From 33f517445b218e11660a0024997201d954384c84 Mon Sep 17 00:00:00 2001 From: Erich McMillan Date: Tue, 8 Nov 2022 03:23:56 +0000 Subject: [PATCH] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Details for these CodeQL alerts can be found here: - Pointer overflow check (cpp/pointer-overflow-check): - https://cwe.mitre.org/data/definitions/758.html - Potential buffer overflow check (cpp/potential-buffer-overflow): - https://cwe.mitre.org/data/definitions/676.html CodeQL alert: - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c - Type: Pointer overflow check - Severity: Low - Problem: Range check relying on pointer overflow Cc: Dandan Bi Cc: Erich McMillan Cc: Jian J Wang Cc: Liming Gao Cc: Michael Kubacki Cc: Star Zeng Cc: Zhichao Gao Cc: Zhiguang Liu Co-authored-by: Michael Kubacki Signed-off-by: Erich McMillan Reviewed-by: Liming Gao Reviewed-by: Oliver Smith-Denny --- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc766..dd077bb0cf 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable ( // // Make sure not to access memory beyond SmbiosEnd // - if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) || - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw)) - { + if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE)) { return EFI_INVALID_PARAMETER; } @@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable ( // Make sure not to access memory beyond SmbiosEnd // Each structure shall be terminated by a double-null (0000h). // - if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEnd.Raw) || - (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.Raw)) - { + if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U)) { return EFI_INVALID_PARAMETER; }