From: "Ni, Ray" <ray.ni@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"xiewenyi2@huawei.com" <xiewenyi2@huawei.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>,
"Dong, Eric" <eric.dong@intel.com>
Cc: "songdongkuang@huawei.com" <songdongkuang@huawei.com>
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1] MdeModulePkg/PiSmmCore:Avoid overflow risk
Date: Tue, 16 Aug 2022 01:49:15 +0000 [thread overview]
Message-ID: <MWHPR11MB1631F5AED6C610E52E67C3048C6B9@MWHPR11MB1631.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220815114529.665138-2-xiewenyi2@huawei.com>
> --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
> +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
> @@ -621,6 +621,9 @@ InternalIsBufferOverlapped (
> IN UINTN Size2
> )
> {
> + if (((UINTN)Buff1 > MAX_UINTN - Size1) || ((UINTN)Buff2 > MAX_UINTN -
> Size2)) {
> + return TRUE;
> + }
1. The change looks good because it avoids integer overflow in below code that adds Size1 to Buff1 and
adds Size2 to Buff2.
Can you please add comments to explain the logic?
>
> + if (CommunicateHeader->MessageLength > MAX_UINTN - OFFSET_OF
> (EFI_SMM_COMMUNICATE_HEADER, Data)) {
> + return EFI_INVALID_PARAMETER;
> + }
2. Above check avoids integer overflow in below code that adds CommunicateHeader->MessageLength
to OFFSET_OF(EFI_SMM_COMMUNICATE_HEADER, Data).
Can it be moved to inside the below if-clause?
> +
> if (CommSize == NULL) {
> TempCommSize = OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)
> + CommunicateHeader->MessageLength;
> } else {
3. I further reviewed the else-clause logic. When CommSize is not NULL, is that needed to make sure
that *CommSize >= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + CommunicateHeader->MessageLength?
Or is the check already in the code somewhere?
If we think the check is needed, I agree with the change #2 to have a common logic to check integer overflow.
next prev parent reply other threads:[~2022-08-16 1:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 11:45 [PATCH EDK2 v2 0/1] MdeModulePkg/PiSmmCore:Avoid overflow risk wenyi,xie
2022-08-15 11:45 ` [PATCH EDK2 v2 1/1] " wenyi,xie
2022-08-16 1:49 ` Ni, Ray [this message]
2022-08-17 7:37 ` [edk2-devel] " wenyi,xie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MWHPR11MB1631F5AED6C610E52E67C3048C6B9@MWHPR11MB1631.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox