From: Gao, Zhichao <zhichao.gao@intel.com>
Date: Tue, 25 Jun 2019 03:22:49 +0000 (+0800)
Subject: MdeModulePkg/CapsulePei: Add memory pointer check
X-Git-Tag: edk2-stable201908~348
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=846b1652d99a60d91805648d7e395f084e097465

MdeModulePkg/CapsulePei: Add memory pointer check

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1935

Before use the memory that is allocated through AllocateZeroPool,
we should check the memory pointer is valid to avoid using the
NULL pointer.
Add check for VariableArrayAddress that is returned from
GetScatterGatherHeadEntries. If it is NULL, directly return
the error status.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
---

diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
index 8d4ae69bb2..51afab7b05 100644
--- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
+++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c
@@ -965,6 +965,10 @@ GetScatterGatherHeadEntries (
     //
     if ((ValidIndex + 1) >= TempListLength) {
       EnlargedTempList = AllocateZeroPool (TempListLength * 2);
+      if (EnlargedTempList == NULL) {
+        DEBUG ((DEBUG_ERROR, "Fail to allocate memory!\n"));
+        return EFI_OUT_OF_RESOURCES;
+      }
       CopyMem (EnlargedTempList, TempList, TempListLength);
       FreePool (TempList);
       TempList = EnlargedTempList;
@@ -1056,7 +1060,7 @@ CapsuleCoalesce (
   // Get SG list entries
   //
   Status = GetScatterGatherHeadEntries (&ListLength, &VariableArrayAddress);
-  if (EFI_ERROR (Status)) {
+  if (EFI_ERROR (Status) || VariableArrayAddress == NULL) {
     DEBUG ((DEBUG_ERROR, "%a failed to get Scatter Gather List Head Entries.  Status = %r\n", __FUNCTION__, Status));
     goto Done;
   }