mirror of https://github.com/acidanthera/audk.git
SignedCapsulePkg: Address NULL pointer dereference case.
Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf should not be NULL and the NULL pointer dereference case should be false positive. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Vin Xue <vinxue@outlook.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Vin Xue
mergify[bot]
parent
1da651cdb7
commit
21a23e6966
|
|
@ -681,32 +681,35 @@ FindMatchingFmpHandles (
|
||||||
//
|
//
|
||||||
// Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
|
// Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
|
||||||
//
|
//
|
||||||
FmpImageInfoBuf = OriginalFmpImageInfoBuf;
|
|
||||||
MatchFound = FALSE;
|
MatchFound = FALSE;
|
||||||
for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
|
if (OriginalFmpImageInfoBuf != NULL) {
|
||||||
for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
|
FmpImageInfoBuf = OriginalFmpImageInfoBuf;
|
||||||
MatchFound = CompareGuid (
|
|
||||||
&FmpImageInfoBuf->ImageTypeId,
|
for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
|
||||||
&mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
|
for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
|
||||||
);
|
MatchFound = CompareGuid (
|
||||||
|
&FmpImageInfoBuf->ImageTypeId,
|
||||||
|
&mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
|
||||||
|
);
|
||||||
|
if (MatchFound) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (MatchFound) {
|
if (MatchFound) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
//
|
||||||
|
// Increment the buffer pointer ahead by the size of the descriptor
|
||||||
|
//
|
||||||
|
FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);
|
||||||
}
|
}
|
||||||
if (MatchFound) {
|
if (MatchFound) {
|
||||||
break;
|
HandleBuffer[*HandleCount] = HandleBuffer[Index];
|
||||||
|
(*HandleCount)++;
|
||||||
}
|
}
|
||||||
//
|
|
||||||
// Increment the buffer pointer ahead by the size of the descriptor
|
|
||||||
//
|
|
||||||
FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);
|
|
||||||
}
|
|
||||||
if (MatchFound) {
|
|
||||||
HandleBuffer[*HandleCount] = HandleBuffer[Index];
|
|
||||||
(*HandleCount)++;
|
|
||||||
}
|
|
||||||
|
|
||||||
FreePool (OriginalFmpImageInfoBuf);
|
FreePool (OriginalFmpImageInfoBuf);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((*HandleCount) == 0) {
|
if ((*HandleCount) == 0) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue