diff options
| author | Krzysztof Koch <krzysztof.koch@arm.com> | 2020-01-20 19:13:49 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-02-11 02:12:45 +0000 |
| commit | ea26838a525541cb05dcad66980cb76247a6d614 (patch) | |
| tree | fce546f0423edbc554b0c981defd4b0420b42781 | |
| parent | 84a534b406a390dee3cf2661e44a8875b7b34532 (diff) | |
| download | edk2-ea26838a525541cb05dcad66980cb76247a6d614.zip edk2-ea26838a525541cb05dcad66980cb76247a6d614.tar.gz edk2-ea26838a525541cb05dcad66980cb76247a6d614.tar.bz2 | |
ShellPkg: acpiview: IORT: Validate global pointers before use
Check if global (in the scope of the IORT parser) pointers have been
successfully updated before they are used for further table parsing.
Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
| -rw-r--r-- | ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c index 72289c7..9d5d937 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c @@ -322,6 +322,20 @@ DumpIortNodeSmmuV1V2 ( PARSER_PARAMS (IortNodeSmmuV1V2Parser)
);
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if ((InterruptContextCount == NULL) ||
+ (InterruptContextOffset == NULL) ||
+ (PmuInterruptCount == NULL) ||
+ (PmuInterruptOffset == NULL)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient SMMUv1/2 node length. Length = %d\n",
+ Length
+ );
+ return;
+ }
+
Offset = *InterruptContextOffset;
Index = 0;
@@ -433,6 +447,17 @@ DumpIortNodeIts ( PARSER_PARAMS (IortNodeItsParser)
);
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if (ItsCount == NULL) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient ITS group length. Length = %d.\n",
+ Length
+ );
+ return;
+ }
+
Index = 0;
while ((Index < *ItsCount) &&
@@ -617,6 +642,18 @@ ParseAcpiIort ( PARSER_PARAMS (IortParser)
);
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if ((IortNodeCount == NULL) ||
+ (IortNodeOffset == NULL)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient table length. AcpiTableLength = %d.\n",
+ AcpiTableLength
+ );
+ return;
+ }
+
Offset = *IortNodeOffset;
NodePtr = Ptr + Offset;
Index = 0;
@@ -635,6 +672,21 @@ ParseAcpiIort ( PARSER_PARAMS (IortNodeHeaderParser)
);
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if ((IortNodeType == NULL) ||
+ (IortNodeLength == NULL) ||
+ (IortIdMappingCount == NULL) ||
+ (IortIdMappingOffset == NULL)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient remaining table buffer length to read the " \
+ L"IORT node header. Length = %d.\n",
+ AcpiTableLength - Offset
+ );
+ return;
+ }
+
// Make sure the IORT Node is inside the table
if ((Offset + (*IortNodeLength)) > AcpiTableLength) {
IncrementErrorCount ();
|