diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2016-09-20 20:53:31 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2016-11-08 16:36:09 +0800 |
| commit | 2ff3293d7bdf32c5e7ab8728f2caa464e33eda0d (patch) | |
| tree | af515603c66df7da4defb714dd069b8937644cbb | |
| parent | e7700cedd924be16d226e7175998856291e0f9e0 (diff) | |
| download | edk2-platforms-2ff3293d7bdf32c5e7ab8728f2caa464e33eda0d.tar.xz | |
BaseTools/C/Common: Avoid possible NULL pointer dereference
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
| -rw-r--r-- | BaseTools/Source/C/Common/BasePeCoff.c | 12 | ||||
| -rw-r--r-- | BaseTools/Source/C/Common/EfiUtilityMsgs.c | 20 | ||||
| -rw-r--r-- | BaseTools/Source/C/Common/FirmwareVolumeBuffer.c | 5 | ||||
| -rw-r--r-- | BaseTools/Source/C/Common/MyAlloc.c | 55 | ||||
| -rw-r--r-- | BaseTools/Source/C/Common/ParseGuidedSectionTools.c | 15 | ||||
| -rw-r--r-- | BaseTools/Source/C/Common/TianoCompress.c | 9 |
6 files changed, 93 insertions, 23 deletions
diff --git a/BaseTools/Source/C/Common/BasePeCoff.c b/BaseTools/Source/C/Common/BasePeCoff.c index d0cc1af246..9adbdfaf09 100644 --- a/BaseTools/Source/C/Common/BasePeCoff.c +++ b/BaseTools/Source/C/Common/BasePeCoff.c @@ -650,6 +650,10 @@ Returns: ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1
);
+ if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
//
// Set base and end to bypass processing below.
@@ -674,6 +678,10 @@ Returns: ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1
);
+ if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
//
// Set base and end to bypass processing below.
@@ -710,6 +718,10 @@ Returns: RelocEnd = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);
if (!(ImageContext->IsTeImage)) {
FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress);
+ if (FixupBase == NULL) {
+ ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
+ return RETURN_LOAD_ERROR;
+ }
} else {
FixupBase = (CHAR8 *)(UINTN)(ImageContext->ImageAddress +
RelocBase->VirtualAddress +
diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c index 438f338a91..7b4c2310ca 100644 --- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c +++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c @@ -1,7 +1,7 @@ /** @file
EFI tools utility functions to display warning, error, and informational messages
-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -451,14 +451,16 @@ Notes: //
time (&CurrentTime);
NewTime = localtime (&CurrentTime);
- fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d",
- NewTime->tm_year + 1900,
- NewTime->tm_mon + 1,
- NewTime->tm_mday,
- NewTime->tm_hour,
- NewTime->tm_min,
- NewTime->tm_sec
- );
+ if (NewTime != NULL) {
+ fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d",
+ NewTime->tm_year + 1900,
+ NewTime->tm_mon + 1,
+ NewTime->tm_mday,
+ NewTime->tm_hour,
+ NewTime->tm_min,
+ NewTime->tm_sec
+ );
+ }
if (Cptr != NULL) {
sprintf (Line, ": %s", Cptr);
if (LineNumber != 0) {
diff --git a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c index 7988d8e43a..a287fe1597 100644 --- a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c +++ b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c @@ -1,7 +1,7 @@ /** @file
EFI Firmware Volume routines which work on a Fv image in buffers.
-Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -353,6 +353,9 @@ Returns: if (*DestinationFv == NULL) {
*DestinationFv = CommonLibBinderAllocate (size);
+ if (*DestinationFv == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
}
CommonLibBinderCopyMem (*DestinationFv, SourceFv, size);
diff --git a/BaseTools/Source/C/Common/MyAlloc.c b/BaseTools/Source/C/Common/MyAlloc.c index eabba5790d..be7c515a60 100644 --- a/BaseTools/Source/C/Common/MyAlloc.c +++ b/BaseTools/Source/C/Common/MyAlloc.c @@ -1,7 +1,7 @@ /** @file
File for memory allocation tracking functions.
-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -73,7 +73,18 @@ MyCheck ( //
// Check parameters.
//
- if (File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyCheck(Final=%u, File=NULL, Line=%u)"
+ "Invalid parameter(s).\n",
+ Final,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Line == 0) {
printf (
"\nMyCheck(Final=%u, File=%s, Line=%u)"
"Invalid parameter(s).\n",
@@ -190,7 +201,18 @@ MyAlloc ( //
// Check for invalid parameters.
//
- if (Size == 0 || File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyAlloc(Size=%u, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ (unsigned)Size,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Size == 0 || Line == 0) {
printf (
"\nMyAlloc(Size=%u, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
@@ -303,7 +325,19 @@ MyRealloc ( //
// Check for invalid parameter(s).
//
- if (Size == 0 || File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyRealloc(Ptr=%p, Size=%u, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ Ptr,
+ (unsigned)Size,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Size == 0 || Line == 0) {
printf (
"\nMyRealloc(Ptr=%p, Size=%u, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
@@ -408,7 +442,18 @@ MyFree ( //
// Check for invalid parameter(s).
//
- if (File == NULL || Line == 0) {
+ if (File == NULL) {
+ printf (
+ "\nMyFree(Ptr=%p, File=NULL, Line=%u)"
+ "\nInvalid parameter(s).\n",
+ Ptr,
+ (unsigned)Line
+ );
+
+ exit (1);
+ }
+
+ if (Line == 0) {
printf (
"\nMyFree(Ptr=%p, File=%s, Line=%u)"
"\nInvalid parameter(s).\n",
diff --git a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c index e3f0ccb597..fc8f488f7e 100644 --- a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c +++ b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c @@ -1,7 +1,7 @@ /** @file
Helper functions for parsing GuidedSectionTools.txt
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -144,13 +144,14 @@ Returns: NewGuidTool->Name = CloneString(Tool->Strings[1]);
NewGuidTool->Path = CloneString(Tool->Strings[2]);
NewGuidTool->Next = NULL;
+
+ if (FirstGuidTool == NULL) {
+ FirstGuidTool = NewGuidTool;
+ } else {
+ LastGuidTool->Next = NewGuidTool;
+ }
+ LastGuidTool = NewGuidTool;
}
- if (FirstGuidTool == NULL) {
- FirstGuidTool = NewGuidTool;
- } else {
- LastGuidTool->Next = NewGuidTool;
- }
- LastGuidTool = NewGuidTool;
}
FreeStringList (Tool);
}
diff --git a/BaseTools/Source/C/Common/TianoCompress.c b/BaseTools/Source/C/Common/TianoCompress.c index e5175fcffe..252b8291ed 100644 --- a/BaseTools/Source/C/Common/TianoCompress.c +++ b/BaseTools/Source/C/Common/TianoCompress.c @@ -4,7 +4,7 @@ coding. LZ77 transforms the source data into a sequence of Original Characters and Pointers to repeated strings. This sequence is further divided into Blocks
and Huffman codings are applied to each Block.
-Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -417,6 +417,9 @@ Returns: UINT32 Index;
mText = malloc (WNDSIZ * 2 + MAXMATCH);
+ if (mText == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
for (Index = 0; Index < WNDSIZ * 2 + MAXMATCH; Index++) {
mText[Index] = 0;
}
@@ -427,6 +430,10 @@ Returns: mParent = malloc (WNDSIZ * 2 * sizeof (*mParent));
mPrev = malloc (WNDSIZ * 2 * sizeof (*mPrev));
mNext = malloc ((MAX_HASH_VAL + 1) * sizeof (*mNext));
+ if (mLevel == NULL || mChildCount == NULL || mPosition == NULL ||
+ mParent == NULL || mPrev == NULL || mNext == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
mBufSiz = BLKSIZ;
mBuf = malloc (mBufSiz);
|