diff options
author | Wei6 Xu <wei6.xu@intel.com> | 2019-06-27 16:43:06 +0800 |
---|---|---|
committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2019-06-28 12:31:48 +0800 |
commit | fda8482df707dd4f3880e5060979f8df86b86e12 (patch) | |
tree | f8a45d6bdc9e184c856ae2c015b1e34491917712 /MdeModulePkg/Library/DxeCapsuleLibFmp | |
parent | 104a1aa19bbb79418883dc6cc3cf0720d9f36119 (diff) | |
download | edk2-fda8482df707dd4f3880e5060979f8df86b86e12.tar.gz edk2-fda8482df707dd4f3880e5060979f8df86b86e12.tar.bz2 edk2-fda8482df707dd4f3880e5060979f8df86b86e12.zip |
MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
Add missing NULL pointer check for CapsuleNameBufStart.
Also add comments to notice that capsule name integrity check assumes
the capsule has been validated by IsValidCapsuleHeader().
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Diffstat (limited to 'MdeModulePkg/Library/DxeCapsuleLibFmp')
-rw-r--r-- | MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c index 66c9be8e1f..3193ca8f4d 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c @@ -25,6 +25,9 @@ IsCapsuleNameCapsule ( Check the integrity of the capsule name capsule.
If the capsule is vaild, return the physical address of each capsule name string.
+ This routine assumes the capsule has been validated by IsValidCapsuleHeader(), so
+ capsule memory overflow is not going to happen in this routine.
+
@param[in] CapsuleHeader Pointer to the capsule header of a capsule name capsule.
@param[out] CapsuleNameNum Number of capsule name.
@@ -65,6 +68,9 @@ ValidateCapsuleNameCapsuleIntegrity ( //
if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
+ if (CapsuleNameBufStart == NULL) {
+ return NULL;
+ }
}
CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize;
|