summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVin Xue <vinxue@outlook.com>2020-07-14 10:09:35 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2020-07-16 08:41:33 +0000
commit21a23e6966c2eb597a8db98d6837a4c01b3cad4a (patch)
tree4475e2395289f9c77216aa47b90caf9f35a60156
parent1da651cdb77f42787e55da5a8f85e61d5258824f (diff)
downloadedk2-21a23e6966c2eb597a8db98d6837a4c01b3cad4a.tar.gz
edk2-21a23e6966c2eb597a8db98d6837a4c01b3cad4a.tar.bz2
edk2-21a23e6966c2eb597a8db98d6837a4c01b3cad4a.zip
SignedCapsulePkg: Address NULL pointer dereference case.
Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf should not be NULL and the NULL pointer dereference case should be false positive. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Vin Xue <vinxue@outlook.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-rw-r--r--SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c39
1 files changed, 21 insertions, 18 deletions
diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
index bdb70bdb32..ea795cd7db 100644
--- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
+++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
@@ -681,32 +681,35 @@ FindMatchingFmpHandles (
//
// Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
//
- FmpImageInfoBuf = OriginalFmpImageInfoBuf;
MatchFound = FALSE;
- for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
- for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
- MatchFound = CompareGuid (
- &FmpImageInfoBuf->ImageTypeId,
- &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
- );
+ if (OriginalFmpImageInfoBuf != NULL) {
+ FmpImageInfoBuf = OriginalFmpImageInfoBuf;
+
+ for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
+ for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
+ MatchFound = CompareGuid (
+ &FmpImageInfoBuf->ImageTypeId,
+ &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
+ );
+ if (MatchFound) {
+ break;
+ }
+ }
if (MatchFound) {
break;
}
+ //
+ // Increment the buffer pointer ahead by the size of the descriptor
+ //
+ FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);
}
if (MatchFound) {
- break;
+ HandleBuffer[*HandleCount] = HandleBuffer[Index];
+ (*HandleCount)++;
}
- //
- // Increment the buffer pointer ahead by the size of the descriptor
- //
- FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);
- }
- if (MatchFound) {
- HandleBuffer[*HandleCount] = HandleBuffer[Index];
- (*HandleCount)++;
- }
- FreePool (OriginalFmpImageInfoBuf);
+ FreePool (OriginalFmpImageInfoBuf);
+ }
}
if ((*HandleCount) == 0) {