BaseTools/VfrCompile: Avoid possible NULL pointer dereference

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
index 0b7b8b1776f594147c04065b36372bed6103848c..aa27ce0be72e0682bbda0e9183eaa7bfb3969079 100644 (file)
--- a/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrFormPkg.cpp
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/\r
 \r
 #include "stdio.h"\r
+#include "assert.h"\r
 #include "VfrFormPkg.h"\r
 \r
 /*\r
@@ -669,6 +670,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
 \r
   InserPositionNode  = GetBinBufferNodeForAddr(InserPositionAddr);\r
   InsertOpcodeNode = GetBinBufferNodeForAddr(InsertOpcodeAddr);\r
+  assert (InserPositionNode != NULL);\r
+  assert (InsertOpcodeNode  != NULL);\r
 \r
   if (InserPositionNode == InsertOpcodeNode) {\r
     //\r
@@ -741,6 +744,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
       // Insert the last restore data node.\r
       //\r
       TmpNode = GetNodeBefore (InsertOpcodeNode);\r
+      assert (TmpNode != NULL);\r
+\r
       if (TmpNode == InserPositionNode) {\r
         NewRestoreNodeBegin->mNext = NewRestoreNodeEnd;\r
       } else {\r
@@ -790,6 +795,8 @@ CFormPkg::AdjustDynamicInsertOpcode (
       mBufferNodeQueueTail = NewLastEndNode;\r
     } else if (mBufferNodeQueueTail->mBufferFree - mBufferNodeQueueTail->mBufferStart == 2) {\r
       TmpNode = GetNodeBefore(mBufferNodeQueueTail);\r
+      assert (TmpNode != NULL);\r
+\r
       TmpNode->mNext = NewRestoreNodeBegin;\r
       if (NewRestoreNodeEnd != NULL) {\r
         NewRestoreNodeEnd->mNext = mBufferNodeQueueTail;\r
@@ -1314,7 +1321,7 @@ CIfrRecordInfoDB::IfrAdjustDynamicOpcodeInRecords (
   //\r
   // Check the nodes whether exist.\r
   //\r
-  if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL) {\r
+  if (pNodeBeforeDynamic == NULL || pAdjustNode == NULL || pNodeBeforeAdjust == NULL) {\r
     return FALSE;\r
   }\r
 \r
@@ -1854,6 +1861,10 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
       pSNode = pSNode->mNext;\r
       OpcodeCount++;\r
     }\r
+\r
+    assert (pSNode);\r
+    assert (pENode);\r
+\r
     //\r
     // Record the offset of node which need to be adjust, will move the new created default opcode to this offset.\r
     //\r
@@ -1875,6 +1886,7 @@ CIfrRecordInfoDB::IfrCreateDefaultForQuestion (
         while (pSNode != NULL && pSNode->mNext != NULL && OpcodeNumber-- != 0) {\r
           pOpHead = (EFI_IFR_OP_HEADER *) pSNode->mIfrBinBuf;\r
           Obj = new CIfrObj (pOpHead->OpCode, NULL, pSNode->mBinBufLen, FALSE);\r
+          assert (Obj != NULL);\r
           Obj->SetLineNo (pSNode->mLineNo);\r
           ObjBinBuf = Obj->GetObjBinAddr();\r
           memcpy (ObjBinBuf, pSNode->mIfrBinBuf, (UINTN)pSNode->mBinBufLen);\r
@@ -2378,6 +2390,8 @@ CIfrObj::CIfrObj (
   mObjBinBuf   = ((DelayEmit == FALSE) && (gCreateOp == TRUE)) ? gCFormPkg.IfrBinBufferGet (mObjBinLen) : new CHAR8[EFI_IFR_MAX_LENGTH];\r
   mRecordIdx   = (gCreateOp == TRUE) ? gCIfrRecordInfoDB.IfrRecordRegister (0xFFFFFFFF, mObjBinBuf, mObjBinLen, mPkgOffset) : EFI_IFR_RECORDINFO_IDX_INVALUD;\r
 \r
+  assert (mObjBinBuf != NULL);\r
+\r
   if (IfrObj != NULL) {\r
     *IfrObj    = mObjBinBuf;\r
   }\r

diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index b3d1ac54ff3ffe2a5b077aff4fd0cd52de8bf742..d2cb5cc9ded702813f9b086cd0a398a9e813b066 100644 (file)
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -665,7 +665,7 @@ CVfrVarDataTypeDB::GetTypeField (
 {\r
   SVfrDataField  *pField = NULL;\r
 \r
-  if ((FName == NULL) && (Type == NULL)) {\r
+  if ((FName == NULL) || (Type == NULL)) {\r
     return VFR_RETURN_FATAL_ERROR;\r
   }\r
 \r