MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704
For root directory, the FID (File Identifier Descriptor) pointer is
accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root
directory and regular files, their FIDs are accessible through
PRIVATE_UDF_FILE_DATA.File.
In UdfSetPosition(), the FID was retrieved through
PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory,
PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and
then dereferenced.
This patch fixes the NULL pointer dereference by calling _FILE() to
transparently return the correct UDF_FILE_INFO * which points to a valid
FID descriptor of a specific file.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Steven Shi <steven.shi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Steven Shi <steven.shi@intel.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
---
MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
index 8b9339567f..a1eb2196df 100644
--- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c
+++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
@@ -690,7 +690,8 @@ UdfSetPosition (
PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This);
- FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc;
+ FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc;
+ ASSERT (FileIdentifierDesc != NULL);
if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) {
//
// If the file handle is a directory, the _only_ position that may be set is
--
2.11.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 09/12/17 03:30, Paulo Alcantara wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704 > > For root directory, the FID (File Identifier Descriptor) pointer is > accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root > directory and regular files, their FIDs are accessible through > PRIVATE_UDF_FILE_DATA.File. > > In UdfSetPosition(), the FID was retrieved through > PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory, > PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and > then dereferenced. > > This patch fixes the NULL pointer dereference by calling _FILE() to > transparently return the correct UDF_FILE_INFO * which points to a valid > FID descriptor of a specific file. > > Cc: Star Zeng <star.zeng@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Ruiyu Ni <ruiyu.ni@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Steven Shi <steven.shi@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Reported-by: Steven Shi <steven.shi@intel.com> > Signed-off-by: Paulo Alcantara <pcacjr@zytor.com> > --- > MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c > index 8b9339567f..a1eb2196df 100644 > --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c > +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c > @@ -690,7 +690,8 @@ UdfSetPosition ( > > PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This); > > - FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc; > + FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc; > + ASSERT (FileIdentifierDesc != NULL); > if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { > // > // If the file handle is a directory, the _only_ position that may be set is > Reviewed-by: Laszlo Ersek <lersek@redhat.com> Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 9/12/2017 8:27 AM, Laszlo Ersek wrote: > On 09/12/17 03:30, Paulo Alcantara wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704 >> >> For root directory, the FID (File Identifier Descriptor) pointer is >> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root >> directory and regular files, their FIDs are accessible through >> PRIVATE_UDF_FILE_DATA.File. >> >> In UdfSetPosition(), the FID was retrieved through >> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory, >> PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and >> then dereferenced. >> >> This patch fixes the NULL pointer dereference by calling _FILE() to >> transparently return the correct UDF_FILE_INFO * which points to a valid >> FID descriptor of a specific file. >> >> Cc: Star Zeng <star.zeng@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Cc: Laszlo Ersek <lersek@redhat.com> >> Cc: Steven Shi <steven.shi@intel.com> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Reported-by: Steven Shi <steven.shi@intel.com> >> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com> >> --- >> MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> index 8b9339567f..a1eb2196df 100644 >> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> @@ -690,7 +690,8 @@ UdfSetPosition ( >> >> PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This); >> >> - FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc; >> + FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc; >> + ASSERT (FileIdentifierDesc != NULL); >> if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { >> // >> // If the file handle is a directory, the _only_ position that may be set is >> > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> Ping? :-) Thanks! Paulo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Star Zeng <star.zeng@intel.com> and pushed at 11b4463e096523fe03ac840472d483652ae93904. Thanks, Star -----Original Message----- From: Paulo Alcantara [mailto:pcacjr@zytor.com] Sent: Thursday, September 14, 2017 9:59 PM To: Laszlo Ersek <lersek@redhat.com>; edk2-devel@lists.01.org Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com> Subject: Re: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference On 9/12/2017 8:27 AM, Laszlo Ersek wrote: > On 09/12/17 03:30, Paulo Alcantara wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704 >> >> For root directory, the FID (File Identifier Descriptor) pointer is >> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root >> directory and regular files, their FIDs are accessible through >> PRIVATE_UDF_FILE_DATA.File. >> >> In UdfSetPosition(), the FID was retrieved through >> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root >> directory, PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would >> be NULL and then dereferenced. >> >> This patch fixes the NULL pointer dereference by calling _FILE() to >> transparently return the correct UDF_FILE_INFO * which points to a >> valid FID descriptor of a specific file. >> >> Cc: Star Zeng <star.zeng@intel.com> >> Cc: Eric Dong <eric.dong@intel.com> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com> >> Cc: Laszlo Ersek <lersek@redhat.com> >> Cc: Steven Shi <steven.shi@intel.com> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Reported-by: Steven Shi <steven.shi@intel.com> >> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com> >> --- >> MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> index 8b9339567f..a1eb2196df 100644 >> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c >> @@ -690,7 +690,8 @@ UdfSetPosition ( >> >> PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This); >> >> - FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc; >> + FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc; >> + ASSERT (FileIdentifierDesc != NULL); >> if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) { >> // >> // If the file handle is a directory, the _only_ position that >> may be set is >> > > Reviewed-by: Laszlo Ersek <lersek@redhat.com> Ping? :-) Thanks! Paulo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.