From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E35AF21E8796F for ; Tue, 12 Sep 2017 04:25:05 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 380605D698; Tue, 12 Sep 2017 11:28:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 380605D698 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-50.rdu2.redhat.com [10.10.120.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0EB516C949; Tue, 12 Sep 2017 11:28:00 +0000 (UTC) To: Paulo Alcantara , edk2-devel@lists.01.org Cc: Ruiyu Ni , Eric Dong , Star Zeng References: <547dab7a7ae9ccf165e24c82134c911dc626d161.1505179788.git.pcacjr@zytor.com> From: Laszlo Ersek Message-ID: Date: Tue, 12 Sep 2017 13:27:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <547dab7a7ae9ccf165e24c82134c911dc626d161.1505179788.git.pcacjr@zytor.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 12 Sep 2017 11:28:02 +0000 (UTC) Subject: Re: [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 11:25:06 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/12/17 03:30, Paulo Alcantara wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704 > > For root directory, the FID (File Identifier Descriptor) pointer is > accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root > directory and regular files, their FIDs are accessible through > PRIVATE_UDF_FILE_DATA.File. > > In UdfSetPosition(), the FID was retrieved through > PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory, > PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and > then dereferenced. > > This patch fixes the NULL pointer dereference by calling _FILE() to > transparently return the correct UDF_FILE_INFO * which points to a valid > FID descriptor of a specific file. > > Cc: Star Zeng > Cc: Eric Dong > Cc: Ruiyu Ni > Cc: Laszlo Ersek > Cc: Steven Shi > Contributed-under: TianoCore Contribution Agreement 1.1 > Reported-by: Steven Shi > Signed-off-by: Paulo Alcantara > --- > MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c > index 8b9339567f..a1eb2196df 100644 > --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c > +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c > @@ -690,7 +690,8 @@ UdfSetPosition ( > > PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This); > > - FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc; > + FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc; > + ASSERT (FileIdentifierDesc != NULL); > if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { > // > // If the file handle is a directory, the _only_ position that may be set is > Reviewed-by: Laszlo Ersek Thanks! Laszlo