mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-26 07:04:28 +02:00
MdeModulePkg: DxeCore: Fix Use-After-Free guard causing page fault
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2411 With Use-After-Free heap guard feature enabled, the DxeCore would blindly attempt to "level-up" when the `GuardAllFreedPages` inspect a non-max level table entry from the last loop. This could cause the next round of inspection to dereference a potentially null pointer and as such causing a page fault. This change adds a null pointer check to prevent such case from happening. Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This commit is contained in:
parent
0adc868b36
commit
cee9d1b16b
@ -1406,6 +1406,10 @@ GuardAllFreedPages (
|
|||||||
TableEntry = ((UINT64 *)(UINTN)(Tables[Level]))[Indices[Level]];
|
TableEntry = ((UINT64 *)(UINTN)(Tables[Level]))[Indices[Level]];
|
||||||
Address = Addresses[Level];
|
Address = Addresses[Level];
|
||||||
|
|
||||||
|
if (TableEntry == 0) {
|
||||||
|
GuardPageNumber = 0;
|
||||||
|
GuardPage = (UINT64)-1;
|
||||||
|
} else {
|
||||||
if (Level < GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
|
if (Level < GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
|
||||||
Level += 1;
|
Level += 1;
|
||||||
Tables[Level] = TableEntry;
|
Tables[Level] = TableEntry;
|
||||||
@ -1437,6 +1441,7 @@ GuardAllFreedPages (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (Level < (GUARDED_HEAP_MAP_TABLE_DEPTH - (INTN)mMapLevel)) {
|
if (Level < (GUARDED_HEAP_MAP_TABLE_DEPTH - (INTN)mMapLevel)) {
|
||||||
break;
|
break;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user