Re: [edk2] [PATCH] MdeModulePkg: Potential invalid free in HiiLib

Thu, 01 May 2014 22:00:08 -0700 

Thanks for your contribution, Barr.

We will review this patch. If no problem, we will check it in.

From: [email protected] [mailto:[email protected]]
Sent: Thursday, May 01, 2014 1:56 AM
To: [email protected]
Subject: [edk2] [PATCH] MdeModulePkg: Potential invalid free in HiiLib


Dear MdeModulePkg maintainer,

I would like to submit this patch. Do I just post it to this list?

Thank you for your time.
==============================================
MdeModulePkg: Fix potential invalid free in HiiLib

This relates to a previous call to gHiiConfigRouting->GetAltConfig.
The only guarantee the UEFI specification makes about the state of
ConfigResp is that it will be allocated if the function returns
EFI_SUCCESS. Since there is no guarantee that ConfigResp will remain
NULL if GetAltConfig fails, ConfigResp should be reset to NULL so
that the cleanup code for this function does not attempt to call
FreePool() on a potentially invalid pointer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chris Barr 
<[email protected]<mailto:[email protected]>>
---
 MdeModulePkg/Library/UefiHiiLib/HiiLib.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c 
b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
index 09f1ff7..cfadbdb 100644
--- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
@@ -2156,6 +2156,7 @@ InternalHiiIfrValueAction (
     // The required setting can't be found. So, it is not required to be 
validated and set.
     //
     if (EFI_ERROR (Status)) {
+      ConfigResp = NULL;
       Status = EFI_SUCCESS;
       goto NextConfigAltResp;
     }

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to