From 55d6e39f72ba2003ef59aac91af34e96a09060db Mon Sep 17 00:00:00 2001
From: Kun Qin <kuqin@microsoft.com>
Date: Wed, 18 Mar 2020 14:12:27 +0800
Subject: FmpDevicePkg/FmpDxe: Fix uninitialized pointer dereference

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2602

Zero the allocated buffer in case GetImageInfo `continue` in the middle of
a loop. This will cause unexpected GetImageInfo failure not clearing the
corresponding entry and lead to GP faults when dereferencing this entry.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 FmpDevicePkg/FmpDxe/Dependency.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'FmpDevicePkg/FmpDxe')

diff --git a/FmpDevicePkg/FmpDxe/Dependency.c b/FmpDevicePkg/FmpDxe/Dependency.c
index 8f97c42..65c2398 100644
--- a/FmpDevicePkg/FmpDxe/Dependency.c
+++ b/FmpDevicePkg/FmpDxe/Dependency.c
@@ -552,7 +552,7 @@ EvaluateImageDependencies (
     return EFI_ABORTED;
   }
 
-  mFmpImageInfoBuf = AllocatePool (sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR *) * mNumberOfFmpInstance);
+  mFmpImageInfoBuf = AllocateZeroPool (sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR *) * mNumberOfFmpInstance);
   if (mFmpImageInfoBuf == NULL) {
     return EFI_OUT_OF_RESOURCES;
   }
-- 
cgit v1.1