tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check InternalAllocPoolByIndex status before refer buffer. 

Original code refers FreePoolHdr without check Status. It is obvious wrong and has risk.

Aslo, if InternalAllocPoolByIndex() returns an error, then *FreePoolHdr is assigned to an uninitialized value. So we init Hdr be NULL.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Zeng, Star" <star.zeng@intel.com>
Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Fan, Jeff" <jeff.fan@intel.com>
Reviewed-by: "Kinney, Michael D" <michael.d.kinney@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18932 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Zeng, Star 2015-11-25 02:33:06 +00:00 committed by jyao1
parent 3164361121
commit bf14e1077a
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
MdeModulePkg/Core/PiSmmCore/Pool.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
SMM Memory pool management functions. SMM Memory pool management functions.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at distribution. The full text of the license may be found at
@ -120,6 +120,7 @@ InternalAllocPoolByIndex (
ASSERT (PoolIndex <= MAX_POOL_INDEX); ASSERT (PoolIndex <= MAX_POOL_INDEX);
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
Hdr = NULL;
if (PoolIndex == MAX_POOL_INDEX) { if (PoolIndex == MAX_POOL_INDEX) {
Status = SmmInternalAllocatePages (AllocateAnyPages, EfiRuntimeServicesData, EFI_SIZE_TO_PAGES (MAX_POOL_SIZE << 1), &Address); Status = SmmInternalAllocatePages (AllocateAnyPages, EfiRuntimeServicesData, EFI_SIZE_TO_PAGES (MAX_POOL_SIZE << 1), &Address);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -228,7 +229,9 @@ SmmInternalAllocatePool (
} }
Status = InternalAllocPoolByIndex (PoolIndex, &FreePoolHdr); Status = InternalAllocPoolByIndex (PoolIndex, &FreePoolHdr);
*Buffer = &FreePoolHdr->Header + 1; if (!EFI_ERROR(Status)) {
*Buffer = &FreePoolHdr->Header + 1;
}
return Status; return Status;
} }