MdeModulePkg CapsuleApp: Check Buffer against NULL before freeing it

[mirror_edk2.git] / MdeModulePkg / Application / CapsuleApp / CapsuleDump.c

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
index 8f44e5e1efb4108cfea3f24ad7edf37ab3788d1d..6c1320942bf423929e5cc6c67c9f66d12e5e8639 100644 (file)
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -1,7 +1,7 @@
 /** @file\r
   Dump Capsule image information.\r
 \r
-  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
   which accompanies this distribution.  The full text of the license may be found at\r
@@ -242,6 +242,7 @@ DumpCapsule (
   EFI_CAPSULE_HEADER                            *CapsuleHeader;\r
   EFI_STATUS                                    Status;\r
 \r
+  Buffer = NULL;\r
   Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);\r
   if (EFI_ERROR(Status)) {\r
     Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);\r
@@ -269,7 +270,9 @@ DumpCapsule (
   }\r
 \r
 Done:\r
-  FreePool(Buffer);\r
+  if (Buffer != NULL) {\r
+    FreePool(Buffer);\r
+  }\r
   return Status;\r
 }\r
 \r
@@ -293,6 +296,8 @@ DmpCapsuleStatusVariable (
   UINTN                               CapsuleFileNameSize;\r
   CHAR16                              CapsuleIndexData[12];\r
   CHAR16                              *CapsuleIndex;\r
+  CHAR16                              *CapsuleFileName;\r
+  CHAR16                              *CapsuleTarget;\r
 \r
   Status = GetVariable2(\r
              L"CapsuleMax",\r
@@ -353,19 +358,17 @@ DmpCapsuleStatusVariable (
     }\r
 \r
     if (CompareGuid(&CapsuleResult->CapsuleGuid, &gEfiFmpCapsuleGuid)) {\r
-      if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)) {\r
+      if (CapsuleResult->VariableTotalSize >= sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP) + sizeof(CHAR16) * 2) {\r
         CapsuleResultFmp = (EFI_CAPSULE_RESULT_VARIABLE_FMP *)(CapsuleResult + 1);\r
         Print(L"  Capsule FMP Version: 0x%x\n", CapsuleResultFmp->Version);\r
         Print(L"  Capsule FMP PayloadIndex: 0x%x\n", CapsuleResultFmp->PayloadIndex);\r
         Print(L"  Capsule FMP UpdateImageIndex: 0x%x\n", CapsuleResultFmp->UpdateImageIndex);\r
         Print(L"  Capsule FMP UpdateImageTypeId: %g\n", &CapsuleResultFmp->UpdateImageTypeId);\r
-        if (CapsuleResult->VariableTotalSize > sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP)) {\r
-          Print(L"  Capsule FMP CapsuleFileName: %s\n", (CapsuleResultFmp + 1));\r
-          CapsuleFileNameSize = StrSize((CHAR16 *)(CapsuleResultFmp + 1));\r
-          if (CapsuleResult->VariableTotalSize > sizeof(EFI_CAPSULE_RESULT_VARIABLE_HEADER) + sizeof(EFI_CAPSULE_RESULT_VARIABLE_FMP) + CapsuleFileNameSize) {\r
-            Print(L"  Capsule FMP CapsuleTarget: %s\n", (UINT8 *)(CapsuleResultFmp + 1) + CapsuleFileNameSize);\r
-          }\r
-        }\r
+        CapsuleFileName = (CHAR16 *)(CapsuleResultFmp + 1);\r
+        Print(L"  Capsule FMP CapsuleFileName: \"%s\"\n", CapsuleFileName);\r
+        CapsuleFileNameSize = StrSize(CapsuleFileName);\r
+        CapsuleTarget = (CHAR16 *)((UINTN)CapsuleFileName + CapsuleFileNameSize);\r
+        Print(L"  Capsule FMP CapsuleTarget: \"%s\"\n", CapsuleTarget);\r
       }\r
     }\r
 \r