MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
If the capsule from command line is not present,
Buffer will be random value when freeing it in DumpCapsule(),
then ASSERT will happen or other memory pool may be freed.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
index 2bb5f1f02cf4..6c1320942bf4 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -1,7 +1,7 @@
/** @file
Dump Capsule image information.
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -242,6 +242,7 @@ DumpCapsule (
EFI_CAPSULE_HEADER *CapsuleHeader;
EFI_STATUS Status;
+ Buffer = NULL;
Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);
if (EFI_ERROR(Status)) {
Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);
@@ -269,7 +270,9 @@ DumpCapsule (
}
Done:
- FreePool(Buffer);
+ if (Buffer != NULL) {
+ FreePool(Buffer);
+ }
return Status;
}
--
2.7.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Thursday, May 3, 2018 7:20 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH] MdeModulePkg CapsuleApp: Check Buffer against NULL before
> freeing it
>
> If the capsule from command line is not present,
> Buffer will be random value when freeing it in DumpCapsule(),
> then ASSERT will happen or other memory pool may be freed.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> ---
> MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index 2bb5f1f02cf4..6c1320942bf4 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -1,7 +1,7 @@
> /** @file
> Dump Capsule image information.
>
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> This program and the accompanying materials
> are licensed and made available under the terms and conditions of the BSD
> License
> which accompanies this distribution. The full text of the license may be
> found at
> @@ -242,6 +242,7 @@ DumpCapsule (
> EFI_CAPSULE_HEADER *CapsuleHeader;
> EFI_STATUS Status;
>
> + Buffer = NULL;
> Status = ReadFileToBuffer(CapsuleName, &FileSize, &Buffer);
> if (EFI_ERROR(Status)) {
> Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName);
> @@ -269,7 +270,9 @@ DumpCapsule (
> }
>
> Done:
> - FreePool(Buffer);
> + if (Buffer != NULL) {
> + FreePool(Buffer);
> + }
> return Status;
> }
>
> --
> 2.7.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.