]> xenbits.xensource.com Git - ovmf.git/commitdiff
projects / ovmf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc00ff2)
MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
authorErich McMillan <emcmillan@microsoft.com>
Tue, 8 Nov 2022 03:23:56 +0000 (03:23 +0000)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Mon, 3 Apr 2023 15:29:08 +0000 (15:29 +0000)
Details for these CodeQL alerts can be found here:

- Pointer overflow check (cpp/pointer-overflow-check):
  - https://cwe.mitre.org/data/definitions/758.html

- Potential buffer overflow check (cpp/potential-buffer-overflow):
  - https://cwe.mitre.org/data/definitions/676.html

CodeQL alert:

  - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
    - Type: Pointer overflow check
    - Severity: Low
    - Problem: Range check relying on pointer overflow

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Erich McMillan <emcmillan@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c patch | blob | blame | history

diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
index 1d43adc7662c62bab7ff0512267959e44f7f44fc..dd077bb0cf19765c3caef4dac62f873bfba4f64a 100644 (file)
--- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
+++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
@@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable (
     //\r
     // Make sure not to access memory beyond SmbiosEnd\r
     //\r
-    if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||\r
-        (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))\r
-    {\r
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE)) {\r
       return EFI_INVALID_PARAMETER;\r
     }\r
 \r
@@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable (
     // Make sure not to access memory beyond SmbiosEnd\r
     // Each structure shall be terminated by a double-null (0000h).\r
     //\r
-    if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEnd.Raw) ||\r
-        (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.Raw))\r
-    {\r
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U)) {\r
       return EFI_INVALID_PARAMETER;\r
     }\r
 \r
Xen OVMF (all branches potentially rebasing)