From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+108441+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 3AF69740045
	for <rebecca@openfw.io>; Fri,  8 Sep 2023 08:59:19 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=0ct+RLjTh29K/nzMX6TiQR3GzGwVhij8ObYTpOspEjk=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1694163557; v=1;
 b=IIZnnG994wjh3QwNXKT+QRB3wwStt0z2KCrJ6QZWX4zQr5jq8+rYp3WTPgvGI7ODghuOLfFo
 rO90pdR0PhPlULJ9tzwRMhOEGgYn8aRG/HRHynfVNJyJiFT6UJ5iwpYjNhXD+WH7Dtubc3eoe9s
 N3KSy395p60akjvkvJnT006c=
X-Received: by 127.0.0.2 with SMTP id xEHqYY7687511xaJNoPlP4PW; Fri, 08 Sep 2023 01:59:17 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web10.34992.1694163556866546344
 for <devel@edk2.groups.io>;
 Fri, 08 Sep 2023 01:59:17 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10826"; a="381412890"
X-IronPort-AV: E=Sophos;i="6.02,236,1688454000"; 
   d="scan'208";a="381412890"
X-Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Sep 2023 01:59:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10826"; a="692188596"
X-IronPort-AV: E=Sophos;i="6.02,236,1688454000"; 
   d="scan'208";a="692188596"
X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by orsmga003.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Sep 2023 01:59:08 -0700
X-Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.32; Fri, 8 Sep 2023 01:59:07 -0700
X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.32 via Frontend Transport; Fri, 8 Sep 2023 01:59:07 -0700
X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.172)
 by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.32; Fri, 8 Sep 2023 01:59:07 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Srch7KJKKOX22UFBsbong76YQ5RqKOX3z5aQLCGTh3t3OqAsohNCvn4/OjeOVhnnOY481iSiWlqvOajl0zzD8KVmjvvT7kXoA8XQ9qLXevQh1iB8/gUJfTNNbPLIIfDrKWs7wbaTUsQSgCrN0VbnjDCNddVkxF4RUlszOs8hoaQlD8UIKuj1R0moJvJOMd30s5Kfj5coBZovKR1Cn6OoQI8Qt0ZA25y0fCJijMS/bV8WUQC5z9oMDL2Z0BcDEkZlO96/o2yKXfHD4DsfXm8lOI0IQtLqgAEO92dxfldexWnU0H4F4OPV6jqUHxiGIug/VZ9FVZ0Tas7hYGfzHw/fWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=RymRls+TVFl39y2I8x1c0A9CB/zfipCtT7L6HOxYgDo=;
 b=G1YxsqrdgP0umk1W7N7ANfeFmF4mSMdk163ffuuHtjprYJyGLT6YR6i18pkXfwTo0tPkJJh1JFpaYPoHc8FbrAndqLt8lfmLdIeunhoWhk1uXvTJjTxO69U5c/L85iC2hrmamLRkWsZnFQjWHXBHLb5i2TWYZpSxvT0mFp5covdoA9reALWeqkPPxLItydmwwWStky4tR1jvcpnhQgpJk3/bLw80aV9Ixw+8ub05rAKsCRSxwPk3TV9eMj3jzi6WLsJvEL86Y2osZ7HA6JO6020L7ubRSAx0o9b0elTRQAnijpqqGIc7lDAT9FHNUTkz4ju3MdOx3nU5wX2tTbaEgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from MN6PR11MB8242.namprd11.prod.outlook.com (2603:10b6:208:474::11)
 by SA1PR11MB6943.namprd11.prod.outlook.com (2603:10b6:806:2bc::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34; Fri, 8 Sep
 2023 08:59:05 +0000
X-Received: from MN6PR11MB8242.namprd11.prod.outlook.com
 ([fe80::669d:e74:3693:7622]) by MN6PR11MB8242.namprd11.prod.outlook.com
 ([fe80::669d:e74:3693:7622%7]) with mapi id 15.20.6745.034; Fri, 8 Sep 2023
 08:59:05 +0000
From: "Dandan Bi" <dandan.bi@intel.com>
To: "mikuback@linux.microsoft.com" <mikuback@linux.microsoft.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Gao, Liming"
	<gaoliming@byosoft.com.cn>, "Dong, Eric" <eric.dong@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/BootMaintenanceManagerUiLib: Check array index before access
Thread-Topic: [PATCH v1 1/1] MdeModulePkg/BootMaintenanceManagerUiLib: Check
 array index before access
Thread-Index: AQHZ4flfwBJ3QFt7o0ePNnUp643kGLAQoV+w
Date: Fri, 8 Sep 2023 08:59:05 +0000
Message-ID: <MN6PR11MB82424F24B9E7C35D929329CFEAEDA@MN6PR11MB8242.namprd11.prod.outlook.com>
References: <20230908020802.1059-1-mikuback@linux.microsoft.com>
In-Reply-To: <20230908020802.1059-1-mikuback@linux.microsoft.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN6PR11MB8242:EE_|SA1PR11MB6943:EE_
x-ms-office365-filtering-correlation-id: 73e1815d-2b74-4796-4fc2-08dbb049dac3
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: GnsOLRARXUhL5olX1lgbHI2Lr14xU+2uMMfCV4UOLYDlWyRQskU/ajqi7skQ2mQxdQgNf93JRlYvxZIDQD4qebhsWVX04W1YBEBKuJqqAJldbpmq1gSubhJCLeKDDagbcsdpcjFh4/KAMhN5TwOI3sWDSAfEMiXi8e8uqIzcrM/od5JmbUU0c9Goxcy6Hy0ynCW/FKJEZi+tWFLka6yl/f5i0q4usbkzBZ+DBBloKcFfBZvRPdsOfHBFN5V8q19Ha04kvUAb+ajOQliQ2lBSfXCsq9lld7WKvFymJVU0pE23uOOdJNv7kZX0TeWQfZZKB2N9YrLJ5njkJJMO4SMIjpDR3LvpoVYoA41/aqltfIW2NnMyd6SB7gSrs1jJQrzsfbzJ6qg8UxEstXcvxEn9Q1q2WIlek9lXwTMIdxOm9zcD2pEZnl/FIgm32dY/zEKQ7NQqgFpSWsDlTMpwO7Y5whMNHXVDvaFi8uf/DY4BbM9aeUkNM2XYMQIjOqMT91iDbp7Zh0OK9QP4OMRLCZ/fqqMoA9tPwrLn4U77+KdIVDn7JN02FZlSMBdJBhsOjY9aax8QyoFfU3y3NvIFNrKlTaXk2+prkECDy93MOPEkjZ5b6fFrCCxbz4oyNbRKhB3P
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lCFCIiznRuwgKc2XT/gv4IoMcKki3pWdiuhIDWEI5MOtt2wVXuhhgx8opvMf?=
 =?us-ascii?Q?QcRSo8M+RCGGXYirOdL9m68167GXIy4+suhcLu26CYf/+RzT9E2CoMfZFcCX?=
 =?us-ascii?Q?LlgDezndVKqQnHHARg7OnD3oozabpHRO9tu64831HNGVRK24IKDFiXKZL9AA?=
 =?us-ascii?Q?b0jzfWK9tqDZ66gqCV1eqeAFvBO85gXkg40zmL+jdDNsrcXzFF5wX5BMTera?=
 =?us-ascii?Q?16YqSp5AE16zT+cAc8ilcbmvX4blDYc/5aGmmO+JxhwEqJhKpVOyCln9Ki8n?=
 =?us-ascii?Q?/5n1z/dvBhZ29LUAICc8EJdq1C0EoCaN9OSy68tAzTHH/xpaFxOteDIkz7lT?=
 =?us-ascii?Q?c8qdY7y14+meJYJp53/QaHwd7cx0pQ2GAfnkmgIfkmDXEYo/QNqctv2HhGhU?=
 =?us-ascii?Q?9oJNURnPhk+berK82rJNH0ZHikyAT2AX8kr6skZQjRNmWlET7PLI5cOaQcAV?=
 =?us-ascii?Q?57tDDI/CUxdIUgmIHHK0yMS02UMWvkx5fxLEwiedegzxI4HaW9QpsDY0YElI?=
 =?us-ascii?Q?6dGYIe2v/sdALJnEw3HnRUK4i0bObqI8jb0hiOR9ROK0E+HjTXFl/4c5at18?=
 =?us-ascii?Q?Ed+cwPAWe7bBERPKdkqci1pPgM/Xg3qMGVSOxKJA4UV8eSbTom1ID9g5fuVv?=
 =?us-ascii?Q?f6AtUj21hYL2lE5jM3oKXAWvZ5W4+8VnhRZrqQGhTSwQEhdUZshM6k3CXHiG?=
 =?us-ascii?Q?nqt6CQ5Z2u3zGn5HB8s87xCEKkYfkOF+Fnpwj60jwDYEbxyxkneTP9F2Vv8J?=
 =?us-ascii?Q?/qe8zMTI/3MMkwnOyOUhXm7QfPOXIb+/JJygKzukpnPeF5zxzcfJVUnA56xb?=
 =?us-ascii?Q?ZOCzfjCceazZA/g0ZFAXiyOTR2RP7nR/2DTvBXkBiBY5fpkhO5/RqUDatJwl?=
 =?us-ascii?Q?+sZARlup5+gTegTwy/WH+t304BsbxOJm8NEhbE6mPTtQBk/SyGjaObmwIiJ8?=
 =?us-ascii?Q?2iPopA7yKM3GP6c2rvO++XtHKx4TLj8HSAO9jjPoRCP2KLlH79kOTcFqeJ2Q?=
 =?us-ascii?Q?0ENdAURlK6s4+2F9OBgqpO3ZeMa2mJwDn08gVV3+ATQ8RE+CCm2a+nc2qGRs?=
 =?us-ascii?Q?vlAm/sJIarwAKPtauYxHMU9LwlYx3PP06Omh1nMrjSdXm9VYVM0Wy+2B8m84?=
 =?us-ascii?Q?Gm3ttrX5gsXOKGr3t9ztylvW+43FvFm3OhBQxePypDNXlYPc/okQQ0gK+AVJ?=
 =?us-ascii?Q?w/wT+q+Ihgl4z0pmt6IF7rKIVFwlxVsPOOh6oprTZLobSfS6jS49oW7kufGp?=
 =?us-ascii?Q?zr0SE+OGpyfc/5beWXr+GNkDiJcqaEc8oHnmUzT/V/edncaqiMfdj4hOuI95?=
 =?us-ascii?Q?b/fG9HDcjXUc+oIQbBzEoSTWJRjx2G016VLDyyQAeSny/JhanR20QgniXNv2?=
 =?us-ascii?Q?q/B+H+aIwyvsombODdIjUEoo/DIKDJqW/hEZSZN9Iy0UbqcjZT+kKYRmD5Zx?=
 =?us-ascii?Q?/yDuBYbnGwYjBLFwzWY0qyFsGak3TFTLDhZWF/ZsWr2bUPtulWBz9CcPdlVB?=
 =?us-ascii?Q?wS/XmHpzpo5TyDIwi8ySjHju2Zvi3wYRXypd5IXGhP07VWkG935A5HSa7tR9?=
 =?us-ascii?Q?9XNpZC3ldEkwoi0m+sqIQXReqeHTM7dST1Aj//Bn?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8242.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 73e1815d-2b74-4796-4fc2-08dbb049dac3
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2023 08:59:05.2392
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Qj6j9ae4Y892Dni6BP8Mi6r9tI8HKoTIHZIhf23azJOZrAN9B86MJ5oEWrY16IQwDXKrbUixI4GG5YT1fH/FXQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6943
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dandan.bi@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: k4qBLHCq3C8mQcddLqpCXNdux7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=IIZnnG99;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}")

Reviewed-by: Dandan Bi <dandan.bi@intel.com>



Thanks,
Dandan

-----Original Message-----
From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>=20
Sent: Friday, September 8, 2023 10:08 AM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Gao, Liming <gaoliming@byosoft.co=
m.cn>; Bi, Dandan <dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>
Subject: [PATCH v1 1/1] MdeModulePkg/BootMaintenanceManagerUiLib: Check arr=
ay index before access

From: Michael Kubacki <michael.kubacki@microsoft.com>

Many arrays are defined with a length of MAX_MENU_NUMBER in FormGuid.h. Two=
 of those are BootOptionOrder and DriverOptionOrder.

In UpdatePage.c, a pointer is set to either of those arrays. The array buff=
er is accessed using an index whose range is checked after the pointer to t=
he array is dereferenced. This change moves the check before the dereferenc=
e.

In another place in the file, the ConsoleCheck pointer is also set to an ar=
ray buffer with MAX_MENU_NUMBER elements. Only an ASSERT() currently checks=
 the range of the array index. This change conditionalizes the pointer dere=
ference itself on the range of Index.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c | 11 +++++++=
----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c =
b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c
index ca81b7f35264..b1d1e2ee44f4 100644
--- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c
+++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c
@@ -527,9 +527,12 @@ UpdateConsolePage (
         ((NewTerminalContext->IsStdErr !=3D 0) && (UpdatePageId =3D=3D FOR=
M_CON_ERR_ID))
         )
     {
-      CheckFlags         |=3D EFI_IFR_CHECKBOX_DEFAULT;
-      ConsoleCheck[Index] =3D TRUE;
-    } else {
+      CheckFlags |=3D EFI_IFR_CHECKBOX_DEFAULT;
+
+      if (Index < MAX_MENU_NUMBER) {
+        ConsoleCheck[Index] =3D TRUE;
+      }
+    } else if (Index < MAX_MENU_NUMBER) {
       ConsoleCheck[Index] =3D FALSE;
     }
=20
@@ -622,7 +625,7 @@ UpdateOrderPage (
   ASSERT (OptionsOpCodeHandle !=3D NULL);
=20
   NewMenuEntry =3D NULL;
-  for (OptionIndex =3D 0; (OptionOrder[OptionIndex] !=3D 0 && OptionIndex =
< MAX_MENU_NUMBER); OptionIndex++) {
+  for (OptionIndex =3D 0; (OptionIndex < MAX_MENU_NUMBER &&=20
+ OptionOrder[OptionIndex] !=3D 0); OptionIndex++) {
     BootOptionFound =3D FALSE;
     for (Index =3D 0; Index < OptionMenu->MenuNumber; Index++) {
       NewMenuEntry =3D BOpt_GetMenuEntry (OptionMenu, Index);
--
2.42.0.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108441): https://edk2.groups.io/g/devel/message/108441
Mute This Topic: https://groups.io/mt/101229613/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-