From bf14e1077aa66ef1cb49bdaf06181de48bb2477f Mon Sep 17 00:00:00 2001 From: "Zeng, Star" Date: Wed, 25 Nov 2015 02:33:06 +0000 Subject: [PATCH] Check InternalAllocPoolByIndex status before refer buffer. Original code refers FreePoolHdr without check Status. It is obvious wrong and has risk. Aslo, if InternalAllocPoolByIndex() returns an error, then *FreePoolHdr is assigned to an uninitialized value. So we init Hdr be NULL. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Zeng, Star" Reviewed-by: "Yao, Jiewen" Reviewed-by: "Fan, Jeff" Reviewed-by: "Kinney, Michael D" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18932 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Core/PiSmmCore/Pool.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c b/MdeModulePkg/Core/PiSmmCore/Pool.c index 34dcc93f1a..761988e416 100644 --- a/MdeModulePkg/Core/PiSmmCore/Pool.c +++ b/MdeModulePkg/Core/PiSmmCore/Pool.c @@ -1,7 +1,7 @@ /** @file SMM Memory pool management functions. - Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -120,6 +120,7 @@ InternalAllocPoolByIndex ( ASSERT (PoolIndex <= MAX_POOL_INDEX); Status = EFI_SUCCESS; + Hdr = NULL; if (PoolIndex == MAX_POOL_INDEX) { Status = SmmInternalAllocatePages (AllocateAnyPages, EfiRuntimeServicesData, EFI_SIZE_TO_PAGES (MAX_POOL_SIZE << 1), &Address); if (EFI_ERROR (Status)) { @@ -228,7 +229,9 @@ SmmInternalAllocatePool ( } Status = InternalAllocPoolByIndex (PoolIndex, &FreePoolHdr); - *Buffer = &FreePoolHdr->Header + 1; + if (!EFI_ERROR(Status)) { + *Buffer = &FreePoolHdr->Header + 1; + } return Status; }