[edk2-devel] [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.

Tue, 14 Jul 2020 04:22:03 -0700 

Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf
pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf
should not be NULL and the NULL pointer dereference case
should be false positive.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Signed-off-by: Vin Xue <vin...@outlook.com>
---
 .../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git 
a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c 
b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
index bdb70bdb32..ea795cd7db 100644
--- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
+++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
@@ -681,32 +681,35 @@ FindMatchingFmpHandles (
     //

     // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.

     //

-    FmpImageInfoBuf = OriginalFmpImageInfoBuf;

     MatchFound = FALSE;

-    for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {

-      for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {

-        MatchFound = CompareGuid (

-                       &FmpImageInfoBuf->ImageTypeId,

-                       &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId

-                       );

+    if (OriginalFmpImageInfoBuf != NULL) {

+      FmpImageInfoBuf = OriginalFmpImageInfoBuf;

+

+      for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {

+        for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; 
Index3++) {

+          MatchFound = CompareGuid (

+                        &FmpImageInfoBuf->ImageTypeId,

+                        &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId

+                        );

+          if (MatchFound) {

+            break;

+          }

+        }

         if (MatchFound) {

           break;

         }

+        //

+        // Increment the buffer pointer ahead by the size of the descriptor

+        //

+        FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 
*)FmpImageInfoBuf) + DescriptorSize);

       }

       if (MatchFound) {

-        break;

+        HandleBuffer[*HandleCount] = HandleBuffer[Index];

+        (*HandleCount)++;

       }

-      //

-      // Increment the buffer pointer ahead by the size of the descriptor

-      //

-      FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 
*)FmpImageInfoBuf) + DescriptorSize);

-    }

-    if (MatchFound) {

-      HandleBuffer[*HandleCount] = HandleBuffer[Index];

-      (*HandleCount)++;

-    }

 

-    FreePool (OriginalFmpImageInfoBuf);

+      FreePool (OriginalFmpImageInfoBuf);

+    }

   }

 

   if ((*HandleCount) == 0) {

-- 
2.27.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62485): https://edk2.groups.io/g/devel/message/62485
Mute This Topic: https://groups.io/mt/75474501/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to