From 2ff3293d7bdf32c5e7ab8728f2caa464e33eda0d Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Tue, 20 Sep 2016 20:53:31 +0800 Subject: [PATCH] BaseTools/C/Common: Avoid possible NULL pointer dereference Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Liming Gao --- BaseTools/Source/C/Common/BasePeCoff.c | 12 ++++ BaseTools/Source/C/Common/EfiUtilityMsgs.c | 20 ++++--- .../Source/C/Common/FirmwareVolumeBuffer.c | 5 +- BaseTools/Source/C/Common/MyAlloc.c | 55 +++++++++++++++++-- .../Source/C/Common/ParseGuidedSectionTools.c | 15 ++--- BaseTools/Source/C/Common/TianoCompress.c | 9 ++- 6 files changed, 93 insertions(+), 23 deletions(-) diff --git a/BaseTools/Source/C/Common/BasePeCoff.c b/BaseTools/Source/C/Common/BasePeCoff.c index d0cc1af246..9adbdfaf09 100644 --- a/BaseTools/Source/C/Common/BasePeCoff.c +++ b/BaseTools/Source/C/Common/BasePeCoff.c @@ -650,6 +650,10 @@ Returns: ImageContext, RelocDir->VirtualAddress + RelocDir->Size - 1 ); + if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { // // Set base and end to bypass processing below. @@ -674,6 +678,10 @@ Returns: ImageContext, RelocDir->VirtualAddress + RelocDir->Size - 1 ); + if (RelocBase == NULL || RelocBaseEnd == NULL || RelocBaseEnd < RelocBase) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { // // Set base and end to bypass processing below. @@ -710,6 +718,10 @@ Returns: RelocEnd = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock); if (!(ImageContext->IsTeImage)) { FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress); + if (FixupBase == NULL) { + ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION; + return RETURN_LOAD_ERROR; + } } else { FixupBase = (CHAR8 *)(UINTN)(ImageContext->ImageAddress + RelocBase->VirtualAddress + diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c index 438f338a91..7b4c2310ca 100644 --- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c +++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c @@ -1,7 +1,7 @@ /** @file EFI tools utility functions to display warning, error, and informational messages -Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -451,14 +451,16 @@ Notes: // time (&CurrentTime); NewTime = localtime (&CurrentTime); - fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d", - NewTime->tm_year + 1900, - NewTime->tm_mon + 1, - NewTime->tm_mday, - NewTime->tm_hour, - NewTime->tm_min, - NewTime->tm_sec - ); + if (NewTime != NULL) { + fprintf (stdout, "%04d-%02d-%02d %02d:%02d:%02d", + NewTime->tm_year + 1900, + NewTime->tm_mon + 1, + NewTime->tm_mday, + NewTime->tm_hour, + NewTime->tm_min, + NewTime->tm_sec + ); + } if (Cptr != NULL) { sprintf (Line, ": %s", Cptr); if (LineNumber != 0) { diff --git a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c index 7988d8e43a..a287fe1597 100644 --- a/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c +++ b/BaseTools/Source/C/Common/FirmwareVolumeBuffer.c @@ -1,7 +1,7 @@ /** @file EFI Firmware Volume routines which work on a Fv image in buffers. -Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -353,6 +353,9 @@ Returns: if (*DestinationFv == NULL) { *DestinationFv = CommonLibBinderAllocate (size); + if (*DestinationFv == NULL) { + return EFI_OUT_OF_RESOURCES; + } } CommonLibBinderCopyMem (*DestinationFv, SourceFv, size); diff --git a/BaseTools/Source/C/Common/MyAlloc.c b/BaseTools/Source/C/Common/MyAlloc.c index eabba5790d..be7c515a60 100644 --- a/BaseTools/Source/C/Common/MyAlloc.c +++ b/BaseTools/Source/C/Common/MyAlloc.c @@ -1,7 +1,7 @@ /** @file File for memory allocation tracking functions. -Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -73,7 +73,18 @@ MyCheck ( // // Check parameters. // - if (File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyCheck(Final=%u, File=NULL, Line=%u)" + "Invalid parameter(s).\n", + Final, + (unsigned)Line + ); + + exit (1); + } + + if (Line == 0) { printf ( "\nMyCheck(Final=%u, File=%s, Line=%u)" "Invalid parameter(s).\n", @@ -190,7 +201,18 @@ MyAlloc ( // // Check for invalid parameters. // - if (Size == 0 || File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyAlloc(Size=%u, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + (unsigned)Size, + (unsigned)Line + ); + + exit (1); + } + + if (Size == 0 || Line == 0) { printf ( "\nMyAlloc(Size=%u, File=%s, Line=%u)" "\nInvalid parameter(s).\n", @@ -303,7 +325,19 @@ MyRealloc ( // // Check for invalid parameter(s). // - if (Size == 0 || File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyRealloc(Ptr=%p, Size=%u, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + Ptr, + (unsigned)Size, + (unsigned)Line + ); + + exit (1); + } + + if (Size == 0 || Line == 0) { printf ( "\nMyRealloc(Ptr=%p, Size=%u, File=%s, Line=%u)" "\nInvalid parameter(s).\n", @@ -408,7 +442,18 @@ MyFree ( // // Check for invalid parameter(s). // - if (File == NULL || Line == 0) { + if (File == NULL) { + printf ( + "\nMyFree(Ptr=%p, File=NULL, Line=%u)" + "\nInvalid parameter(s).\n", + Ptr, + (unsigned)Line + ); + + exit (1); + } + + if (Line == 0) { printf ( "\nMyFree(Ptr=%p, File=%s, Line=%u)" "\nInvalid parameter(s).\n", diff --git a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c index e3f0ccb597..fc8f488f7e 100644 --- a/BaseTools/Source/C/Common/ParseGuidedSectionTools.c +++ b/BaseTools/Source/C/Common/ParseGuidedSectionTools.c @@ -1,7 +1,7 @@ /** @file Helper functions for parsing GuidedSectionTools.txt -Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -144,13 +144,14 @@ Returns: NewGuidTool->Name = CloneString(Tool->Strings[1]); NewGuidTool->Path = CloneString(Tool->Strings[2]); NewGuidTool->Next = NULL; + + if (FirstGuidTool == NULL) { + FirstGuidTool = NewGuidTool; + } else { + LastGuidTool->Next = NewGuidTool; + } + LastGuidTool = NewGuidTool; } - if (FirstGuidTool == NULL) { - FirstGuidTool = NewGuidTool; - } else { - LastGuidTool->Next = NewGuidTool; - } - LastGuidTool = NewGuidTool; } FreeStringList (Tool); } diff --git a/BaseTools/Source/C/Common/TianoCompress.c b/BaseTools/Source/C/Common/TianoCompress.c index e5175fcffe..252b8291ed 100644 --- a/BaseTools/Source/C/Common/TianoCompress.c +++ b/BaseTools/Source/C/Common/TianoCompress.c @@ -4,7 +4,7 @@ coding. LZ77 transforms the source data into a sequence of Original Characters and Pointers to repeated strings. This sequence is further divided into Blocks and Huffman codings are applied to each Block. -Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -417,6 +417,9 @@ Returns: UINT32 Index; mText = malloc (WNDSIZ * 2 + MAXMATCH); + if (mText == NULL) { + return EFI_OUT_OF_RESOURCES; + } for (Index = 0; Index < WNDSIZ * 2 + MAXMATCH; Index++) { mText[Index] = 0; } @@ -427,6 +430,10 @@ Returns: mParent = malloc (WNDSIZ * 2 * sizeof (*mParent)); mPrev = malloc (WNDSIZ * 2 * sizeof (*mPrev)); mNext = malloc ((MAX_HASH_VAL + 1) * sizeof (*mNext)); + if (mLevel == NULL || mChildCount == NULL || mPosition == NULL || + mParent == NULL || mPrev == NULL || mNext == NULL) { + return EFI_OUT_OF_RESOURCES; + } mBufSiz = BLKSIZ; mBuf = malloc (mBufSiz); -- 2.39.2