From ab7e02a4f86a8fe2afa2dcf88c404bcf210f9e62 Mon Sep 17 00:00:00 2001
From: Dandan Bi <dandan.bi@intel.com>
Date: Mon, 22 Apr 2019 09:33:59 +0800
Subject: [PATCH] MdeModulePkg/HiiDatabaseDxe: Release lock on all error return
 path

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1652

Commit ffe5f7a6b4e9
"MdeModulePkg/HiiDatabase: Fix potential integer overflow "
added some new error paths, but it missed releasing the
mHiiDatabaseLock lock on those paths.
This patch releases mHiiDatabaseLock on those paths.

Cc: Hao Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
(cherry picked from commit 927c516f9557f2f36319fe5d2508af29e3375fb8)
---
 MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
index bd623cae15..a108fc6157 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c
@@ -2,7 +2,7 @@
 Implementation for EFI_HII_IMAGE_PROTOCOL.
 
 
-Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -653,6 +653,7 @@ HiiNewImage (
   //
   NewBlockSize = (UINT32)Image->Width * Image->Height;
   if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
   NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
@@ -680,6 +681,7 @@ HiiNewImage (
     // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24.
     //
     if (NewBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length) {
+      EfiReleaseLock (&mHiiDatabaseLock);
       return EFI_OUT_OF_RESOURCES;
     }
     //
@@ -721,6 +723,7 @@ HiiNewImage (
     // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24.
     //
     if (NewBlockSize > MAX_UINT24 - (sizeof (EFI_HII_IMAGE_PACKAGE_HDR) + sizeof (EFI_HII_IIBT_END_BLOCK))) {
+      EfiReleaseLock (&mHiiDatabaseLock);
       return EFI_OUT_OF_RESOURCES;
     }
     //
@@ -1161,12 +1164,14 @@ HiiSetImage (
   //
   NewBlockSize = (UINT32)Image->Width * Image->Height;
   if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
   NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL));
   if ((NewBlockSize > OldBlockSize) &&
       (NewBlockSize - OldBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length)
       ) {
+    EfiReleaseLock (&mHiiDatabaseLock);
     return EFI_OUT_OF_RESOURCES;
   }
 
-- 
2.39.2