ShellPkg/hexedit: Fix a read-after-free bug

HDiskImageSetDiskNameOffsetSize() and HFileImageSetFileName()
may be called using the current disk name or file name.
When this happens, today's implementation firstly frees the memory
and then accesses the just-freed memory.
The patch fixes this issue by doing nothing when the disk or file
name is the current one.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
(cherry picked from commit 1efda6414f)

ShellPkg/Library/UefiShellDebug1CommandsLib/HexEdit/FileImage.c

@@ -1,7 +1,7 @@
 /** @file
   Functions to deal with file buffer.
 
-  Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved. <BR>
+  Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved. <BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -110,27 +110,22 @@ HFileImageSetFileName (
   IN CONST CHAR16 *Str
   )
 {
-  UINTN Size;
-  UINTN Index;
-
+  if (Str == HFileImage.FileName) {
+    //
+    // This function might be called using HFileImage.FileName as Str.
+    // Directly return without updating HFileImage.FileName.
+    //
+    return EFI_SUCCESS;
+  }
   //
   // free the old file name
   //
   SHELL_FREE_NON_NULL (HFileImage.FileName);
-
-  Size                = StrLen (Str);
-
-  HFileImage.FileName = AllocateZeroPool (2 * (Size + 1));
+  HFileImage.FileName = AllocateCopyPool (StrSize (Str), Str);
   if (HFileImage.FileName == NULL) {
     return EFI_OUT_OF_RESOURCES;
   }
 
-  for (Index = 0; Index < Size; Index++) {
-    HFileImage.FileName[Index] = Str[Index];
-  }
-
-  HFileImage.FileName[Size] = L'\0';
-
   return EFI_SUCCESS;
 }