From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 73A6220355215 for ; Wed, 8 Nov 2017 16:59:19 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 08 Nov 2017 17:03:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,365,1505804400"; d="scan'208";a="334146382" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga004.fm.intel.com with ESMTP; 08 Nov 2017 17:03:19 -0800 Received: from fmsmsx125.amr.corp.intel.com (10.18.125.40) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 8 Nov 2017 17:03:19 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX125.amr.corp.intel.com (10.18.125.40) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 8 Nov 2017 17:03:18 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.218]) with mapi id 14.03.0319.002; Thu, 9 Nov 2017 09:03:15 +0800 From: "Wang, Jian J" To: "Carsey, Jaben" , "edk2-devel@lists.01.org" CC: "Ni, Ruiyu" , "Bi, Dandan" Thread-Topic: [PATCH v3 2/3] ShellPkg: Fix misuses of AllocateCopyPool Thread-Index: AQHTWDcIzevrCtopcUGcQzaE02Uuj6MKoeMQgACZyoA= Date: Thu, 9 Nov 2017 01:03:15 +0000 Message-ID: References: <20171108021201.17436-1-jian.j.wang@intel.com> <20171108021201.17436-3-jian.j.wang@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiN2Q1YjliMWMtZjE1Yi00MmM5LTk3MzYtNjdjNDA1ZjQxMWViIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJvNnZud285Q1RFRlVZQ21HR1ExZTJSRnEyOE4ySXpjUURDa0lFRythSEUxMjNKWVFQS25OdzB5OEFna1o1OEFQIn0= x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v3 2/3] ShellPkg: Fix misuses of AllocateCopyPool X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Nov 2017 00:59:19 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable You're right StrCpyS is better for this case. Since the patch has checked i= n, maybe we can refine those code in another patch. Thanks for the comment. > -----Original Message----- > From: Carsey, Jaben > Sent: Wednesday, November 08, 2017 11:50 PM > To: Wang, Jian J ; edk2-devel@lists.01.org > Cc: Ni, Ruiyu ; Bi, Dandan > Subject: RE: [PATCH v3 2/3] ShellPkg: Fix misuses of AllocateCopyPool >=20 > Why not use the StrCpy_s function to copy strings? CopyMem and StrSize f= eels > odd to me. >=20 > > -----Original Message----- > > From: Wang, Jian J > > Sent: Tuesday, November 07, 2017 6:12 PM > > To: edk2-devel@lists.01.org > > Cc: Carsey, Jaben ; Ni, Ruiyu > > ; Bi, Dandan > > Subject: [PATCH v3 2/3] ShellPkg: Fix misuses of AllocateCopyPool > > Importance: High > > > > > v3: > > > No update > > > > > v2: > > > a. Use ReallocatePool instead of allocating then copying wherever > > applicable > > > > AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" by= tes of > > memory from old "Buffer" to new allocated one. If "AllocationSize" is b= igger > > than size of "Buffer", heap memory overflow occurs during copy. > > > > One solution is to allocate pool first then copy the necessary bytes to= new > > memory. Another is using ReallocatePool instead if old buffer will be f= reed > > on spot. > > > > Cc: Jaben Carsey > > Cc: Ruiyu Ni > > Cc: Bi Dandan > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jian J Wang > > --- > > ShellPkg/Application/Shell/Shell.c | 4= +++- > > ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c | 7 > > +++++-- > > 2 files changed, 8 insertions(+), 3 deletions(-) > > > > diff --git a/ShellPkg/Application/Shell/Shell.c > > b/ShellPkg/Application/Shell/Shell.c > > index 5471930ba1..656206fdce 100644 > > --- a/ShellPkg/Application/Shell/Shell.c > > +++ b/ShellPkg/Application/Shell/Shell.c > > @@ -1646,7 +1646,7 @@ ShellConvertVariables ( > > // > > // now do the replacements... > > // > > - NewCommandLine1 =3D AllocateCopyPool(NewSize, OriginalCommandLine); > > + NewCommandLine1 =3D AllocateZeroPool (NewSize); > > NewCommandLine2 =3D AllocateZeroPool(NewSize); > > ItemTemp =3D AllocateZeroPool(ItemSize+(2*sizeof(CHAR16))); > > if (NewCommandLine1 =3D=3D NULL || NewCommandLine2 =3D=3D NULL || > > ItemTemp =3D=3D NULL) { > > @@ -1655,6 +1655,8 @@ ShellConvertVariables ( > > SHELL_FREE_NON_NULL(ItemTemp); > > return (NULL); > > } > > + CopyMem (NewCommandLine1, OriginalCommandLine, StrSize > > (OriginalCommandLine)); > > + > > for (MasterEnvList =3D EfiShellGetEnv(NULL) > > ; MasterEnvList !=3D NULL && *MasterEnvList !=3D CHAR_NULL > > ; MasterEnvList +=3D StrLen(MasterEnvList) + 1 > > diff --git > > a/ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c > > b/ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c > > index 1122c89b8b..ee3db63358 100644 > > --- > > a/ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c > > +++ > > b/ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c > > @@ -143,10 +143,11 @@ UpdateOptionalData( > > OriginalOptionDataSize +=3D (*(UINT16*)(OriginalData + sizeof(UINT= 32))); > > OriginalOptionDataSize -=3D OriginalSize; > > NewSize =3D OriginalSize - OriginalOptionDataSize + DataSize; > > - NewData =3D AllocateCopyPool(NewSize, OriginalData); > > + NewData =3D AllocatePool(NewSize); > > if (NewData =3D=3D NULL) { > > Status =3D EFI_OUT_OF_RESOURCES; > > } else { > > + CopyMem (NewData, OriginalData, OriginalSize - > > OriginalOptionDataSize); > > CopyMem(NewData + OriginalSize - OriginalOptionDataSize, Data, > > DataSize); > > } > > } > > @@ -1120,11 +1121,13 @@ BcfgAddOpt( > > // Now we know how many EFI_INPUT_KEY structs we need to attac= h to > > the end of the EFI_KEY_OPTION struct. > > // Re-allocate with the added information. > > // > > - KeyOptionBuffer =3D AllocateCopyPool(sizeof(EFI_KEY_OPTION) + > > (sizeof(EFI_INPUT_KEY) * NewKeyOption.KeyData.Options.InputKeyCount), > > &NewKeyOption); > > + KeyOptionBuffer =3D AllocatePool (sizeof(EFI_KEY_OPTION) + > > (sizeof(EFI_INPUT_KEY) * > > NewKeyOption.KeyData.Options.InputKeyCount)); > > if (KeyOptionBuffer =3D=3D NULL) { > > ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_NO_MEM), > > gShellBcfgHiiHandle, L"bcfg"); > > ShellStatus =3D SHELL_OUT_OF_RESOURCES; > > + return ShellStatus; > > } > > + CopyMem (KeyOptionBuffer, &NewKeyOption, > > sizeof(EFI_KEY_OPTION)); > > } > > for (LoopCounter =3D 0 ; ShellStatus =3D=3D SHELL_SUCCESS && Loo= pCounter < > > NewKeyOption.KeyData.Options.InputKeyCount; LoopCounter++) { > > // > > -- > > 2.14.1.windows.1