From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from APC01-HK2-obe.outbound.protection.outlook.com (APC01-HK2-obe.outbound.protection.outlook.com [40.92.255.48]) by mx.groups.io with SMTP id smtpd.web12.11606.1594607876184655115 for ; Sun, 12 Jul 2020 19:37:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=W0/DMcuk; spf=pass (domain: outlook.com, ip: 40.92.255.48, mailfrom: vinxue@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ayoisp2UMUk5+TIUQEBF7bqrfL6ZsvZmmUyf9Nr1B+ze59FMqdi2W9wJePaTGu87khSrD8C+7rjiKqYTs9lxuTwPhJt7KZHXG/9RK601COXFTXXulkOPCv79gSmG2ruGInwA5Op1Q9OSmo8p1uqBqniQOUaSQOijVkDZGfGDJ5cfBCbKG3SdC8QudAKLhOfcMRI/3gCLwPB1y3gfGWctY1dlSGytrUt4jOP5RJy1fWf/KvnyuSZo+GGEGi2kAlSkbAVD3moL1qNvVs0K1OV0ybR+C/Jz2vLHbybzxcow3mDd1x0yOPSZgIaUljJv3IEg1jtMATxM9ibtbaE/2jMpFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oG2g/p5IhtpAmYrQA0E+vNs8V0pAGWJRPBYU/AV3BmA=; b=K299n3bjpRabVbD054zgd1QJcXY4/F9+VoGlNZs/JvxBby6q2yFkSkdoV8yr5i2Gw9Xoo54Oe5fqI1VC7f2+wnKaqhnynjP7cUpqkWPmLdBUlTS4oIWYl08p/ETrdc90v2tNPgStHu0Tvojy0P25POEfU7GFSQv9b/dFSqtThWWSdqP5lI6N2JdiKbMTT/KIcKlJ8rKg69aOZI0JIOXjMg0izNPMP8MWOpxe52Wtb+FlefCz+QGc6o8NVGtHgBFaGEvAIflPoeC4wfWfZCF8w3ELroPrCRRufFDGP9sd7qOVP9TSaG81jq8yFbntW4ynDi+2O0sDKf/JLl1/euDMpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oG2g/p5IhtpAmYrQA0E+vNs8V0pAGWJRPBYU/AV3BmA=; b=W0/DMcukhJVvhk0lgQ4vpipUL0/LnHxIJQDapDroQRyspr9xNtH9Hri0NIq/LckwYqJYOoUU7eW062/hfv3jVZyRU3YrKOKzztbigmalGG+XsjY5zo2GXx1yNuLEMmOH22dtxq1RYslC3Pqd+i8xZT+qZ57q+Hixmb2qwnxDK2ZxiygijYwGZU3AhIQgG/bMzZQ3Q3v3CqwVmxKyxTJb2SNte94Q9EdWpoycjXQ++rk046z65jEmOXqt1w4QHu5zyC5cZ9i0Uc5tFJOioIeAKUHTui2ITvZGLGg1vrBhJuJg64IYXyvE4aTYgnKHV0uF0ugDTHAxsXBAQSgD6dInzQ== Received: from SG2APC01FT022.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebd::42) by SG2APC01HT138.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebd::436) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21; Mon, 13 Jul 2020 02:37:53 +0000 Received: from SL2PR03MB4442.apcprd03.prod.outlook.com (2a01:111:e400:7ebd::4c) by SG2APC01FT022.mail.protection.outlook.com (2a01:111:e400:7ebd::205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Mon, 13 Jul 2020 02:37:53 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:96CBC9EA6D30FF90E431953D4776259928633EA4715E03316FDFDD5C507B8D51;UpperCasedChecksum:5FBB41B96C6090ACE23484AECEED20219C79D7EF544E7F78CDE5BA83F62EE75F;SizeAsReceived:7349;Count:46 Received: from SL2PR03MB4442.apcprd03.prod.outlook.com ([fe80::6887:4d23:2904:f332]) by SL2PR03MB4442.apcprd03.prod.outlook.com ([fe80::6887:4d23:2904:f332%7]) with mapi id 15.20.3195.012; Mon, 13 Jul 2020 02:37:53 +0000 From: Vin Xue To: devel@edk2.groups.io Subject: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case. Date: Mon, 13 Jul 2020 10:37:43 +0800 Message-ID: X-Mailer: git-send-email 2.27.0.windows.1 X-ClientProxiedBy: HK2PR03CA0046.apcprd03.prod.outlook.com (2603:1096:202:17::16) To SL2PR03MB4442.apcprd03.prod.outlook.com (2603:1096:100:5b::18) Return-Path: vinxue@outlook.com X-Microsoft-Original-Message-ID: <20200713023743.955-1-vinxue@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from SHA-D10WENXIXUE.amd.com (58.247.170.242) by HK2PR03CA0046.apcprd03.prod.outlook.com (2603:1096:202:17::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.9 via Frontend Transport; Mon, 13 Jul 2020 02:37:53 +0000 X-Mailer: git-send-email 2.27.0.windows.1 X-Microsoft-Original-Message-ID: <20200713023743.955-1-vinxue@outlook.com> X-TMN: [gl/VyhvC4Bqxxd8OYw6IdrQnQ8ni4N8b] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 46 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 96796773-ed31-4937-d98d-08d826d5be51 X-MS-TrafficTypeDiagnostic: SG2APC01HT138: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Oos1KijxEoV+3/KAKAq4PlCbupyoM+OzaljiYj3vgCFP8xH2ad33v70xotf+tmtdmJH4UUWWf4s5mJTbCfjppazzLby41TXIrvyvahF5r7BxiAXQ+H9wsujgW7BCbk3QirXQEcQj4wNiNAFJdcoEG6Zeiy9DmOr1LO9xvD5EPVijoid4PECa3amzjty8odFrrqT7qynRB4FSiQw5ImzXxg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:SL2PR03MB4442.apcprd03.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: gLJ5DQ8L84cVPYdQSicFzdCCdUHvQ5LsYW7olpY+lQsAfFNDqeQznHIzi2PP++9t0690YJhUl+he8YtZVn5lINFj9hUJm5CaXSFt43bLI0vLSdWh5FJx737UzE9Mf9U7dicg2KxvhsogtDN6brcREw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 96796773-ed31-4937-d98d-08d826d5be51 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2020 02:37:53.7488 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT022.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2APC01HT138 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf should not be NULL and the NULL pointer dereference case should be false positive. Signed-off-by: Vin Xue --- .../SystemFirmwareUpdateDxe.c | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmware= UpdateDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwar= eUpdateDxe.c index bdb70bdb32..ea795cd7db 100644 --- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD= xe.c +++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD= xe.c @@ -681,32 +681,35 @@ FindMatchingFmpHandles ( //=0D // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.=0D //=0D - FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;=0D MatchFound =3D FALSE;=0D - for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {=0D - for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; Inde= x3++) {=0D - MatchFound =3D CompareGuid (=0D - &FmpImageInfoBuf->ImageTypeId,=0D - &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTy= peId=0D - );=0D + if (OriginalFmpImageInfoBuf !=3D NULL) {=0D + FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;=0D +=0D + for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {=0D + for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; In= dex3++) {=0D + MatchFound =3D CompareGuid (=0D + &FmpImageInfoBuf->ImageTypeId,=0D + &mSystemFmpPrivate->ImageDescriptor[Index3].ImageT= ypeId=0D + );=0D + if (MatchFound) {=0D + break;=0D + }=0D + }=0D if (MatchFound) {=0D break;=0D }=0D + //=0D + // Increment the buffer pointer ahead by the size of the descripto= r=0D + //=0D + FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)Fm= pImageInfoBuf) + DescriptorSize);=0D }=0D if (MatchFound) {=0D - break;=0D + HandleBuffer[*HandleCount] =3D HandleBuffer[Index];=0D + (*HandleCount)++;=0D }=0D - //=0D - // Increment the buffer pointer ahead by the size of the descriptor= =0D - //=0D - FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpI= mageInfoBuf) + DescriptorSize);=0D - }=0D - if (MatchFound) {=0D - HandleBuffer[*HandleCount] =3D HandleBuffer[Index];=0D - (*HandleCount)++;=0D - }=0D =0D - FreePool (OriginalFmpImageInfoBuf);=0D + FreePool (OriginalFmpImageInfoBuf);=0D + }=0D }=0D =0D if ((*HandleCount) =3D=3D 0) {=0D --=20 2.27.0.windows.1