From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from APC01-PU1-obe.outbound.protection.outlook.com (APC01-PU1-obe.outbound.protection.outlook.com [40.92.254.20])
 by mx.groups.io with SMTP id smtpd.web11.11659.1594692619804469934
 for <devel@edk2.groups.io>;
 Mon, 13 Jul 2020 19:10:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@outlook.com header.s=selector1 header.b=ba9o9GQC;
 spf=pass (domain: outlook.com, ip: 40.92.254.20, mailfrom: vinxue@outlook.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SWHqegaP5rwfvABn1ZU6NLq/DNwhidoOeiY3xHH/vosxHfYCTWS35WKoZkD95kVmo0Yb1CgZFY6Ig46iPYKsz0jZk5eImurcJfKbnVZ3J+WhnelxoQ84rIniJX2Xv8OiVtPRpTF5F7Va01zI6zPlrEn6FHsLL4xnkLqyfzR+Mq9MIHanFnFu1wtecrQWexnAdW+YPbRcfcubfdU9UhnXWFlUYy9gC8go9G3RHQbI2Y/lfc/s/dPTs5kd9eQiglyWE6TOdApTuWUMtJfRO8YSzv8xXW7bvkmjPORT+Y6vtoZ1R+N2m05X1+0zGYzrr1AmANA+1WgKvTWjfjoa+9x2SA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6QLUoENSSGna9TUm5X66TXBppOOH05uQFQIcXTNa9Ak=;
 b=KVyJ1E97yoBib1Ry0CHHfsdUbM4YGRiwQF5XYQKt38K39wWWVKdTuQSPYrGph7gEKwiEzNSUbfDxxuAHnWDjGgZCHwjstTuxDGYT3zRK0J26IITdUOI7Yt2fOlhu8wSEgoeD03ZahWNXUK4h/Y8d3fR0KcGZafJDNBBfFp3U3bBEVKkSWZ8R/GvYJc5tBUCqoiLXiGaEcchM+zxyMVhAyQkPVyEpwXhe+t2fDhZ6uCtX8gYi+evCdjZkdcPpKeBzeDsiDEHMZQ1u39jOuJXeb+O7CBIS8i30jgQFxtUi/OXYgZ1NNt6pG10PrmhIwMZ59mdF4Vp1Y7H3YZGGDoNuvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6QLUoENSSGna9TUm5X66TXBppOOH05uQFQIcXTNa9Ak=;
 b=ba9o9GQCslMpI1P+VqOvzP8za+sx596kqDckE4HWkJe4FVzcg5l+kUKRfUuTz07ldDhzL0nYVFiMrHQ8i26ha5oKHKfEfkF8oIhD9DueYzNlfRFP9mGLpye6A0cCgIJfOz6b1EayNG7NpCtTbBfgIiPlS99cHP0G6VJK4ufvR5z4wRn1eDo08FdvPMfv4W4iU+z7Vl9jXtP+j8KENWC+dHxvqg9nzXUmRA4QCMPa8z3i8/Gbj8KYUSDxiubTeI0LjpnZW99THKubSe2NOUiw/ZlSpc35yEcHsVGaIabIEYj3KdCYtUewRIH+3i1oiGeqVHqZwqvOZHxN3ptSzwmQoQ==
Received: from HK2APC01FT106.eop-APC01.prod.protection.outlook.com
 (2a01:111:e400:7ebc::47) by
 HK2APC01HT166.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::469)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21; Tue, 14 Jul
 2020 02:10:16 +0000
Received: from SL2PR03MB4442.apcprd03.prod.outlook.com
 (2a01:111:e400:7ebc::41) by HK2APC01FT106.mail.protection.outlook.com
 (2a01:111:e400:7ebc::437) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend
 Transport; Tue, 14 Jul 2020 02:10:16 +0000
X-IncomingTopHeaderMarker: 
 OriginalChecksum:B4C275AA17F866BF99B5CDB1665C9F9A3B59A8E5404840E41C9E770B40C2D471;UpperCasedChecksum:A4FB16B51B863C99C61AAC4287F58D77B11AD5F639FB7583998B72E6FB52C47D;SizeAsReceived:7467;Count:47
Received: from SL2PR03MB4442.apcprd03.prod.outlook.com
 ([fe80::6887:4d23:2904:f332]) by SL2PR03MB4442.apcprd03.prod.outlook.com
 ([fe80::6887:4d23:2904:f332%7]) with mapi id 15.20.3195.017; Tue, 14 Jul 2020
 02:10:16 +0000
From: Vin Xue <vinxue@outlook.com>
To: devel@edk2.groups.io
Cc: Vin Xue <vinxue@outlook.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
Date: Tue, 14 Jul 2020 10:09:35 +0800
Message-ID: 
 <SL2PR03MB4442B5E811788CC301735B4EC5610@SL2PR03MB4442.apcprd03.prod.outlook.com>
X-Mailer: git-send-email 2.27.0.windows.1
X-ClientProxiedBy: HK2PR02CA0212.apcprd02.prod.outlook.com
 (2603:1096:201:20::24) To SL2PR03MB4442.apcprd03.prod.outlook.com
 (2603:1096:100:5b::18)
Return-Path: vinxue@outlook.com
X-Microsoft-Original-Message-ID: <20200714020935.1618-1-vinxue@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from SHA-D10WENXIXUE.amd.com (58.247.170.242) by HK2PR02CA0212.apcprd02.prod.outlook.com (2603:1096:201:20::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Tue, 14 Jul 2020 02:10:15 +0000
X-Mailer: git-send-email 2.27.0.windows.1
X-Microsoft-Original-Message-ID: <20200714020935.1618-1-vinxue@outlook.com>
X-TMN: [HhEVJV3QsogeZeUIq5OzXKvJ2UDhSXL8]
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 47
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: e78a7586-fa6b-416a-4d39-08d8279b0cd4
X-MS-Exchange-SLBlob-MailProps: 
	KBSGuA5p8vBIVc4oW2LG/5/HYSjqScReq+K9xPGu7QpXuC+HJSTGQZPDkUdiElym5GAk1Iusufwql6F1KARFR6myMPlFJWqQrFPl6RUlgIhy0bAISzSpN5Z5XFbEewXuHVvCeQmF0ngMGFsMFt765PpAhLxdY5t/GYmycn7lbK1Cm9cXmatulJNdk6g82TecW0pwPxs62AxhUNmm37xo34CSmvVu/FF9Ri6eAwWMPDXps745cAtJoGliGs0qO6fW7YlfvCRHVzr2jD4AZI1kFGgf970IZQnjZXak6LdxVrxitYkWViujYhNl/eT9mJZnmU95ilWk0vzevneBlQa1azf4ztv0ODS2Z9cruQgDENE5liDn0rqGEc3puTaILWbLEQOKIBUAzAr1JK7YQ96TG7Tg/2QJrMENSmaCQtUkGTzNdoAwP+0x4j09mh/znTh354h3i+pjI0/nxvurDuzNDjLK++shSLFwHVvXAXFcrbLoPIBMWfQXI350cVrlnUCFQsGQ9ttDyIDv4o/ZfdDcsXT6wQwAqoDXf5sf4RnDI8rsptXGYtP95ZJ/lq+6QqUFofDISYWp3KZQajBh+mxoD1JdOfmVPqmByqcKXp6HxPk7G2L8fYVwPRsB+MMxYNTiH/+E/JkxYvGzx9rcjPi+t4io0rIJuu2TjWizSc0EOvFqRuwvwYlEY/Dga4M2806QdFYv0q825hi8aMHF8ylrzKsRd9EnBr9paN2FyFYgOdI2UpfH2PWDQcnYq/5Ur/CMv9h8ytyCuqfJmqX80kGTfmyVoDRymUBu2ZIlnE9Mdus=
X-MS-TrafficTypeDiagnostic: HK2APC01HT166:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	U90O2XEbtBBM0TftMLh50jw4A4BNFwd+Om9vtUW6oNYeIy+IUY0PUPMtL/up7MPZPur0WLZu5fSNTJcPX2JKSdB59FqK9pbhGzeZx5NZZRXw/Ee8/SiuC/CoQgotAyZ+3Jla5P/bfh4OufpPiYCNCM/CUWjXn52kpLzd/A11DIPR3DvbpR3NOI4atqn40H+s8EIKt3uevX1f4hDhIt/+ig==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:SL2PR03MB4442.apcprd03.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;
X-MS-Exchange-AntiSpam-MessageData: 
	s+KcZhGDvpkruKE5/VVSI4vjnLxC857K7GzXwSFz3aC3XagFYuG1d0bANxlyshaFK12J56wk1FPSGDmlM61T3jr/e6sHNt9FHJFIuP8glWtlQwiIAgdwoR1tDVysKDT1SeKsO/Xv0GveQUAdbyneGQ==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e78a7586-fa6b-416a-4d39-08d8279b0cd4
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jul 2020 02:10:16.3318
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource: 
	HK2APC01FT106.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT166
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf
pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf
should not be NULL and the NULL pointer dereference case
should be false positive.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Vin Xue <vinxue@outlook.com>
---
 .../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmware=
UpdateDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwar=
eUpdateDxe.c
index bdb70bdb32..ea795cd7db 100644
--- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD=
xe.c
+++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateD=
xe.c
@@ -681,32 +681,35 @@ FindMatchingFmpHandles (
     //=0D
     // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.=0D
     //=0D
-    FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;=0D
     MatchFound =3D FALSE;=0D
-    for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {=0D
-      for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; Inde=
x3++) {=0D
-        MatchFound =3D CompareGuid (=0D
-                       &FmpImageInfoBuf->ImageTypeId,=0D
-                       &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTy=
peId=0D
-                       );=0D
+    if (OriginalFmpImageInfoBuf !=3D NULL) {=0D
+      FmpImageInfoBuf =3D OriginalFmpImageInfoBuf;=0D
+=0D
+      for (Index2 =3D 0; Index2 < FmpImageInfoCount; Index2++) {=0D
+        for (Index3 =3D 0; Index3 < mSystemFmpPrivate->DescriptorCount; In=
dex3++) {=0D
+          MatchFound =3D CompareGuid (=0D
+                        &FmpImageInfoBuf->ImageTypeId,=0D
+                        &mSystemFmpPrivate->ImageDescriptor[Index3].ImageT=
ypeId=0D
+                        );=0D
+          if (MatchFound) {=0D
+            break;=0D
+          }=0D
+        }=0D
         if (MatchFound) {=0D
           break;=0D
         }=0D
+        //=0D
+        // Increment the buffer pointer ahead by the size of the descripto=
r=0D
+        //=0D
+        FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)Fm=
pImageInfoBuf) + DescriptorSize);=0D
       }=0D
       if (MatchFound) {=0D
-        break;=0D
+        HandleBuffer[*HandleCount] =3D HandleBuffer[Index];=0D
+        (*HandleCount)++;=0D
       }=0D
-      //=0D
-      // Increment the buffer pointer ahead by the size of the descriptor=
=0D
-      //=0D
-      FmpImageInfoBuf =3D (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpI=
mageInfoBuf) + DescriptorSize);=0D
-    }=0D
-    if (MatchFound) {=0D
-      HandleBuffer[*HandleCount] =3D HandleBuffer[Index];=0D
-      (*HandleCount)++;=0D
-    }=0D
 =0D
-    FreePool (OriginalFmpImageInfoBuf);=0D
+      FreePool (OriginalFmpImageInfoBuf);=0D
+    }=0D
   }=0D
 =0D
   if ((*HandleCount) =3D=3D 0) {=0D
--=20
2.27.0.windows.1