diff options
author | Hao Wu <hao.a.wu@intel.com> | 2016-10-11 10:33:17 +0800 |
---|---|---|
committer | Hao Wu <hao.a.wu@intel.com> | 2016-11-08 16:36:35 +0800 |
commit | 9b78c54a09280ca852130b3ef76272a5d31d5035 (patch) | |
tree | 8c6a70d94c02a4c949203e01aef23447e3994b26 /BaseTools/Source/C/VfrCompile | |
parent | d1f6eb27fe49345fa7fe13b01471c85f7feb0a65 (diff) | |
download | edk2-platforms-9b78c54a09280ca852130b3ef76272a5d31d5035.tar.xz |
BaseTools/VfrCompile: Avoid possible NULL pointer dereference
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'BaseTools/Source/C/VfrCompile')
-rw-r--r-- | BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp | 16 | ||||
-rw-r--r-- | BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 2 |
2 files changed, 16 insertions, 2 deletions
diff --git a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp index 0b7b8b1776..aa27ce0be7 100644 --- a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp +++ b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
#include "stdio.h"
+#include "assert.h"
#include "VfrFormPkg.h"
/*
@@ -669,6 +670,8 @@ CFormPkg::AdjustDynamicInsertOpcode ( InserPositionNode = GetBinBufferNodeForAddr(InserPositionAddr);
InsertOpcodeNode = GetBinBufferNodeForAddr(InsertOpcodeAddr);
+ assert (InserPositionNode != NULL);
+ assert (InsertOpcodeNode != NULL);
if (InserPositionNode == InsertOpcodeNode) {
//
@@ -741,6 +744,8 @@ CFormPkg::AdjustDynamicInsertOpcode ( // Insert the last restore data node.
//
TmpNode = GetNodeBefore (InsertOpcodeNode);
+ assert (TmpNode != NULL);
+
if (TmpNode == InserPositionNode) {
NewRestoreNodeBegin->mNext = NewRestoreNodeEnd;
} else {
@@ -790,6 +795,8 @@ CFormPkg::AdjustDynamicInsertOpcode ( mBufferNodeQueueTail = NewLastEndNode;
} else if (mBufferNodeQueueTail->mBufferFree - mBufferNodeQueueTail->mBufferStart == 2) {
TmpNode = GetNodeBefore(mBufferNodeQueueTail);
+ assert (TmpNode != NULL);
+
TmpNode->mNext = NewRestoreNodeBegin;
if (NewRestoreNodeEnd != NULL) {
NewRestoreNodeEnd->mNext = mBufferNodeQueueTail;
@@ -1314,7 +1321,7 @@ CIfrRecordInfoDB::IfrAdjustDynamicOpcodeInRecords ( //
// Check the nodes whether exist.
//
- if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL) {
+ if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL || pNodeBeforeAdjust == NULL) {
return FALSE;
}
@@ -1854,6 +1861,10 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion ( pSNode = pSNode->mNext;
OpcodeCount++;
}
+
+ assert (pSNode);
+ assert (pENode);
+
//
// Record the offset of node which need to be adjust, will move the new created default opcode to this offset.
//
@@ -1875,6 +1886,7 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion ( while (pSNode != NULL && pSNode->mNext != NULL && OpcodeNumber-- != 0) {
pOpHead = (EFI_IFR_OP_HEADER *) pSNode->mIfrBinBuf;
Obj = new CIfrObj (pOpHead->OpCode, NULL, pSNode->mBinBufLen, FALSE);
+ assert (Obj != NULL);
Obj->SetLineNo (pSNode->mLineNo);
ObjBinBuf = Obj->GetObjBinAddr();
memcpy (ObjBinBuf, pSNode->mIfrBinBuf, (UINTN)pSNode->mBinBufLen);
@@ -2378,6 +2390,8 @@ CIfrObj::CIfrObj ( mObjBinBuf = ((DelayEmit == FALSE) && (gCreateOp == TRUE)) ? gCFormPkg.IfrBinBufferGet (mObjBinLen) : new CHAR8[EFI_IFR_MAX_LENGTH];
mRecordIdx = (gCreateOp == TRUE) ? gCIfrRecordInfoDB.IfrRecordRegister (0xFFFFFFFF, mObjBinBuf, mObjBinLen, mPkgOffset) : EFI_IFR_RECORDINFO_IDX_INVALUD;
+ assert (mObjBinBuf != NULL);
+
if (IfrObj != NULL) {
*IfrObj = mObjBinBuf;
}
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp index b3d1ac54ff..d2cb5cc9de 100644 --- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp +++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp @@ -665,7 +665,7 @@ CVfrVarDataTypeDB::GetTypeField ( {
SVfrDataField *pField = NULL;
- if ((FName == NULL) && (Type == NULL)) {
+ if ((FName == NULL) || (Type == NULL)) {
return VFR_RETURN_FATAL_ERROR;
}
|