回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

gaoliming via groups.io gaoliming=byosoft.com.cn at groups.io
Fri Sep 8 00:40:52 UTC 2023 

Michael:
 How do you detect those issues? Do you use the tool or do code review?

 For this change,  Reviewed-by: Liming Gao <gaoliming at byosoft.com.cn>

> -----邮件原件-----
> 发件人: devel at edk2.groups.io <devel at edk2.groups.io> 代表 Michael
> Kubacki
> 发送时间: 2023年9月7日 1:41
> 收件人: devel at edk2.groups.io
> 抄送: Zhichao Gao <zhichao.gao at intel.com>; Michael D Kinney
> <michael.d.kinney at intel.com>
> 主题: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib:
> Check array index before access
> 
> From: Michael Kubacki <michael.kubacki at microsoft.com>
> 
> Moves the range check for the index into the array before attempting
> any accesses using the array index.
> 
> Cc: Zhichao Gao <zhichao.gao at intel.com>
> Cc: Michael D Kinney <michael.d.kinney at intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
> ---
>  ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> index 7c80bba46581..5cb92c485b47 100644
> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> 
>        ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> 
> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
> (Index < PREFIXMAXLEN)) {
> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
> (Ip->Addr[Index + 1] == 0)) {
>          Index = Index + 2;
>          if (Index > PREFIXMAXLEN - 2) {
>            break;
> --
> 2.42.0.windows.2
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#108336):
> https://edk2.groups.io/g/devel/message/108336
> Mute This Topic: https://groups.io/mt/101198333/4905953
> Group Owner: devel+owner at edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming at byosoft.com.cn]
> -=-=-=-=-=-=
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108429): https://edk2.groups.io/g/devel/message/108429
Mute This Topic: https://groups.io/mt/101228328/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list