFnphxbUCkllRCFgs9bXEVZ3pKzbIFOCCK12SlBZW3AJtRA9151Kw2IWhEf1dqVj+cAjH6xZJ4Cn5dOWvpqbBYj4VPPi2UtIaUCZ3VtjxAFWt+WZ6VHGs8AnOsm76Hn/ePV7YYyCZQ3+UYFckv5mFw2BtQ0IY8wr6gYSMN5U/sxW5GMyA3sx70CM0GqlPaZIwwXg4+pLwrIV18fVtInwJiw3A3/GzukEW9acikUifejsQ5GLMarcnW+5nd+g8M3uy++pixjorbGjj3rq9E= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EF6PZ8OV3Xw0/HNgJYv0z9/3iQobKvkWbWeXffeEP6uj6HbB9O/A2s9XOaPC?= =?us-ascii?Q?latVLKfD8Cv1YuUduKm0zW6hExgbyseXAnXdxHuctkF+DO9Hv0+Mv/35p67q?= =?us-ascii?Q?DQUfNlMS0fU8/2pW/7TvfKigvYUt5urWFrmGFVmURqZXfk6H1xryRAb78/tb?= =?us-ascii?Q?4nqoSF6Wh0WFDi/GiUPeojObfYfmRY48vfO3RKE1ZN39m+WaSbIBVbn7CfnM?= =?us-ascii?Q?AS9er2nPVVkyZK5IJSeSyK1HdzUHlNA7uVNgvz5R+bMLhhq+RAUa1Ha3742q?= =?us-ascii?Q?2Hhy5Rbicb9ihj4LM2NDNPMEl3oa4fY7rHlZgTea2MmWW+ld0b+0f5FFTy40?= =?us-ascii?Q?k3Lp34e9DXKoQpXxeDv3PnM8mi+vHlCmFjqzVY5B4B6ncdBhNgcqUGg2ErTU?= =?us-ascii?Q?kum+9RZ3ypsTczqkwEsT/J8qMOTG4V+tu+p/cL1kiVSfQwqz4EtSK4EtYoaD?= =?us-ascii?Q?Wg5/aBUomOv/LdesddM59GW/h6KxinV7f9HK4wVktV7F0ssAWfZYTFksXL7I?= =?us-ascii?Q?nKs2emzYylT5ms7vYaUUvIy9TQJ/prblvOXdqKIqr6BL9jY4jkcWBlM3nUTL?= =?us-ascii?Q?9N2zV2bUZ8ID8/ps8DhlzglSj5wTehedepymYzmJtRkQyGG13au+f9n/SWAM?= =?us-ascii?Q?kyTDdRu+NRbJCzrxGkQXihUvuqyeSopyKry86EmW+/o/0uQulD8fZZFAVam6?= =?us-ascii?Q?ke6VuwstHSRvYkoZiRyqZPCqZ0jN2gz+Wpu/mbj0dvgXn21X50vpneDe4P4V?= =?us-ascii?Q?Lq0n3SrwNL7lMOmoamJ+rKbJzutJM0j6835MJ5uaED92qzScosIZouJvordQ?= =?us-ascii?Q?AOFie9BboMaT8Xww8EWBjeOGR8RI4Z5IIXf0oHVEDenwj87Aiq9VpWvf2teW?= =?us-ascii?Q?9SMNaQOTLnqjtiBgeTX1eVhv6HOlj9s6A7r2UfSRR+rZqw+H+GYUD7FrP0VW?= =?us-ascii?Q?cYQXMlAs2YNB8hSFNP4ASDuNLnrPZsQUc6Ki4Xo/gGqNIMKLzUEzxnR0ybIC?= =?us-ascii?Q?jLLzia4IRJzxWntioAXC2CiD7lBSWv/E59OBiEFvXYm8zVw6Ajv7t0QTtytQ?= =?us-ascii?Q?JE9tRPj+Acgx9PtHew8ob3L049RBIw/l5WnOABTeZn41f1zy/XMb4awhgALi?= =?us-ascii?Q?7peQmlKmlY3rHeVqc8oTBCl9Aa8T2yJAP70YAQ/YePoSjZYsDoLa0hQFF4BK?= =?us-ascii?Q?KXVw3YjLzrkaFBXmT9ASF1/yZy0QJdFhmtI9QLwQCeWkjZDOeMWuP9uaCRdq?= =?us-ascii?Q?L0cM96jbuuBMlkwD72Fz0VBBuBDVL3TanJDavg2IzSIwKSPbY34R+t6BUiRV?= =?us-ascii?Q?Qwcc8u+CcU38oAWVXTaa8tMvmaaWerrzk5PiVgZi6Uycse/fE0HZdPfzE/3l?= =?us-ascii?Q?I2VJXVncc62m/a4oDsiN5PoXMA/XBZDgY5EFJhZCfetN3PXtdr9zKbKtpR2c?= =?us-ascii?Q?Kic2+zNbqrW96+HMRr7PxZzSKehlc5u35cJKUu1u4fvpZkTgjN1e8zPRxyhe?= =?us-ascii?Q?LKjRQ1GcG5jXhZjbMcAjJtjgcHKsmkD9NXPV4nsvGcL6UmqKylXEBtEfhpPd?= =?us-ascii?Q?MD85itRySDsaKnPavf8=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL1PR11MB5478.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2040bd65-0ac3-46d6-fe0f-08dc1c264851 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2024 15:16:32.7098 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2TB482QmMxwqp7DpuovxFaipjxNjkBfwvNAFmfdb+O/q52K3XHLu1i6nx4/M7ZKDJVFvoLtYJc8n4J20OFAtFA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5892 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gua.guo@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Nv6w6oWr31tojXiwSvVDK2kmx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=FfrVb+Xs; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io For MdeModulePkg, I think no need to change because no any logic change. For StandaloneMmPkg and EmbeddedPkg - Don't have enough abilities to close Sami Mujawar and Ni Ray open current= ly, so hold on the change until I find how to introduce Panic. So give up t= hese two packages patch currently. -----Original Message----- From: Gerd Hoffmann =20 Sent: Tuesday, January 23, 2024 10:50 PM To: Guo, Gua Cc: devel@edk2.groups.io; Ard Biesheuvel ; Mathe= ws, John ; Zimmer, Vincent ; Sami Mujawar ; jmaloy@redhat.com Subject: Re: [PATCH v3 0/4] Bz4166: Integer Overflow in CreateHob() On Fri, Jan 12, 2024 at 10:25:16AM +0800, gua.guo@intel.com wrote: > From: Gua Guo >=20 > PR: https://github.com/tianocore/edk2/pull/5252 > Gua Guo (4): > UefiPayloadPkg/Hob: Integer Overflow in CreateHob() > StandaloneMmPkg/Hob: Integer Overflow in CreateHob() > EmbeddedPkg/Hob: Integer Overflow in CreateHob() > MdeModulePkg/Hob: Integer Overflow in CreateHob() Ping. What is the status here? Patch 1/4 has been merged (commit 59f024c76ee5), the other tree patches are= missing still. take care, Gerd -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114205): https://edk2.groups.io/g/devel/message/114205 Mute This Topic: https://groups.io/mt/103675959/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-