tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-25 22:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg: DxeCore: Fix Use-After-Free guard causing page fault

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2411

With Use-After-Free heap guard feature enabled, the DxeCore would blindly
attempt to "level-up" when the `GuardAllFreedPages` inspect a non-max
level table entry from the last loop. This could cause the next round of
inspection to dereference a potentially null pointer and as such causing
a page fault.

This change adds a null pointer check to prevent such case from happening.

Cc: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This commit is contained in:
Kun Qin 2024-07-16 15:50:01 -07:00 committed by mergify[bot]
parent 0adc868b36
commit cee9d1b16b
1 changed files with 28 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
View File

@ -1406,6 +1406,10 @@ GuardAllFreedPages (
TableEntry = ((UINT64 *)(UINTN)(Tables[Level]))[Indices[Level]];
Address = Addresses[Level];
if (TableEntry == 0) {
GuardPageNumber = 0;
GuardPage = (UINT64)-1;
} else {
if (Level < GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
Level += 1;
Tables[Level] = TableEntry;
@ -1437,6 +1441,7 @@ GuardAllFreedPages (
}
}
}
}
if (Level < (GUARDED_HEAP_MAP_TABLE_DEPTH - (INTN)mMapLevel)) {
break;