Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: 33f517445b218e11660a0024997201d954384c84
https://github.com/tianocore/edk2/commit/33f517445b218e11660a0024997201d954384c84
Author: Erich McMillan <emcmil...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
Log Message:
-----------
MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Details for these CodeQL alerts can be found here:
- Pointer overflow check (cpp/pointer-overflow-check):
- https://cwe.mitre.org/data/definitions/758.html
- Potential buffer overflow check (cpp/potential-buffer-overflow):
- https://cwe.mitre.org/data/definitions/676.html
CodeQL alert:
- Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
- Type: Pointer overflow check
- Severity: Low
- Problem: Range check relying on pointer overflow
Cc: Dandan Bi <dandan...@intel.com>
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Star Zeng <star.z...@intel.com>
Cc: Zhichao Gao <zhichao....@intel.com>
Cc: Zhiguang Liu <zhiguang....@intel.com>
Co-authored-by: Michael Kubacki <michael.kuba...@microsoft.com>
Signed-off-by: Erich McMillan <emcmil...@microsoft.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 4693b325e85c1d7e3529ab2a209405701da6f274
https://github.com/tianocore/edk2/commit/4693b325e85c1d7e3529ab2a209405701da6f274
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M BaseTools/Scripts/PatchCheck.py
Log Message:
-----------
BaseTools/PatchCheck.py: Add PCCTS to tab exemption list
Purdue Compiler Construction Tool Set (PCCTS) source code was copied/
pasted into BaseTools/Source/C/VfrCompile/Pccts/.
The code contains tab characters instead of spaces.
PatchCheck.py gives an error on modifications to files that
contain tabs.
The goal of my upcoming change there is not to mix tabs and spaces
but to fix a bug while preserving its current formatting characters.
This change adds that directory to the pre-existing list of
directories in which tab checks are ignored in PatchCheck.py
and also updates the check for makefiles to check for *.makefile:
this allows {header,footer,app,lib}.makefile in
BaseTools/Source/C/Makefiles to be detected and avoid having
PatchCheck.py complain about tab characters.
The check for "Makefile" is updated to be case-insensitive since
there are some Makefiles named 'makefile' instead of 'Makefile'.
Co-authored-by: Rebecca Cran <rebe...@bsdio.com>
Cc: Bob Feng <bob.c.f...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Yuwei Chen <yuwei.c...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Rebecca Cran <rebe...@bsdio.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0
https://github.com/tianocore/edk2/commit/dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c
M BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c
Log Message:
-----------
BaseTools/VfrCompile: Fix potential buffer overwrites
While more portable methods exist to handle these cases, this change
does not attempt to do more than fix the immediate problem and
follow the conventions already established in this code.
`snprintf()` is introduced as the minimum improvement apart from
making the buffers larger.
Fixes the following CodeQL alerts:
1. Failure on line 2339 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 17 bytes but
the destination is only 16 bytes.
2. Failure on line 2341 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 17 bytes but
the destination is only 16 bytes.
3. Failure on line 1309 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 25 bytes but
the destination is only 20 bytes.
Cc: Bob Feng <bob.c.f...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Yuwei Chen <yuwei.c...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 84d77d9bf5dfc99159b2736d9f16661141ee5cb9
https://github.com/tianocore/edk2/commit/84d77d9bf5dfc99159b2736d9f16661141ee5cb9
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
Log Message:
-----------
CryptoPkg: Fix conditionally uninitialized variable
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Checks the return value from `ASN1_get_object()` to verify values
set by the function are valid.
Note that the function returns literal `0x80`:
`return (0x80);`
That is used to check the return value is as the case in other areas
of the code.
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Xiaoyu Lu <xiaoyu1...@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 07251f3c6a9aff09eb2778f8d5db51348fca8e18
https://github.com/tianocore/edk2/commit/07251f3c6a9aff09eb2778f8d5db51348fca8e18
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c
M MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c
M MdeModulePkg/Core/Dxe/Mem/Page.c
M MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c
M MdeModulePkg/Library/FileExplorerLib/FileExplorer.c
M MdeModulePkg/Universal/BdsDxe/BdsEntry.c
M MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
M MdeModulePkg/Universal/HiiDatabaseDxe/Font.c
M MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
Log Message:
-----------
MdeModulePkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Dandan Bi <dandan...@intel.com>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Zhichao Gao <zhichao....@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 321240b135e37ac1b9be1317f78ce2a3b526bf02
https://github.com/tianocore/edk2/commit/321240b135e37ac1b9be1317f78ce2a3b526bf02
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M MdePkg/Library/BaseLib/String.c
Log Message:
-----------
MdePkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Note that this change affects the actual return value from the
following functions. The functions documented that if an integer
overflow occurred, MAX_UINTN would be returned. They were
implemented to actually return an undefined value from the stack.
This change makes the function follow its description. However, this
is technically different than what callers may have previously
expected.
MdePkg/Library/BaseLib/String.c:
- StrDecimalToUintn()
- StrDecimalToUint64()
- StrHexToUintn()
- StrHexToUint64()
- AsciiStrDecimalToUintn()
- AsciiStrDecimalToUint64()
- AsciiStrHexToUintn()
- AsciiStrHexToUint64()
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Zhiguang Liu <zhiguang....@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 3fab32d41dc7f45db498800328db9f1fb6699075
https://github.com/tianocore/edk2/commit/3fab32d41dc7f45db498800328db9f1fb6699075
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
M NetworkPkg/TcpDxe/TcpInput.c
Log Message:
-----------
NetworkPkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Jiaxin Wu <jiaxin...@intel.com>
Cc: Maciej Rabeda <maciej.rab...@linux.intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Siyuan Fu <siyuan...@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 7dc182ed1e7198420fa10fb523e3d52093fefab2
https://github.com/tianocore/edk2/commit/7dc182ed1e7198420fa10fb523e3d52093fefab2
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c
Log Message:
-----------
PcAtChipsetPkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Ray Ni <ray...@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Ray Ni <ray...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 11dd44dfbefab2ca0b9160bb5ebe40bc1c70f7c1
https://github.com/tianocore/edk2/commit/11dd44dfbefab2ca0b9160bb5ebe40bc1c70f7c1
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M ShellPkg/Application/Shell/Shell.c
M ShellPkg/Application/Shell/ShellProtocol.c
M ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c
M ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c
M ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c
M ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c
M ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c
M ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c
Log Message:
-----------
ShellPkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Zhichao Gao <zhichao....@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Zhichao Gao <zhichao....@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: e03657dca8a57c8299ff6f4fc04762fa27f5da1a
https://github.com/tianocore/edk2/commit/e03657dca8a57c8299ff6f4fc04762fa27f5da1a
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M UefiCpuPkg/CpuMpPei/CpuBist.c
M UefiCpuPkg/CpuMpPei/CpuMpPei.c
M UefiCpuPkg/CpuMpPei/CpuPaging.c
Log Message:
-----------
UefiCpuPkg: Fix conditionally uninitialized variables
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Eric Dong <eric.d...@intel.com>
Cc: Erich McMillan <emcmil...@microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Rahul Kumar <rahul1.ku...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Co-authored-by: Erich McMillan <emcmil...@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 07349758240997ef84217bfb175caa9e33d11653
https://github.com/tianocore/edk2/commit/07349758240997ef84217bfb175caa9e33d11653
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M .github/codeql/edk2.qls
Log Message:
-----------
.github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
The previous commits fixed issues with these queries across various
packages. Now that those are resolved, enable the queries in the
edk2 query set so regressions can be found in the future.
Enables:
1. cpp/conditionallyuninitializedvariable
- CWE: https://cwe.mitre.org/data/definitions/457.html
- @name Conditionally uninitialized variable
- @description An initialization function is used to initialize a
local variable, but the returned status code is
not checked. The variable may be left in an
uninitialized state, and reading the variable may
result in undefined behavior.
- @kind problem
- @problem.severity warning
- @security-severity 7.8
- @id cpp/conditionally-uninitialized-variable
- @tags security
- external/cwe/cwe-457
2. cpp/pointer-overflow-check
- CWE: https://cwe.mitre.org/data/definitions/758.html
- @name Pointer overflow check
- @description Adding a value to a pointer to check if it
overflows relies on undefined behavior and
may lead to memory corruption.
- @kind problem
- @problem.severity error
- @security-severity 2.1
- @precision high
- @id cpp/pointer-overflow-check
- @tags reliability
- security
- external/cwe/cwe-758
3. cpp/potential-buffer-overflow
- CWE: https://cwe.mitre.org/data/definitions/676.html
- @name Potential buffer overflow
- @description Using a library function that does not check
buffer bounds requires the surrounding program
to be very carefully written to avoid buffer
overflows.
- @kind problem
- @id cpp/potential-buffer-overflow
- @problem.severity warning
- @security-severity 10.0
- @tags reliability
- security
- external/cwe/cwe-676
- @deprecated This query is deprecated, use
Potentially overrunning write
(`cpp/overrunning-write`) and
Potentially overrunning write with float to string
conversion
(`cpp/overrunning-write-with-float`) instead.
Note that cpp/potential-buffer-overflow is deprecated. This query
will be updated to the succeeding queries in the next commit. The
query is used in this commit to show that we considered and tested
the query in history.
Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Commit: 26997800c991f934b57ebd91de2edcd93312f756
https://github.com/tianocore/edk2/commit/26997800c991f934b57ebd91de2edcd93312f756
Author: Michael Kubacki <michael.kuba...@microsoft.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M .github/codeql/edk2.qls
Log Message:
-----------
.github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries
As recommended by CodeQL this change replaces
cpp/potential-buffer-overflow with cpp/overrunning-write-with-float
and cpp/overrunning-write.
Enables:
1. cpp/overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
2. cpp/overrunning-write-with-float
- @name Potentially overrunning write with float to string conversion
- @description Buffer write operations that do not control the length
of data written may overflow when floating point inputs
take extreme values.
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision medium
- @id cpp/overrunning-write-with-float
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
3. cpp/very-likely-overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
of data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
- CWEs:
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/787.html
- https://cwe.mitre.org/data/definitions/805.html
Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Oliver Smith-Denny <o...@smith-denny.com>
Compare: https://github.com/tianocore/edk2/compare/fc00ff286a54...26997800c991
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
