MdeModulePkg: Fix BrotliCustomDecompressLib potential issue

- Fix BrotliCustomDecompressLib potential issue

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bell Song <binx.song@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c
index 2c2648a83d5899fa4d99aee10b5b49866a26dbfa..a30392148f94dcb1f573cdbd03189d61c62d054e 100644 (file)
--- a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c
+++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c
@@ -126,6 +126,7 @@ BrotliDecompress (
   BrotliState *  BroState;\r
   VOID *         Temp;\r
 \r
+  TotalOut = 0;\r
   AvailableOut = FILE_BUFFER_SIZE;\r
   Result = BROTLI_RESULT_ERROR;\r
   BroState = BrotliCreateState(BrAlloc, BrFree, BuffInfo);\r

diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c
index 7ba1d0512e251f806d56aff5b7c6c2791b8bf465..67f0ff2cd96fbdb86fcb6ed3dc78b32775c10ae9 100644 (file)
--- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c
+++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c
@@ -802,6 +802,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table,
   uint32_t code;\r
   uint32_t nbits;\r
   code = ReadSymbol(table, br);\r
+  if (code >= BROTLI_NUM_BLOCK_LEN_SYMBOLS) code = BROTLI_NUM_BLOCK_LEN_SYMBOLS - 1;\r
   nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */\r
   return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits);\r
 }\r
@@ -872,13 +873,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform(
   for (i = 0; i < v_len; ++i) {\r
     int index = v[i];\r
     uint8_t value = mtf[index];\r
-    upper_bound |= v[i];\r
+    upper_bound |= (uint32_t)v[i];\r
     v[i] = value;\r
     mtf[-1] = value;\r
-    do {\r
+    while (index > 0) {\r
       index--;\r
       mtf[index + 1] = mtf[index];\r
-    } while (index >= 0);\r
+    }\r
   }\r
   /* Remember amount of elements to be reinitialized. */\r
   state->mtf_upper_bound = upper_bound;\r
@@ -1498,6 +1499,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal(
       return BROTLI_FALSE;\r
     }\r
   }\r
+  if (cmd_code >= BROTLI_NUM_COMMAND_SYMBOLS) cmd_code = BROTLI_NUM_COMMAND_SYMBOLS - 1;\r
   v = kCmdLut[cmd_code];\r
   s->distance_code = v.distance_code;\r
   s->distance_context = v.context;\r
@@ -2209,7 +2211,9 @@ BrotliDecoderResult BrotliDecoderDecompressStream(
         }\r
         s->max_distance = s->max_backward_distance;\r
         if (s->state == BROTLI_STATE_COMMAND_POST_WRITE_1) {\r
-          memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos);\r
+          if (s->ringbuffer != 0) {\r
+            memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos);\r
+          }\r
           if (s->meta_block_remaining_len == 0) {\r
             /* Next metablock, if any */\r
             s->state = BROTLI_STATE_METABLOCK_DONE;\r