Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CHERRY-PICK] MdeModulePkg/DxeCapsuleLibFmp: Check for NULL in IsValidCapsuleHeader #1290

Open
wants to merge 1 commit into
base: dev/202502
Choose a base branch
from
Open

[CHERRY-PICK] MdeModulePkg/DxeCapsuleLibFmp: Check for NULL in IsValidCapsuleHeader #1290

wants to merge 1 commit into from
+4 −0

Conversation

zurcher
Copy link
Contributor

@zurcher zurcher commented Mar 3, 2025

Description

Add a NULL check in IsValidCapsuleHeader before dereferencing CapsuleHeader

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

How This Was Tested

Published HOB with EFI_HOB_TYPE_UEFI_CAPSULE and BaseAddress = 0.
Confirmed IsValidCapsuleHeader returned FALSE instead of crashing.

Integration Instructions

N/A

@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.

Please upload report for BASE (dev/202502@3ecdf7e). Learn more about missing BASE report.

Files with missing lines Patch % Lines
...ModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##             dev/202502    #1290   +/-   ##
=============================================
  Coverage              ?    0.61%           
=============================================
  Files                 ?      613           
  Lines                 ?   219906           
  Branches              ?        0           
=============================================
  Hits                  ?     1349           
  Misses                ?   218557           
  Partials              ?        0
Flag Coverage Δ
MdeModulePkg 0.61% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zurcher
Copy link
Contributor Author

zurcher commented Mar 3, 2025

Build failure is not in my change:

ERROR - Compiler #error from /__w/1/s/UnitTestFrameworkPkg/Library/Posix/MemoryAllocationLibPosix/MemoryAllocationLibPosix.c variable ‘Length’ set but not used [-Werror=unused-but-set-variable]

@makubacki makubacki requested a review from apop5 March 4, 2025 00:21
@makubacki makubacki enabled auto-merge (squash) March 4, 2025 00:50
@makubacki makubacki disabled auto-merge March 4, 2025 00:50
@makubacki makubacki enabled auto-merge (rebase) March 4, 2025 00:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@makubacki makubacki makubacki approved these changes

@apop5 apop5 apop5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zurcher @codecov-commenter @makubacki @apop5