REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1935
Before use the memory that is allocated through AllocateZeroPool,
we should check the memory pointer is valid to avoid using the
NULL pointer.
Add check for VariableArrayAddress that is returned from
GetScatterGatherHeadEntries. If it is NULL, directly return
the error status.
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Hao A Wu <hao.a...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Star Zeng <star.z...@intel.com>
Signed-off-by: Zhichao Gao <zhichao....@intel.com>
---
MdeModulePkg/Universal/CapsulePei/UefiCapsule.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
index 8d4ae69bb2..51afab7b05 100644
--- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
+++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
@@ -965,6 +965,10 @@ GetScatterGatherHeadEntries (
//
if ((ValidIndex + 1) >= TempListLength) {
EnlargedTempList = AllocateZeroPool (TempListLength * 2);
+ if (EnlargedTempList == NULL) {
+ DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n"));
+ return EFI_OUT_OF_RESOURCES;
+ }
CopyMem (EnlargedTempList, TempList, TempListLength);
FreePool (TempList);
TempList = EnlargedTempList;
@@ -1056,7 +1060,7 @@ CapsuleCoalesce (
// Get SG list entries
//
Status = GetScatterGatherHeadEntries (&ListLength, &VariableArrayAddress);
- if (EFI_ERROR (Status)) {
+ if (EFI_ERROR (Status) || VariableArrayAddress == NULL) {
DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entries.
Status = %r\n", __FUNCTION__, Status));
goto Done;
}
--
2.21.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42776): https://edk2.groups.io/g/devel/message/42776
Mute This Topic: https://groups.io/mt/32199972/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
