diff options
| author | Erich McMillan <emcmillan@microsoft.com> | 2022-11-08 03:23:56 +0000 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-04-03 15:29:08 +0000 |
| commit | 33f517445b218e11660a0024997201d954384c84 (patch) | |
| tree | edacd89930de27971c41d4258bf652196ab3937d | |
| parent | fc00ff286a541c047b7d343e66ec10890b80d3ea (diff) | |
| download | edk2-33f517445b218e11660a0024997201d954384c84.tar.gz edk2-33f517445b218e11660a0024997201d954384c84.tar.bz2 edk2-33f517445b218e11660a0024997201d954384c84.zip | |
MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Details for these CodeQL alerts can be found here:
- Pointer overflow check (cpp/pointer-overflow-check):
- https://cwe.mitre.org/data/definitions/758.html
- Potential buffer overflow check (cpp/potential-buffer-overflow):
- https://cwe.mitre.org/data/definitions/676.html
CodeQL alert:
- Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
- Type: Pointer overflow check
- Severity: Low
- Problem: Range check relying on pointer overflow
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Erich McMillan <emcmillan@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
| -rw-r--r-- | MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc766..dd077bb0cf 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable ( //
// Make sure not to access memory beyond SmbiosEnd
//
- if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||
- (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))
- {
+ if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE)) {
return EFI_INVALID_PARAMETER;
}
@@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable ( // Make sure not to access memory beyond SmbiosEnd
// Each structure shall be terminated by a double-null (0000h).
//
- if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEnd.Raw) ||
- (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.Raw))
- {
+ if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U)) {
return EFI_INVALID_PARAMETER;
}
|