diff options
| author | Wei6 Xu <wei6.xu@intel.com> | 2023-10-30 11:07:13 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-12-19 09:29:07 +0000 |
| commit | 0904161f6f051b9f42ffa65b1f9aa4a5b29e2119 (patch) | |
| tree | 7e4a416061de3cbb3629e445f37ae741fe6fbe68 | |
| parent | c0122840489194215a9209bb37f406f44c416953 (diff) | |
| download | edk2-0904161f6f051b9f42ffa65b1f9aa4a5b29e2119.tar.gz edk2-0904161f6f051b9f42ffa65b1f9aa4a5b29e2119.tar.bz2 edk2-0904161f6f051b9f42ffa65b1f9aa4a5b29e2119.zip | |
StandaloneMmPkg/Core: Fix potential memory leak issue
In MmCoreFfsFindMmDriver(),
- ScratchBuffer is not freed in the error return path that DstBuffer page
allocation fails. Free ScratchBuffer before return with error.
- If the decoded buffer is identical to the data in InputSection,
ExtractGuidedSectionDecode() will change the value of DstBuffer rather
than changing the contents of the buffer that DstBuffer points at, in
which case freeing DstBuffer is wrong. Introduce a local variable
AllocatedDstBuffer for buffer free, free AllocatedDstBuffer immediately
if it is not used.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
| -rw-r--r-- | StandaloneMmPkg/Core/FwVol.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/StandaloneMmPkg/Core/FwVol.c b/StandaloneMmPkg/Core/FwVol.c index e1e20ffd14..c3054ef751 100644 --- a/StandaloneMmPkg/Core/FwVol.c +++ b/StandaloneMmPkg/Core/FwVol.c @@ -84,6 +84,7 @@ MmCoreFfsFindMmDriver ( UINT32 DstBufferSize;
VOID *ScratchBuffer;
UINT32 ScratchBufferSize;
+ VOID *AllocatedDstBuffer;
VOID *DstBuffer;
UINT16 SectionAttribute;
UINT32 AuthenticationStatus;
@@ -148,25 +149,35 @@ MmCoreFfsFindMmDriver ( //
// Allocate destination buffer, extra one page for adjustment
//
- DstBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize));
- if (DstBuffer == NULL) {
+ AllocatedDstBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize));
+ if (AllocatedDstBuffer == NULL) {
+ FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize));
return EFI_OUT_OF_RESOURCES;
}
//
// Call decompress function
//
- Status = ExtractGuidedSectionDecode (
- Section,
- &DstBuffer,
- ScratchBuffer,
- &AuthenticationStatus
- );
+ DstBuffer = AllocatedDstBuffer;
+ Status = ExtractGuidedSectionDecode (
+ Section,
+ &DstBuffer,
+ ScratchBuffer,
+ &AuthenticationStatus
+ );
FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize));
if (EFI_ERROR (Status)) {
goto FreeDstBuffer;
}
+ //
+ // Free allocated DstBuffer if it is not used
+ //
+ if (DstBuffer != AllocatedDstBuffer) {
+ FreePages (AllocatedDstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+ AllocatedDstBuffer = NULL;
+ }
+
DEBUG ((
DEBUG_INFO,
"Processing compressed firmware volume (AuthenticationStatus == %x)\n",
@@ -210,7 +221,9 @@ MmCoreFfsFindMmDriver ( return EFI_SUCCESS;
FreeDstBuffer:
- FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+ if (AllocatedDstBuffer != NULL) {
+ FreePages (AllocatedDstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
+ }
return Status;
}
|