From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.92.18.34]) by mx.groups.io with SMTP id smtpd.web12.12634.1596738144681123668 for ; Thu, 06 Aug 2020 11:22:25 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=IGS2sxWx; spf=pass (domain: outlook.com, ip: 40.92.18.34, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTsi2BijkgKNq/EC09at2Tv3CsAQ4Z+HVsU0652Htl2jx8wBCp6Dk7gvaUUza0xJcDIizVof9AE1e6t3616gRbvxN9FLaKK+4jisALucT6gIDdx+F5I7pLvGId5ZJHkFBUBm2ZvN9/VwBFB4akFf+WFhwjLizf0SYjlGKGmxVz/WpnY6Q5enTyrLUpoSjol1F+pCe3wEOmQAuUFqy1AXRdezlbKbXgu2+76YQiX2W7qhjkmBzhQP+M4d2HfRsiR8jmI/xH0pQHoChdX6PMz/A4jVOAeWkkvz7kgqgZtEOBOZCDtBuW/3G8vZujr850aSfqgTF00NgmFMG8Ohq7dl3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TXEcDSYiV7irGnrnrbwpWNd4Sylgsq/fZXXx1Yc16PQ=; b=cQ5pXvX6pTKhDLpo26FjVOG0VKFVYOXclqaTrBgEeMCINdQwRL2RHbGjR0Bmk8mml9ngeI2iv6B3FXQcWleZhKCbpek3YY26Yth7h/GBbzqJFJ0Zvg4KCQBgTg/CBpeJSTmH+q2Wy4Lwj7SskU/5koPMUKYdywdLTtu2n+sHUupay42A0CIJWQdK5paTmGdDY82UfhPEQ5XLylNWSFQ5js5iTQEIq+EyO2LGDUuefqZf1jb1sWYtsmJTr/8bojmwucrcrWanum1d5g8vgn5zlc23crLYE1Muw8Omfcqt9T8M0y9wSpGyFP1Va1Sj4SaIflvF/gFk+QpbB7rprFGNOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TXEcDSYiV7irGnrnrbwpWNd4Sylgsq/fZXXx1Yc16PQ=; b=IGS2sxWxThdbPkAaJom1ekdJDfrbLcDZV31MTDeh/rKDQNv9yaqySrLDp3rLPuPV7xE2bzHPefrQzCoZ0FzFBOCNcRlCvwlibbhc7RJgyen+giI+jNo05ffGjqsQ+5itosA7lbEs4Bj4FVb79wHafIla83n8FVuBKS/TR4uIG6oJv8Ukn6fsr4w+DzIjaIFTR2PXa6ijYjoW0CuQyazNqbj2t7e87mlCZaT+5eEbJzmkgrMBXkVPOkevPj9duddBxx3CFPfsJNr/7DKYGO1HODnOFfh/ToHPkfkP94eQYY5TPW0GNfHL9PBqCfup2qIF+AL77hJYjOOdF6o6zQKkKQ== Received: from BN8NAM11FT034.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::51) by BN8NAM11HT246.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::302) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16; Thu, 6 Aug 2020 18:22:22 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:fc4b::43) by BN8NAM11FT034.mail.protection.outlook.com (2a01:111:e400:fc4b::139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16 via Frontend Transport; Thu, 6 Aug 2020 18:22:22 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:4D373607D40ABA1A70BE063FA3D2C36405429FE1362DBEC8C467187D258486B1;UpperCasedChecksum:610FC79A0238FB0A41E06926DE7136F696A74AD4796E3BDCEB6C44D4534BE732;SizeAsReceived:9528;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e%7]) with mapi id 15.20.3261.019; Thu, 6 Aug 2020 18:22:22 +0000 Subject: Re: [edk2-devel] [PATCH v1 7/7] FmpDevicePkg/FmpDxe: Improve function parameter validation To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: "Gao, Liming" References: <20200731031448.1103-1-michael.kubacki@outlook.com> From: "Michael Kubacki" Message-ID: Date: Thu, 6 Aug 2020 11:22:22 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 In-Reply-To: X-ClientProxiedBy: MW2PR16CA0065.namprd16.prod.outlook.com (2603:10b6:907:1::42) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <2e0963f8-546a-3481-9d52-496a9d88f338@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [IPv6:2001:4898:d8:39:2142:5170:12c:6904] (2001:4898:80e8:9:a161:5170:12c:6904) by MW2PR16CA0065.namprd16.prod.outlook.com (2603:10b6:907:1::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19 via Frontend Transport; Thu, 6 Aug 2020 18:22:22 +0000 X-Microsoft-Original-Message-ID: <2e0963f8-546a-3481-9d52-496a9d88f338@outlook.com> X-TMN: [XaOeDnZfu1NoVN4TbM8D+bxYLKxoXZ0z3HikeGrjbfuqG4bxAOyJ8Wt7q1M8iQID] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 373c0d11-7809-4e0c-04ca-08d83a35a954 X-MS-TrafficTypeDiagnostic: BN8NAM11HT246: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K7zOCR2czQ0lSt3UA8SiIfFE/v5QPIfkH0gg1/b10vUdzW5NVNDyq8iuOLthmPKIPIjt4DLqjNt56XcjHIuKa46Lem+qWK3aSXY/Gt2pecnXTnxvDelipAdYiT5Omzezm0xOE5S0w4xjI6OqhTm5iddVLmEgOHs+FIqFmgmtCnTXbj/auKWfoRHbHkavmsHk/UJ7lBmBLzjgAOEqpOMiGQ5MZLuaID684jlhtc8uM0ps5Eqcv5VRtVt2G4XDsuze X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: Dq+xhcq/FSTP/BnWhhVGvcfjaTLsbGdjDJqr1FTKZyoGa9J4Bv0laiokDX6vSHRO88oF2pZyfyS7ell7Cqb6GBNV8XE9U26JLUkOrsgz9/Sd6+44xrYv32GrORcqAHR99HLoKrnwbZVR8Es7ib2qBqCEZTfxScewLtphrcekExzggU39ntr+hgcWyqFYJUgP+nYFg3cO7Q/kg5jjAoO6YQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 373c0d11-7809-4e0c-04ca-08d83a35a954 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2020 18:22:22.7335 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT034.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8NAM11HT246 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable Sounds good, I'll send v3 out soon. Here's the BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2878 Thanks, Michael On 8/6/2020 9:06 AM, Kinney, Michael D wrote: > Michael, >=20 > The description matches UEFI 2.7. So there appears to be a work item to= update the FMP > function descriptions to the latest UEFI 2.8 spec. >=20 > I do recommend you do not change any of these comments in the current pa= tch series. > The update to UEFI 2.8 can be a new BZ. >=20 > The UEFI Specifications allows an implementation to return additional er= ror return codes > that are not listed in the API definition. >=20 >=20 > Status Codes Returned: A description of any codes returned by the int= erface. The > procedure is required to implement any status codes > listed in this table. Additional error codes may be > returned, but they will not be tested by standard > compliance tests, and any software that uses the > procedure cannot depend on any of the extended error > codes that an implementation may provide. >=20 > Best regards. >=20 > Mike >=20 >> -----Original Message----- >> From: Michael Kubacki >> Sent: Wednesday, August 5, 2020 5:31 PM >> To: devel@edk2.groups.io; Kinney, Michael D >> Cc: Gao, Liming >> Subject: Re: [edk2-devel] [PATCH v1 7/7] FmpDevicePkg/FmpDxe: Improve f= unction parameter validation >> >> Hi Mike, >> >> There's quite a few discrepancies at the moment between functions in >> FmpDxe that implement EFI_FIRMWARE_MANAGEMENT_PROTOCOL and the >> corresponding description in the UEFI spec. >> >> For example: >> >> UEFI Spec 2.8B - EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(): >> >> Status Codes Returned >> >> EFI_SUCCESS The image information was successfully returned= . >> EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current >> buffer size needed to hold the image(s) >> information is returned in ImageInfoSize. >> EFI_INVALID_PARAMETER ImageInfoSize is not too small and ImageInfo is >> NULL. >> EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorVersion >> is NULL. >> EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorCount i= s >> NULL. >> EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorSize is >> NULL. >> EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersion is >> NULL. >> EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersionNam= e >> is NULL. >> EFI_DEVICE_ERROR Valid information could not be returned. >> Possible corrupted image. >> >> Actual - FmpDxe - GetTheImageInfo(): >> >> @retval EFI_SUCCESS The device was successfully upda= ted >> with the new image. >> @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too sma= ll. >> The current buffer size >> needed to hold the image(s) >> information is returned in >> ImageInfoSize. >> @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. >> @retval EFI_DEVICE_ERROR Valid information could not be >> returned. Possible corrupted ima= ge. >> >> There's cases such as in GetTheImage() where the code describes >> EFI_INVALID_PARAMETER is returned as follows: >> >> @retval EFI_INVALID_PARAMETER The Image was NULL. >> >> However, the implementation will actually return the status code under >> other conditions such as an invalid ImageIndex or NULL ImageSize pointe= r. >> >> I agree these should be cleaned up such that implementation and spec >> match and the descriptions are accurate, but that could warrant its own >> series. >> >> For this series, is the ask to leave the descriptions as-is? If so, I >> can file a BZ to resolve the code/spec discrepancies. >> >> Thanks, >> Michael >> >> On 8/5/2020 4:30 PM, Michael D Kinney wrote: >>> Michael, >>> >>> That is a good point. I missed that behavior in some of the APIs. >>> >>> What I also missed was that these APIs are defined in the UEFI Spec an= d the >>> description of the return codes is from there and should match the UEF= I Spec. >>> >>> The implementation should be conformant with the UEFI Spec. If you no= tice >>> behavior that is not conformant, then we need to update the code or po= tentially >>> work on spec updates. >>> >>> For this patch series, let=E2=80=99s make sure the Firmware Management= Protocol service >>> headers match the UEFI Spec. >>> >>> Mike >>> >>>> -----Original Message----- >>>> From: Michael Kubacki >>>> Sent: Wednesday, August 5, 2020 1:43 PM >>>> To: Kinney, Michael D ; devel@edk2.groups= .io >>>> Cc: Gao, Liming >>>> Subject: Re: [PATCH v1 7/7] FmpDevicePkg/FmpDxe: Improve function par= ameter validation >>>> >>>> Hi Mike, >>>> >>>> Some of those functions currently return EFI_SUCCESS if ImageIndex is >>>> invalid. Example: >>>> https://github.com/tianocore/edk2/blob/master/FmpDevicePkg/FmpDxe/Fmp= Dxe.c#L851 >>>> >>>> Given the request to update the EFI_INVALID_PARAMETER text for those >>>> other functions, I'm assuming you'd like me to make those return >>>> EFI_INVALID_PARAMETER like what GetTheImage() currently does - >>>> https://github.com/tianocore/edk2/blob/master/FmpDevicePkg/FmpDxe/Fmp= Dxe.c#L573? >>>> >>>> Thanks, >>>> Michael >>>> >>>> On 8/5/2020 9:51 AM, Kinney, Michael D wrote: >>>>> Hi Michael, >>>>> >>>>> A few minor comments included below. With those updates, >>>>> >>>>> Reviewed-bv: Michael D Kinney >>>>> >>>>> Mike >>>>> >>>>>> -----Original Message----- >>>>>> From: michael.kubacki@outlook.com >>>>>> Sent: Thursday, July 30, 2020 8:15 PM >>>>>> To: devel@edk2.groups.io >>>>>> Cc: Gao, Liming ; Kinney, Michael D >>>>>> Subject: [PATCH v1 7/7] FmpDevicePkg/FmpDxe: Improve function param= eter validation >>>>>> >>>>>> From: Michael Kubacki >>>>>> >>>>>> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2869 >>>>>> >>>>>> Makes some minor improvements to function parameter validation >>>>>> in FmpDxe, in particular to externally exposed functions such >>>>>> as those that back EFI_FIRMWARE_MANAGEMENT_PROTOCOL. >>>>>> >>>>>> Cc: Liming Gao >>>>>> Cc: Michael D Kinney >>>>>> Signed-off-by: Michael Kubacki >>>>>> --- >>>>>> FmpDevicePkg/FmpDxe/FmpDxe.c | 56 +++++++++++++++++--- >>>>>> FmpDevicePkg/FmpDxe/FmpDxe.h | 10 ++-- >>>>>> 2 files changed, 54 insertions(+), 12 deletions(-) >>>>>> >>>>>> diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/Fmp= Dxe.c >>>>>> index a3e342591936..958d9b394b71 100644 >>>>>> --- a/FmpDevicePkg/FmpDxe/FmpDxe.c >>>>>> +++ b/FmpDevicePkg/FmpDxe/FmpDxe.c >>>>>> @@ -278,6 +278,11 @@ PopulateDescriptor ( >>>>>> EFI_STATUS Status; >>>>>> UINT32 DependenciesSize; >>>>>> >>>>>> + if (Private =3D=3D NULL) { >>>>>> + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): PopulateDescriptor() - Priva= te is NULL.\n", mImageIdName)); >>>>>> + return; >>>>>> + } >>>>>> + >>>>>> if (Private->DescriptorPopulated) { >>>>>> return; >>>>>> } >>>>>> @@ -429,7 +434,7 @@ PopulateDescriptor ( >>>>>> @retval EFI_SUCCESS The device was successfull= y updated with the new image. >>>>>> @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was t= oo small. The current buffer size >>>>>> needed to hold the image(s= ) information is returned in ImageInfoSize. >>>>>> - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>>> @retval EFI_DEVICE_ERROR Valid information could no= t be returned. Possible corrupted image. >>>>>> >>>>>> **/ >>>>>> @@ -451,6 +456,12 @@ GetTheImageInfo ( >>>>>> >>>>>> Status =3D EFI_SUCCESS; >>>>>> >>>>>> + if (This =3D=3D NULL) { >>>>>> + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): GetImageInfo() - This is NUL= L.\n", mImageIdName)); >>>>>> + Status =3D EFI_INVALID_PARAMETER; >>>>>> + goto cleanup; >>>>>> + } >>>>>> + >>>>>> // >>>>>> // Retrieve the private context structure >>>>>> // >>>>>> @@ -536,7 +547,7 @@ GetTheImageInfo ( >>>>>> @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageS= ize is too small to hold the >>>>>> image. The current buffer size= needed to hold the image is returned >>>>>> in ImageSize. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL or Ima= geIndex is invalid. >>>>>> @retval EFI_NOT_FOUND The current image is not copie= d to the buffer. >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> @@ -561,6 +572,12 @@ GetTheImage ( >>>>>> >>>>>> Status =3D EFI_SUCCESS; >>>>>> >>>>>> + if (This =3D=3D NULL) { >>>>>> + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): GetImage() - This is NULL.\n= ", mImageIdName)); >>>>>> + Status =3D EFI_INVALID_PARAMETER; >>>>>> + goto cleanup; >>>>>> + } >>>>>> + >>>>>> // >>>>>> // Retrieve the private context structure >>>>>> // >>>>>> @@ -615,7 +632,8 @@ GetTheImage ( >>>>>> @param[in] Image Pointer to the image. >>>>>> @param[in] ImageSize Size of the image. >>>>>> @param[in] AdditionalHeaderSize Size of any headers that c= annot be calculated by this function. >>>>>> - @param[out] PayloadSize >>>>>> + @param[out] PayloadSize An optional pointer to a UINT= N that holds the size of the payload >>>>>> + (image size minus headers) >>>>>> >>>>>> @retval !NULL Valid pointer to the header. >>>>>> @retval NULL Structure is bad and pointer cannot be found. >>>>>> @@ -626,7 +644,7 @@ GetFmpHeader ( >>>>>> IN CONST EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, >>>>>> IN CONST UINTN ImageSize, >>>>>> IN CONST UINTN AdditionalHeader= Size, >>>>>> - OUT UINTN *PayloadSize >>>>>> + OUT UINTN *PayloadSize OPTION= AL >>>>>> ) >>>>>> { >>>>>> // >>>>>> @@ -640,7 +658,10 @@ GetFmpHeader ( >>>>>> return NULL; >>>>>> } >>>>>> >>>>>> - *PayloadSize =3D ImageSize - (sizeof (Image->MonotonicCount) + I= mage->AuthInfo.Hdr.dwLength + AdditionalHeaderSize); >>>>>> + if (PayloadSize !=3D NULL) { >>>>>> + *PayloadSize =3D ImageSize - (sizeof (Image->MonotonicCount) += Image->AuthInfo.Hdr.dwLength + AdditionalHeaderSize); >>>>>> + } >>>>>> + >>>>>> return (VOID *)((UINT8 *)Image + sizeof (Image->MonotonicCoun= t) + Image->AuthInfo.Hdr.dwLength + AdditionalHeaderSize); >>>>>> } >>>>>> >>>>>> @@ -663,6 +684,10 @@ GetAllHeaderSize ( >>>>>> { >>>>>> UINT32 CalculatedSize; >>>>>> >>>>>> + if (Image =3D=3D NULL) { >>>>> >>>>> This is an internal helper function. If Image is ever NULL, it must= be a bug in the >>>>> FmpDxe driver. Should we do more than just return 0? Perhaps a DEB= UG_ERROR message too? >>>>> >>>>>> + return 0; >>>>>> + } >>>>>> + >>>>>> CalculatedSize =3D sizeof (Image->MonotonicCount) + >>>>>> AdditionalHeaderSize + >>>>>> Image->AuthInfo.Hdr.dwLength; >>>>>> @@ -698,7 +723,7 @@ GetAllHeaderSize ( >>>>>> >>>>>> @retval EFI_SUCCESS The image was successfully che= cked. >>>>>> @retval EFI_ABORTED The operation is aborted. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>> >>>>> This function also uses ImageIndex. Similar to updates above, I thi= nk this >>>>> @retval line should be: >>>>> >>>>> @retval EFI_INVALID_PARAMETER A required pointer is NULL or Im= ageIndex is invalid. >>>>> >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> >>>>>> @@ -743,6 +768,12 @@ CheckTheImage ( >>>>>> return EFI_UNSUPPORTED; >>>>>> } >>>>>> >>>>>> + if (This =3D=3D NULL) { >>>>>> + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): CheckImage() - This is NULL.= \n", mImageIdName)); >>>>>> + Status =3D EFI_INVALID_PARAMETER; >>>>>> + goto cleanup; >>>>>> + } >>>>>> + >>>>>> // >>>>>> // Retrieve the private context structure >>>>>> // >>>>>> @@ -978,7 +1009,7 @@ CheckTheImage ( >>>>>> >>>>>> @retval EFI_SUCCESS The device was successfully up= dated with the new image. >>>>>> @retval EFI_ABORTED The operation is aborted. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>> >>>>> This function also uses ImageIndex. Similar to updates above, I thi= nk this >>>>> @retval line should be: >>>>> >>>>> @retval EFI_INVALID_PARAMETER A required pointer is NULL or Im= ageIndex is invalid. >>>>> >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> >>>>>> @@ -1026,6 +1057,12 @@ SetTheImage ( >>>>>> return EFI_UNSUPPORTED; >>>>>> } >>>>>> >>>>>> + if (This =3D=3D NULL) { >>>>>> + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): SetTheImage() - This is NULL= .\n", mImageIdName)); >>>>>> + Status =3D EFI_INVALID_PARAMETER; >>>>>> + goto cleanup; >>>>>> + } >>>>>> + >>>>>> // >>>>>> // Retrieve the private context structure >>>>>> // >>>>>> @@ -1382,6 +1419,11 @@ FmpDxeLockEventNotify ( >>>>>> EFI_STATUS Status; >>>>>> FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private; >>>>>> >>>>>> + if (Context =3D=3D NULL) { >>>>>> + ASSERT (Context !=3D NULL); >>>>>> + return; >>>>>> + } >>>>>> + >>>>>> Private =3D (FIRMWARE_MANAGEMENT_PRIVATE_DATA *)Context; >>>>>> >>>>>> if (!Private->FmpDeviceLocked) { >>>>>> diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/Fmp= Dxe.h >>>>>> index 30754dea495e..4dfec316a558 100644 >>>>>> --- a/FmpDevicePkg/FmpDxe/FmpDxe.h >>>>>> +++ b/FmpDevicePkg/FmpDxe/FmpDxe.h >>>>>> @@ -3,7 +3,7 @@ >>>>>> image stored in a firmware device with platform and firmware = device specific >>>>>> information provided through PCDs and libraries. >>>>>> >>>>>> - Copyright (c) 2016, Microsoft Corporation. All rights reserved.<= BR> >>>>>> + Copyright (c) Microsoft Corporation.
>>>>>> Copyright (c) 2018 - 2019, Intel Corporation. All rights rese= rved.
>>>>>> >>>>>> SPDX-License-Identifier: BSD-2-Clause-Patent >>>>>> @@ -132,7 +132,7 @@ DetectTestKey ( >>>>>> @retval EFI_SUCCESS The device was successfull= y updated with the new image. >>>>>> @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was t= oo small. The current buffer size >>>>>> needed to hold the image(s= ) information is returned in ImageInfoSize. >>>>>> - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>>> @retval EFI_DEVICE_ERROR Valid information could no= t be returned. Possible corrupted image. >>>>>> >>>>>> **/ >>>>>> @@ -166,7 +166,7 @@ GetTheImageInfo ( >>>>>> @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageS= ize is too small to hold the >>>>>> image. The current buffer size= needed to hold the image is returned >>>>>> in ImageSize. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL or Ima= geIndex is invalid. >>>>>> @retval EFI_NOT_FOUND The current image is not copie= d to the buffer. >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> @@ -198,7 +198,7 @@ GetTheImage ( >>>>>> >>>>>> @retval EFI_SUCCESS The image was successfully che= cked. >>>>>> @retval EFI_ABORTED The operation is aborted. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>> >>>>> This function also uses ImageIndex. Similar to updates above, I thi= nk this >>>>> @retval line should be: >>>>> >>>>> @retval EFI_INVALID_PARAMETER A required pointer is NULL or Im= ageIndex is invalid. >>>>> >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> >>>>>> @@ -254,7 +254,7 @@ CheckTheImage ( >>>>>> >>>>>> @retval EFI_SUCCESS The device was successfully up= dated with the new image. >>>>>> @retval EFI_ABORTED The operation is aborted. >>>>>> - @retval EFI_INVALID_PARAMETER The Image was NULL. >>>>>> + @retval EFI_INVALID_PARAMETER A required pointer is NULL. >>>>> >>>>> This function also uses ImageIndex. Similar to updates above, I thi= nk this >>>>> @retval line should be: >>>>> >>>>> @retval EFI_INVALID_PARAMETER A required pointer is NULL or Im= ageIndex is invalid. >>>>> >>>>>> @retval EFI_UNSUPPORTED The operation is not supported= . >>>>>> @retval EFI_SECURITY_VIOLATION The operation could not be per= formed due to an authentication failure. >>>>>> >>>>>> -- >>>>>> 2.27.0.windows.1 >>>>> >>> >>>=20 >>>