Hi Michael, Comment below.
Mike > -----Original Message----- > From: [email protected] <[email protected]> > Sent: Wednesday, November 9, 2022 9:33 AM > To: [email protected] > Cc: Erich McMillan <[email protected]>; Wu, Jiaxin > <[email protected]>; Maciej Rabeda > <[email protected]>; Kinney, Michael D > <[email protected]>; Michael Kubacki > <[email protected]>; Siyuan Fu <[email protected]> > Subject: [PATCH v1 07/12] NetworkPkg: Fix conditionally uninitialized > variables > > From: Michael Kubacki <[email protected]> > > Fixes CodeQL alerts for CWE-457: > https://cwe.mitre.org/data/definitions/457.html > > Cc: Erich McMillan <[email protected]> > Cc: Jiaxin Wu <[email protected]> > Cc: Maciej Rabeda <[email protected]> > Cc: Michael D Kinney <[email protected]> > Cc: Michael Kubacki <[email protected]> > Cc: Siyuan Fu <[email protected]> > Co-authored-by: Erich McMillan <[email protected]> > Signed-off-by: Michael Kubacki <[email protected]> > --- > NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +- > NetworkPkg/TcpDxe/TcpInput.c | 3 +++ > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > index 6a5d78629bb3..71c98abc820e 100644 > --- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > +++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > @@ -753,7 +753,7 @@ HttpUrlGetPort ( > > Status = AsciiStrDecimalToUintnS (Url + > Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **)NULL, &Data); > > - if (Data > HTTP_URI_PORT_MAX_NUM) { > + if (!EFI_ERROR (Status) && (Data > HTTP_URI_PORT_MAX_NUM)) { I do not think this logic change is correct. If the string can not be converted to a value, then Status will be an error. If that happens, then the value of Data is undefined. An error should be returned if Status is an error or Data is out of range. if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) { > Status = EFI_INVALID_PARAMETER; > goto ON_EXIT; > } > diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c > index fb1aa827f8ba..7b329be64dfe 100644 > --- a/NetworkPkg/TcpDxe/TcpInput.c > +++ b/NetworkPkg/TcpDxe/TcpInput.c > @@ -1570,6 +1570,9 @@ TcpIcmpInput ( > BOOLEAN IcmpErrIsHard; > BOOLEAN IcmpErrNotify; > > + IcmpErrIsHard = FALSE; > + IcmpErrNotify = FALSE; > + > if (Nbuf->TotalSize < sizeof (TCP_HEAD)) { > goto CLEAN_EXIT; > } > -- > 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96600): https://edk2.groups.io/g/devel/message/96600 Mute This Topic: https://groups.io/mt/94918098/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
