BaseTools/GenVtf: Avoid possible NULL pointer dereference

[mirror_edk2.git] / BaseTools / Source / C / GenVtf / GenVtf.c

diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
index 6f66ddc84292cdd3273d1f98969a7195557154a9..b68d86a97eb935a16760237d0cb83e2a0378a245 100644 (file)
--- a/BaseTools/Source/C/GenVtf/GenVtf.c
+++ b/BaseTools/Source/C/GenVtf/GenVtf.c
@@ -2,7 +2,7 @@
 This file contains functions required to generate a boot strap file (BSF) also \r
 known as the Volume Top File (VTF)\r
 \r
-Copyright (c) 1999 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials are licensed and made available \r
 under the terms and conditions of the BSD License which accompanies this \r
 distribution.  The full text of the license may be found at\r
@@ -796,6 +796,7 @@ Returns:
 \r
   TmpFitPtr         = (FIT_TABLE *) RelativeAddress;\r
   NumFitComponents  = TmpFitPtr->CompSize;\r
+  *FitPtr           = NULL;\r
 \r
   for (Index = 0; Index < NumFitComponents; Index++) {\r
     if ((TmpFitPtr->CvAndType & FIT_TYPE_MASK) == COMP_TYPE_FIT_UNUSED) {\r
@@ -1124,6 +1125,7 @@ Returns:
   EFI_ABORTED      - Aborted due to one of the many reasons like:\r
                       (a) Component Size greater than the specified size.\r
                       (b) Error opening files.\r
+                      (c) Fail to get the FIT table address.\r
 \r
   EFI_INVALID_PARAMETER     Value returned from call to UpdateEntryPoint()\r
   EFI_OUT_OF_RESOURCES      Memory allocation failure.\r
@@ -1239,6 +1241,10 @@ Returns:
   }\r
 \r
   GetNextAvailableFitPtr (&CompFitPtr);\r
+  if (CompFitPtr == NULL) {\r
+    free (Buffer);\r
+    return EFI_ABORTED;\r
+  }\r
 \r
   CompFitPtr->CompAddress = CompStartAddress | IPF_CACHE_BIT;\r
   if ((FileSize % 16) != 0) {\r
@@ -2651,21 +2657,26 @@ Returns:
     }\r
     SymFileName = VTF_SYM_FILE;\r
   } else {\r
+    assert (OutFileName1);\r
     INTN OutFileNameLen = strlen(OutFileName1);\r
-    INTN Index;\r
+    INTN NewIndex;\r
 \r
-    for (Index = OutFileNameLen; Index > 0; --Index) {\r
-      if (OutFileName1[Index] == '/' || OutFileName1[Index] == '\\') {\r
+    for (NewIndex = OutFileNameLen; NewIndex > 0; --NewIndex) {\r
+      if (OutFileName1[NewIndex] == '/' || OutFileName1[NewIndex] == '\\') {\r
         break;\r
       }\r
     }\r
-    if (Index == 0) {\r
+    if (NewIndex == 0) {\r
       SymFileName = VTF_SYM_FILE;\r
     } else {\r
-      INTN SymFileNameLen = Index + 1 + strlen(VTF_SYM_FILE);\r
+      INTN SymFileNameLen = NewIndex + 1 + strlen(VTF_SYM_FILE);\r
       SymFileName = malloc(SymFileNameLen + 1);\r
-      memcpy(SymFileName, OutFileName1, Index + 1);\r
-      memcpy(SymFileName + Index + 1, VTF_SYM_FILE, strlen(VTF_SYM_FILE));\r
+      if (SymFileName == NULL) {\r
+        Error (NULL, 0, 4001, "Resource", "memory cannot be allocated!");\r
+        goto ERROR;\r
+      }\r
+      memcpy(SymFileName, OutFileName1, NewIndex + 1);\r
+      memcpy(SymFileName + NewIndex + 1, VTF_SYM_FILE, strlen(VTF_SYM_FILE));\r
       SymFileName[SymFileNameLen] = '\0';\r
     }\r
     if (DebugMode) {\r