From: rsun3 Date: Fri, 26 Feb 2010 08:53:27 +0000 (+0000) Subject: Add more code robustness check for modules under MdeModulePkg. X-Git-Tag: edk2-stable201903~16228 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=d2fbaaab17945b59ca66bcd2f72e26ba3361e1d0 Add more code robustness check for modules under MdeModulePkg. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10108 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c index 3a4d03bd55..212eed9e92 100644 --- a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c @@ -1016,7 +1016,7 @@ CoreFwVolEventProtocolNotify ( FvIsBeingProcesssed (FvHandle); Status = CoreHandleProtocol (FvHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **)&Fv); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || Fv == NULL) { // // FvHandle must have Firmware Volume2 protocol thus we should never get here. // diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c index f2451b03bf..fc8d57c071 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c @@ -3,7 +3,7 @@ Layers on top of Firmware Block protocol to produce a file abstraction of FV based files. -Copyright (c) 2006 - 2008, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -565,6 +565,7 @@ NotifyFwVolBlock ( if (EFI_ERROR (Status)) { return; } + ASSERT (FwVolHeader != NULL); if (!VerifyFvHeaderChecksum (FwVolHeader)) { CoreFreePool (FwVolHeader); diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c index 6ac093162e..32a56e7660 100644 --- a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c +++ b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c @@ -3,7 +3,7 @@ The GCD services are used to manage the memory and I/O regions that are accessible to the CPU that is executing the DXE core. -Copyright (c) 2006 - 2008, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -599,6 +599,7 @@ CoreConvertSpace ( goto Done; } + ASSERT (StartLink != NULL && EndLink != NULL); // // Verify that the list of descriptors are unallocated non-existent memory. @@ -684,6 +685,7 @@ CoreConvertSpace ( Status = EFI_OUT_OF_RESOURCES; goto Done; } + ASSERT (TopEntry != NULL && BottomEntry != NULL); if (Operation == GCD_SET_ATTRIBUTES_MEMORY_OPERATION) { // @@ -692,7 +694,7 @@ CoreConvertSpace ( CpuArchAttributes = ConverToCpuArchAttributes (Attributes); if ( CpuArchAttributes != INVALID_CPU_ARCH_ATTRIBUTES ) { Status = CoreLocateProtocol (&gEfiCpuArchProtocolGuid, NULL, (VOID **)&CpuArch); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || CpuArch == NULL) { Status = EFI_ACCESS_DENIED; goto Done; } @@ -926,6 +928,7 @@ CoreAllocateSpace ( Status = EFI_NOT_FOUND; goto Done; } + ASSERT (StartLink != NULL && EndLink != NULL); // // Verify that the list of descriptors are unallocated memory matching GcdMemoryType. @@ -1009,6 +1012,7 @@ CoreAllocateSpace ( Status = EFI_NOT_FOUND; goto Done; } + ASSERT (StartLink != NULL && EndLink != NULL); Link = StartLink; // @@ -1044,6 +1048,7 @@ CoreAllocateSpace ( Status = EFI_OUT_OF_RESOURCES; goto Done; } + ASSERT (TopEntry != NULL && BottomEntry != NULL); // // Convert/Insert the list of descriptors from StartLink to EndLink @@ -1330,6 +1335,7 @@ CoreGetMemorySpaceDescriptor ( if (EFI_ERROR (Status)) { Status = EFI_NOT_FOUND; } else { + ASSERT (StartLink != NULL && EndLink != NULL); // // Copy the contents of the found descriptor into Descriptor // @@ -1609,6 +1615,7 @@ CoreGetIoSpaceDescriptor ( if (EFI_ERROR (Status)) { Status = EFI_NOT_FOUND; } else { + ASSERT (StartLink != NULL && EndLink != NULL); // // Copy the contents of the found descriptor into Descriptor // diff --git a/MdeModulePkg/Core/Dxe/Hand/DriverSupport.c b/MdeModulePkg/Core/Dxe/Hand/DriverSupport.c index 71676d0ef7..56050a1f9f 100644 --- a/MdeModulePkg/Core/Dxe/Hand/DriverSupport.c +++ b/MdeModulePkg/Core/Dxe/Hand/DriverSupport.c @@ -1,7 +1,7 @@ /** @file Support functions to connect/disconnect UEFI Driver model Protocol -Copyright (c) 2006 - 2008, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -766,7 +766,7 @@ CoreDisconnectController ( &gEfiDriverBindingProtocolGuid, (VOID **)&DriverBinding ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || DriverBinding == NULL) { Status = EFI_INVALID_PARAMETER; goto Done; } diff --git a/MdeModulePkg/Core/Dxe/Hand/Locate.c b/MdeModulePkg/Core/Dxe/Hand/Locate.c index 5a30c5264f..1a3fdbd912 100644 --- a/MdeModulePkg/Core/Dxe/Hand/Locate.c +++ b/MdeModulePkg/Core/Dxe/Hand/Locate.c @@ -1,7 +1,7 @@ /** @file Locate handle functions -Copyright (c) 2006 - 2009, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -200,6 +200,7 @@ CoreLocateHandle ( return Status; } + ASSERT (GetNext != NULL); // // Enumerate out the matching handles // @@ -246,6 +247,7 @@ CoreLocateHandle ( // If this is a search by register notify and a handle was // returned, update the register notification position // + ASSERT (SearchKey != NULL); ProtNotify = SearchKey; ProtNotify->Position = ProtNotify->Position->ForwardLink; } diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c index ae4daebd9e..04f8368a1c 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1,7 +1,7 @@ /** @file Core image handling services to load and unload PeImage. -Copyright (c) 2006 - 2009, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -603,7 +603,7 @@ CoreLoadPeImage ( // Locate the EBC interpreter protocol // Status = CoreLocateProtocol (&gEfiEbcProtocolGuid, NULL, (VOID **)&Image->Ebc); - if (EFI_ERROR(Status)) { + if (EFI_ERROR(Status) || Image->Ebc == NULL) { DEBUG ((DEBUG_LOAD | DEBUG_ERROR, "CoreLoadPeImage: There is no EBC interpreter for an EBC image.\n")); goto Done; } @@ -1095,12 +1095,13 @@ CoreLoadImageCommon ( // Pull out just the file portion of the DevicePath for the LoadedImage FilePath // FilePath = OriginalFilePath; - Status = CoreHandleProtocol (DeviceHandle, &gEfiDevicePathProtocolGuid, (VOID **)&HandleFilePath); - if (!EFI_ERROR (Status)) { - FilePathSize = GetDevicePathSize (HandleFilePath) - sizeof(EFI_DEVICE_PATH_PROTOCOL); - FilePath = (EFI_DEVICE_PATH_PROTOCOL *) (((UINT8 *)FilePath) + FilePathSize ); + if (DeviceHandle != NULL) { + Status = CoreHandleProtocol (DeviceHandle, &gEfiDevicePathProtocolGuid, (VOID **)&HandleFilePath); + if (!EFI_ERROR (Status)) { + FilePathSize = GetDevicePathSize (HandleFilePath) - sizeof(EFI_DEVICE_PATH_PROTOCOL); + FilePath = (EFI_DEVICE_PATH_PROTOCOL *) (((UINT8 *)FilePath) + FilePathSize ); + } } - // // Initialize the fields for an internal driver // diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c index 2dcad4e3d5..d9fa20daa8 100644 --- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c +++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c @@ -27,7 +27,7 @@ 3) A support protocol is not found, and the data is not available to be read without it. This results in EFI_PROTOCOL_ERROR. -Copyright (c) 2006 - 2008, Intel Corporation.
+Copyright (c) 2006 - 2010, Intel Corporation.
All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -635,7 +635,7 @@ CreateChildNode ( GuidedHeader = (EFI_GUID_DEFINED_SECTION *) SectionHeader; Node->EncapsulationGuid = &GuidedHeader->SectionDefinitionGuid; Status = CoreLocateProtocol (Node->EncapsulationGuid, NULL, (VOID **)&GuidedExtraction); - if (!EFI_ERROR (Status)) { + if (!EFI_ERROR (Status) && GuidedExtraction != NULL) { // // NewStreamBuffer is always allocated by ExtractSection... No caller // allocation here. @@ -877,6 +877,7 @@ FindChildNode ( if (EFI_ERROR (Status)) { return Status; } + ASSERT (CurrentChildNode != NULL); } else { ASSERT (EFI_ERROR (ErrorStatus)); return ErrorStatus; diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c index 15a12d70fe..e4e6666e28 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c @@ -40,7 +40,7 @@ If one of them is not satisfied, FtwWrite may fail. Usually, Spare area only takes one block. That's SpareAreaLength = BlockSize, NumberOfSpareBlock = 1. -Copyright (c) 2006 - 2009, Intel Corporation +Copyright (c) 2006 - 2010, Intel Corporation All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -837,6 +837,7 @@ FtwGetLastWrite ( *Complete = TRUE; return EFI_NOT_FOUND; } + ASSERT (Record != NULL); } //