Re: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

Michael Kubacki mikuback at linux.microsoft.com
Fri Sep 8 01:00:06 UTC 2023 

Hi Liming,

I'm running the CodeQL CLI 
(https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli) 
locally against the code with some new queries.

The queries in the codeql/cpp-queries pack listed here are relatively 
easy to experiment with https://codeql.github.com/codeql-query-help/cpp/.

The particular query related to this patch was 
https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/.

Thanks,
Michael

On 9/7/2023 8:40 PM, gaoliming wrote:
> Michael:
>   How do you detect those issues? Do you use the tool or do code review?
> 
>   For this change,  Reviewed-by: Liming Gao <gaoliming at byosoft.com.cn>
> 
>> -----邮件原件-----
>> 发件人: devel at edk2.groups.io <devel at edk2.groups.io> 代表 Michael
>> Kubacki
>> 发送时间: 2023年9月7日 1:41
>> 收件人: devel at edk2.groups.io
>> 抄送: Zhichao Gao <zhichao.gao at intel.com>; Michael D Kinney
>> <michael.d.kinney at intel.com>
>> 主题: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib:
>> Check array index before access
>>
>> From: Michael Kubacki <michael.kubacki at microsoft.com>
>>
>> Moves the range check for the index into the array before attempting
>> any accesses using the array index.
>>
>> Cc: Zhichao Gao <zhichao.gao at intel.com>
>> Cc: Michael D Kinney <michael.d.kinney at intel.com>
>> Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
>> ---
>>   ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> index 7c80bba46581..5cb92c485b47 100644
>> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
>>
>>         ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
>> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
>>
>> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
>> (Index < PREFIXMAXLEN)) {
>> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
>> (Ip->Addr[Index + 1] == 0)) {
>>           Index = Index + 2;
>>           if (Index > PREFIXMAXLEN - 2) {
>>             break;
>> --
>> 2.42.0.windows.2
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#108336):
>> https://edk2.groups.io/g/devel/message/108336
>> Mute This Topic: https://groups.io/mt/101198333/4905953
>> Group Owner: devel+owner at edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>> [gaoliming at byosoft.com.cn]
>> -=-=-=-=-=-=
>>
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108432): https://edk2.groups.io/g/devel/message/108432
Mute This Topic: https://groups.io/mt/101228328/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list