From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jaben.carsey@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=jaben.carsey@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5DACF208EB401
 for <edk2-devel@lists.01.org>; Tue, 19 Feb 2019 07:27:19 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 19 Feb 2019 07:27:18 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,388,1544515200"; d="scan'208";a="117378647"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by orsmga006.jf.intel.com with ESMTP; 19 Feb 2019 07:27:18 -0800
Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 19 Feb 2019 07:27:18 -0800
Received: from fmsmsx103.amr.corp.intel.com ([169.254.2.115]) by
 FMSMSX110.amr.corp.intel.com ([169.254.14.202]) with mapi id 14.03.0415.000;
 Tue, 19 Feb 2019 07:27:17 -0800
From: "Carsey, Jaben" <jaben.carsey@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Gao, Liming" <liming.gao@intel.com>
Thread-Topic: [edk2] [PATCH] ShellPkg: add array index check for shell delay
 option
Thread-Index: AQHUx2P6rYQb0YKEYUq/az8p2HykCqXnQGVw
Date: Tue, 19 Feb 2019 15:27:17 +0000
Message-ID: <CB6E33457884FA40993F35157061515CBCB859BF@FMSMSX103.amr.corp.intel.com>
References: <20190218082809.6432-1-zhichao.gao@intel.com>
In-Reply-To: <20190218082809.6432-1-zhichao.gao@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2YwNDMzMzAtM2JkOS00ZmJiLTk4NTAtN2U3NWFlNGRlMmRmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiKzBtbWEzQzhzUXJJSDRKQ2hDbDdkSW9XQlV1SnFtTzJGa05UZXA1dTdlblcrVDBEd2ZKMGsxdGV1TXJBVURyZiJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.1.200.107]
MIME-Version: 1.0
Subject: Re: [PATCH] ShellPkg: add array index check for shell delay option
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2019 15:27:19 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Zhichao Gao
> Sent: Monday, February 18, 2019 12:28 AM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>
> Subject: [edk2] [PATCH] ShellPkg: add array index check for shell delay
> option
> Importance: High
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1528
>=20
> Shell delay option without parameters do not check the
> index of shell parameter argv. Add index check to avoid
> invalid pointer references.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>=20
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>  ShellPkg/Application/Shell/Shell.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>=20
> diff --git a/ShellPkg/Application/Shell/Shell.c
> b/ShellPkg/Application/Shell/Shell.c
> index 104f4c8961..ec344137d3 100644
> --- a/ShellPkg/Application/Shell/Shell.c
> +++ b/ShellPkg/Application/Shell/Shell.c
> @@ -1,7 +1,7 @@
>  /** @file
>    This is THE shell (application)
>=20
> -  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
>    (C) Copyright 2013-2014 Hewlett-Packard Development Company, L.P.<BR>
>    Copyright 2015-2018 Dell Technologies.<BR>
>    This program and the accompanying materials
> @@ -1002,7 +1002,11 @@ ProcessCommandLine(
>                                   ) =3D=3D 0) {
>        ShellInfoObject.ShellInitSettings.BitUnion.Bits.Delay        =3D T=
RUE;
>        // Check for optional delay value following "-delay"
> -      DelayValueStr =3D gEfiShellParametersProtocol->Argv[LoopVar + 1];
> +      if ((LoopVar + 1) >=3D gEfiShellParametersProtocol->Argc) {
> +        DelayValueStr =3D NULL;
> +      } else {
> +        DelayValueStr =3D gEfiShellParametersProtocol->Argv[LoopVar + 1]=
;
> +      }
>        if (DelayValueStr !=3D NULL){
>          if (*DelayValueStr =3D=3D L':') {
>            DelayValueStr++;
> --
> 2.16.2.windows.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel