From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chao.b.zhang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.24; helo=mga09.intel.com;
 envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 83BF6208D6134
 for <edk2-devel@lists.01.org>; Mon, 11 Feb 2019 05:56:08 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 11 Feb 2019 05:56:08 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,358,1544515200"; d="scan'208";a="133350088"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga002.jf.intel.com with ESMTP; 11 Feb 2019 05:56:08 -0800
Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Mon, 11 Feb 2019 05:56:07 -0800
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Mon, 11 Feb 2019 05:56:06 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.207]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.109]) with mapi id 14.03.0415.000;
 Mon, 11 Feb 2019 21:56:04 +0800
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Wu, Hao A" <hao.a.wu@intel.com>, "Gao, Liming" <liming.gao@intel.com>
Thread-Topic: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix memory leak issue.
Thread-Index: AQHUwdFs+AcGuJi8H0aUZqa+V+d2SaXanoew
Date: Mon, 11 Feb 2019 13:56:04 +0000
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F24DE66BE2@shsmsx102.ccr.corp.intel.com>
References: <20190211061654.53812-1-chen.a.chen@intel.com>
In-Reply-To: <20190211061654.53812-1-chen.a.chen@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_NT
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjFlNTJlMGItN2I1MS00NWRjLWEwYjctYzQ3MjU4NTA2NDYyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiVldUaERXVnZJa0VZS2NPS0h5YUVnN1ZkTGZuZE9RU2IrXC9kTm1Id3pza1NsWnJ6T1JKUlM2S0JHNUt5cndcL2h3In0=
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdeModulePkg/CapsuleApp: Fix memory leak issue.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 13:56:09 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

ChenChen:
   Please add FileInfoBuffer[Index] NULL check before free=20
=20
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Chen=
 A Chen
Sent: Monday, February 11, 2019 2:17 PM
To: edk2-devel@lists.01.org
Cc: Wu, Hao A <hao.a.wu@intel.com>; Gao, Liming <liming.gao@intel.com>; Zha=
ng, Chao B <chao.b.zhang@intel.com>
Subject: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix memory leak issue.

This issue is caused by FileInfoBuffer variable. This is a pointer array an=
d each elements also pointer to a memory buffer that is allocated and retur=
ned by AllocateCopyPool function.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
---
 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 81 ++++++++++++++++---=
----
 1 file changed, 56 insertions(+), 25 deletions(-)

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModuleP=
kg/Application/CapsuleApp/CapsuleDump.c
index 7bef5a1378..00cf45d66a 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -806,48 +806,69 @@ DumpCapsuleFromDisk (
   Status =3D Fs->OpenVolume (Fs, &Root);
   if (EFI_ERROR (Status)) {
     Print (L"Cannot open volume. Status =3D %r\n", Status);
-    return EFI_NOT_FOUND;
+    goto Done;
   }
=20
   Status =3D Root->Open (Root, &DirHandle, EFI_CAPSULE_FILE_DIRECTORY, EFI=
_FILE_MODE_READ | EFI_FILE_MODE_WRITE , 0);
   if (EFI_ERROR (Status)) {
     Print (L"Cannot open %s. Status =3D %r\n", EFI_CAPSULE_FILE_DIRECTORY,=
 Status);
-    return EFI_NOT_FOUND;
+    goto Done;
   }
=20
   //
   // Get file count first
   //
-  for ( Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo)
-      ; !EFI_ERROR(Status) && !NoFile
-      ; Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile)
-     ){
-    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) =3D=
=3D 0) {
-      continue;
+  do {
+    Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo);
+    if (EFI_ERROR (Status) || FileInfo =3D=3D NULL) {
+      Print (L"Get File Info Fail. Status =3D %r\n", Status);
+      goto Done;
     }
-    FileCount++;
-  }
+
+    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) !=3D =
0) {
+      FileCount++;
+    }
+
+    Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile);
+    if (EFI_ERROR (Status)) {
+      Print (L"Get Next File Fail. Status =3D %r\n", Status);
+      goto Done;
+    }
+  } while (!NoFile);
=20
   if (FileCount =3D=3D 0) {
     Print (L"Error: No capsule file found!\n");
-    return EFI_NOT_FOUND;
+    Status =3D EFI_NOT_FOUND;
+    goto Done;
   }
=20
   FileInfoBuffer =3D AllocatePool (sizeof(FileInfo) * FileCount);
+  if (FileInfoBuffer =3D=3D NULL) {
+    Status =3D EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
   NoFile =3D FALSE;
=20
   //
   // Get all file info
   //
-  for ( Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo)
-      ; !EFI_ERROR (Status) && !NoFile
-      ; Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile)
-     ){
-    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) =3D=
=3D 0) {
-      continue;
+  do {
+    Status =3D FileHandleFindFirstFile (DirHandle, &FileInfo);
+    if (EFI_ERROR (Status) || FileInfo =3D=3D NULL) {
+      Print (L"Get File Info Fail. Status =3D %r\n", Status);
+      goto Done;
     }
-    FileInfoBuffer[Index++] =3D AllocateCopyPool ((UINTN)FileInfo->Size, F=
ileInfo);
-  }
+
+    if ((FileInfo->Attribute & (EFI_FILE_SYSTEM | EFI_FILE_ARCHIVE)) !=3D =
0) {
+      FileInfoBuffer[Index++] =3D AllocateCopyPool ((UINTN)FileInfo->Size,=
 FileInfo);
+    }
+
+    Status =3D FileHandleFindNextFile (DirHandle, FileInfo, &NoFile);
+    if (EFI_ERROR (Status)) {
+      Print (L"Get Next File Fail. Status =3D %r\n", Status);
+      goto Done;
+    }
+  } while (!NoFile);
=20
   //
   // Sort FileInfoBuffer by alphabet order @@ -866,7 +887,8 @@ DumpCapsule=
FromDisk (
   }
=20
   if (!DumpCapsuleInfo) {
-    return EFI_SUCCESS;
+    Status =3D EFI_SUCCESS;
+    goto Done;
   }
=20
   Print(L"The infomation of the capsules:\n"); @@ -875,19 +897,20 @@ DumpC=
apsuleFromDisk (
     FileHandle =3D NULL;
     Status =3D DirHandle->Open (DirHandle, &FileHandle, FileInfoBuffer[Ind=
ex]->FileName, EFI_FILE_MODE_READ, 0);
     if (EFI_ERROR (Status)) {
-      break;
+      goto Done;
     }
=20
     Status =3D FileHandleGetSize (FileHandle, (UINT64 *) &FileSize);
     if (EFI_ERROR (Status)) {
       Print (L"Cannot read file %s. Status =3D %r\n", FileInfoBuffer[Index=
]->FileName, Status);
       FileHandleClose (FileHandle);
-      return Status;
+      goto Done;
     }
=20
     FileBuffer =3D AllocatePool (FileSize);
     if (FileBuffer =3D=3D NULL) {
-      return RETURN_OUT_OF_RESOURCES;
+      Status =3D EFI_OUT_OF_RESOURCES;
+      goto Done;
     }
=20
     Status =3D FileHandleRead (FileHandle, &FileSize, FileBuffer); @@ -895=
,7 +918,7 @@ DumpCapsuleFromDisk (
       Print (L"Cannot read file %s. Status =3D %r\n", FileInfoBuffer[Index=
]->FileName, Status);
       FreePool (FileBuffer);
       FileHandleClose (FileHandle);
-      return Status;
+      goto Done;
     }
=20
     Print (L"**************************\n");
@@ -906,7 +929,15 @@ DumpCapsuleFromDisk (
     FreePool (FileBuffer);
   }
=20
-  return EFI_SUCCESS;
+Done:
+  if (FileInfoBuffer !=3D NULL) {
+    for (Index =3D 0; Index < FileCount; Index++) {
+      FreePool (FileInfoBuffer[Index]);
+    }
+    FreePool (FileInfoBuffer);
+  }
+
+  return Status;
 }
=20
 /**
--
2.16.2.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel