From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.zytor.com (terminus.zytor.com [65.50.211.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0795320945BF3 for ; Thu, 14 Sep 2017 06:58:33 -0700 (PDT) Received: from [10.26.0.110] (corporativo.static.gvt.net.br [177.135.97.54] (may be forged)) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id v8EDxICJ019028 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 14 Sep 2017 06:59:19 -0700 To: Laszlo Ersek , edk2-devel@lists.01.org Cc: Ruiyu Ni , Eric Dong , Star Zeng References: <547dab7a7ae9ccf165e24c82134c911dc626d161.1505179788.git.pcacjr@zytor.com> From: Paulo Alcantara Message-ID: Date: Thu, 14 Sep 2017 10:59:12 -0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Subject: Re: [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 13:58:33 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 9/12/2017 8:27 AM, Laszlo Ersek wrote: > On 09/12/17 03:30, Paulo Alcantara wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704 >> >> For root directory, the FID (File Identifier Descriptor) pointer is >> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root >> directory and regular files, their FIDs are accessible through >> PRIVATE_UDF_FILE_DATA.File. >> >> In UdfSetPosition(), the FID was retrieved through >> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory, >> PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and >> then dereferenced. >> >> This patch fixes the NULL pointer dereference by calling _FILE() to >> transparently return the correct UDF_FILE_INFO * which points to a valid >> FID descriptor of a specific file. >> >> Cc: Star Zeng >> Cc: Eric Dong >> Cc: Ruiyu Ni >> Cc: Laszlo Ersek >> Cc: Steven Shi >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Reported-by: Steven Shi >> Signed-off-by: Paulo Alcantara >> --- >> MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> index 8b9339567f..a1eb2196df 100644 >> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> @@ -690,7 +690,8 @@ UdfSetPosition ( >> >> PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This); >> >> - FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc; >> + FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc; >> + ASSERT (FileIdentifierDesc != NULL); >> if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { >> // >> // If the file handle is a directory, the _only_ position that may be set is >> > > Reviewed-by: Laszlo Ersek Ping? :-) Thanks! Paulo