[edk2-devel] [PATCH v6 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts

Michael Kubacki mikuback at linux.microsoft.com
Fri Mar 24 20:48:27 UTC 2023 

From: Erich McMillan <emcmillan at microsoft.com>

Details for these CodeQL alerts can be found here:

- Pointer overflow check (cpp/pointer-overflow-check):
  - https://cwe.mitre.org/data/definitions/758.html

- Potential buffer overflow check (cpp/potential-buffer-overflow):
  - https://cwe.mitre.org/data/definitions/676.html

CodeQL alert:

  - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
    - Type: Pointer overflow check
    - Severity: Low
    - Problem: Range check relying on pointer overflow

Cc: Dandan Bi <dandan.bi at intel.com>
Cc: Erich McMillan <emcmillan at microsoft.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Michael Kubacki <mikuback at linux.microsoft.com>
Cc: Star Zeng <star.zeng at intel.com>
Cc: Zhichao Gao <zhichao.gao at intel.com>
Cc: Zhiguang Liu <zhiguang.liu at intel.com>
Co-authored-by: Michael Kubacki <michael.kubacki at microsoft.com>
Signed-off-by: Erich McMillan <emcmillan at microsoft.com>
Reviewed-by: Liming Gao <gaoliming at byosoft.com.cn>
---
 MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
index 1d43adc7662c..dd077bb0cf19 100644
--- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
+++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
@@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable (
     //
     // Make sure not to access memory beyond SmbiosEnd
     //
-    if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||
-        (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))
-    {
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE)) {
       return EFI_INVALID_PARAMETER;
     }
 
@@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable (
     // Make sure not to access memory beyond SmbiosEnd
     // Each structure shall be terminated by a double-null (0000h).
     //
-    if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEnd.Raw) ||
-        (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.Raw))
-    {
+    if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U)) {
       return EFI_INVALID_PARAMETER;
     }
 
-- 
2.40.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101825): https://edk2.groups.io/g/devel/message/101825
Mute This Topic: https://groups.io/mt/97832891/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list