From 88b6c1e50013f8270ec5f0435e191f0d83e4c203 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Wed, 31 Jul 2024 16:12:03 -0700 Subject: [PATCH] MdeModulePkg: CodeQL Fixes. Includes changes across the repo for the following CodeQL rules: - cpp/comparison-with-wider-type - cpp/overflow-buffer - cpp/redundant-null-check-param - cpp/uselesstest Co-authored-by: Taylor Beebe Co-authored-by: pohanch <125842322+pohanch@users.noreply.github.com> Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com> Co-authored-by: Oliver Smith-Denny Co-authored-by: Sean Brogan Co-authored-by: Aaron <105021049+apop5@users.noreply.github.com> --- .../BootManagerMenuApp/BootManagerMenu.c | 115 +-- .../Application/CapsuleApp/CapsuleDump.c | 3 +- .../Application/CapsuleApp/CapsuleOnDisk.c | 7 +- .../SmiHandlerProfileInfo.c | 8 +- MdeModulePkg/Application/UiApp/FrontPage.c | 73 +- .../UiApp/FrontPageCustomizedUiSupport.c | 8 + .../Bus/Ata/AtaAtapiPassThru/IdeMode.c | 2 +- MdeModulePkg/Bus/Pci/IdeBusPei/AtapiPeim.c | 3 +- .../NonDiscoverablePciDeviceIo.c | 10 + .../Pci/NvmExpressDxe/NvmExpressPassthru.c | 6 +- .../Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c | 12 +- .../Pci/NvmExpressPei/NvmExpressPeiPassThru.c | 4 +- .../Bus/Pci/PciBusDxe/PciEnumerator.c | 99 ++- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c | 6 + MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 75 +- .../Bus/Pci/PciBusDxe/PciOptionRomSupport.c | 5 +- .../Bus/Pci/PciBusDxe/PciResourceSupport.c | 274 +++++-- .../Bus/Pci/PciHostBridgeDxe/PciHostBridge.c | 6 + MdeModulePkg/Bus/Pci/PciSioSerialDxe/Serial.c | 13 +- .../Bus/Pci/PciSioSerialDxe/SerialIo.c | 2 +- .../Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.c | 11 +- .../Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.h | 1 + .../Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf | 1 + .../Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c | 2 +- .../Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.c | 11 +- .../Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.h | 1 + .../Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.inf | 1 + MdeModulePkg/Bus/Pci/UhciPei/UhcPeim.c | 8 +- MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c | 58 +- MdeModulePkg/Bus/Pci/XhciPei/UsbHcMem.c | 2 + MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 7 +- .../Bus/Sd/EmmcBlockIoPei/EmmcHcMem.c | 1 + MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHci.c | 2 +- MdeModulePkg/Bus/Sd/SdBlockIoPei/SdHcMem.c | 1 + MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHcMem.c | 1 + MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c | 2 +- .../Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c | 3 +- MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBus.c | 2 +- MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c | 4 +- MdeModulePkg/Bus/Usb/UsbBusDxe/UsbUtility.c | 20 +- MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c | 29 +- .../UsbMouseAbsolutePointer.c | 18 +- MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c | 31 +- MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 70 +- MdeModulePkg/Core/Dxe/Hand/Handle.c | 4 +- MdeModulePkg/Core/Dxe/Image/Image.c | 15 +- MdeModulePkg/Core/Dxe/Mem/Page.c | 10 +- MdeModulePkg/Core/Dxe/Mem/Pool.c | 6 + .../Core/Dxe/Misc/MemoryAttributesTable.c | 17 +- .../SectionExtraction/CoreSectionExtraction.c | 8 +- .../Core/DxeIplPeim/X64/VirtualMemory.c | 24 +- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 42 +- MdeModulePkg/Core/Pei/FwVol/FwVol.c | 5 +- MdeModulePkg/Core/Pei/Hob/Hob.c | 11 +- MdeModulePkg/Core/Pei/Ppi/Ppi.c | 18 +- .../Core/PiSmmCore/MemoryAttributesTable.c | 9 +- MdeModulePkg/Core/PiSmmCore/Page.c | 9 +- MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 74 +- .../Core/PiSmmCore/SmiHandlerProfile.c | 7 +- .../Core/PiSmmCore/SmramProfileRecord.c | 5 +- .../BootMaintenance.c | 82 +- ...ootMaintenanceManagerCustomizedUiSupport.c | 165 ++-- .../BootMaintenanceManagerUiLib/BootOption.c | 6 +- .../ConsoleOption.c | 77 +- .../BootMaintenanceManagerUiLib/UpdatePage.c | 14 +- .../BootMaintenanceManagerUiLib/Variable.c | 21 +- .../Library/BootManagerUiLib/BootManager.c | 191 ++--- .../BrotliDecompress.c | 6 +- .../CustomizedDisplayLibInternal.c | 4 +- .../DeviceManagerUiLib/DeviceManager.c | 342 ++++---- .../Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 3 +- .../DxeCorePerformanceLib.c | 62 +- .../DxeSecurityManagementLib.c | 19 +- .../Library/FileExplorerLib/FileExplorer.c | 14 +- .../SmmCorePerformanceLib.c | 30 +- .../Library/SmmLockBoxLib/SmmLockBoxMmLib.c | 22 +- .../Library/UefiBootManagerLib/BmBoot.c | 173 ++-- .../UefiBootManagerLib/BmBootDescription.c | 48 +- .../Library/UefiBootManagerLib/BmConsole.c | 61 +- .../UefiBootManagerLib/BmDriverHealth.c | 154 ++-- .../Library/UefiBootManagerLib/BmHotkey.c | 108 ++- .../Library/UefiBootManagerLib/BmLoadOption.c | 43 +- .../Library/UefiBootManagerLib/BmMisc.c | 5 +- MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 117 ++- .../Library/UefiHiiLib/UefiHiiLib.inf | 1 + .../Library/UefiSortLib/UefiSortLib.c | 8 +- .../VarCheckHiiLib/VarCheckHiiGenFromFv.c | 2 + .../VarCheckPcdLib/VarCheckPcdLibNullClass.c | 2 + .../Universal/Acpi/AcpiTableDxe/AcpiSdt.c | 34 + .../Universal/Acpi/AcpiTableDxe/AcpiTable.c | 8 +- .../Acpi/AcpiTableDxe/AcpiTableProtocol.c | 6 + .../Acpi/AcpiTableDxe/AmlNamespace.c | 22 +- .../Universal/Acpi/AcpiTableDxe/AmlString.c | 10 +- MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 59 +- .../Universal/CapsulePei/UefiCapsule.c | 2 +- .../Console/ConPlatformDxe/ConPlatform.c | 12 +- .../GraphicsConsoleDxe/GraphicsConsole.c | 19 +- .../Universal/Console/TerminalDxe/Terminal.c | 31 +- .../Universal/Disk/PartitionDxe/Mbr.c | 2 +- .../Universal/Disk/RamDiskDxe/RamDiskImpl.c | 148 ++-- .../Disk/RamDiskDxe/RamDiskProtocol.c | 9 +- .../Disk/UdfDxe/FileSystemOperations.c | 2 + .../EbcDxe/EbcDebugger/EdbCmdSymbol.c | 5 + MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmp.c | 42 +- .../Universal/FaultTolerantWriteDxe/FtwMisc.c | 2 +- .../FaultTolerantWritePei.c | 3 +- .../FvSimpleFileSystem.c | 7 + .../FvSimpleFileSystemEntryPoint.c | 8 +- .../HiiDatabaseDxe/ConfigKeywordHandler.c | 186 +++-- .../Universal/HiiDatabaseDxe/ConfigRouting.c | 172 +++- .../Universal/HiiDatabaseDxe/Database.c | 109 +-- MdeModulePkg/Universal/HiiDatabaseDxe/Font.c | 43 +- .../HiiDatabaseDxe/HiiDatabaseDxe.inf | 1 + MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 3 +- .../Universal/HiiDatabaseDxe/String.c | 26 +- MdeModulePkg/Universal/PCD/Dxe/Pcd.c | 24 +- MdeModulePkg/Universal/PCD/Dxe/Service.c | 94 ++- MdeModulePkg/Universal/PCD/Pei/Pcd.c | 109 ++- MdeModulePkg/Universal/PCD/Pei/Service.c | 56 +- .../PlatDriOverrideDxe.c | 28 +- .../PlatDriOverrideLib.c | 12 +- .../RegularExpressionDxe.c | 2 +- .../Smm/ReportStatusCodeRouterCommon.c | 6 + .../SectionExtractionPei.c | 18 +- .../Universal/SetupBrowserDxe/Expression.c | 93 ++- .../Universal/SetupBrowserDxe/IfrParse.c | 762 +++++++++++++----- .../Universal/SetupBrowserDxe/Presentation.c | 174 ++-- .../Universal/SetupBrowserDxe/Setup.c | 526 ++++++++---- .../SmmCommunicationBufferDxe.c | 7 + .../Universal/Variable/Pei/Variable.c | 3 +- .../Universal/Variable/RuntimeDxe/Variable.c | 132 +-- .../RuntimeDxe/VariablePolicySmmDxe.c | 9 +- 132 files changed, 4224 insertions(+), 1864 deletions(-) diff --git a/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c b/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c index ef19319614..0320d63e15 100644 --- a/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c +++ b/MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenu.c @@ -1096,69 +1096,74 @@ BootManagerMenuEntry ( // Initialize Boot menu data // Status = InitializeBootMenuData (BootOption, BootOptionCount, &BootMenuData); - // - // According to boot menu data to draw boot popup menu - // - DrawBootPopupMenu (&BootMenuData); - - // - // check user input to determine want to re-draw or boot from user selected item - // - ExitApplication = FALSE; - while (!ExitApplication) { - gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); - Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); - if (!EFI_ERROR (Status)) { - switch (Key.UnicodeChar) { - case CHAR_NULL: - switch (Key.ScanCode) { - case SCAN_UP: - SelectItem = BootMenuData.SelectItem == 0 ? BootMenuData.ItemCount - 1 : BootMenuData.SelectItem - 1; - BootMenuSelectItem (SelectItem, &BootMenuData); - break; - - case SCAN_DOWN: - SelectItem = BootMenuData.SelectItem == BootMenuData.ItemCount - 1 ? 0 : BootMenuData.SelectItem + 1; - BootMenuSelectItem (SelectItem, &BootMenuData); - break; - - case SCAN_ESC: - gST->ConOut->ClearScreen (gST->ConOut); - ExitApplication = TRUE; - // - // Set boot resolution for normal boot - // - BdsSetConsoleMode (FALSE); - break; + // MU_CHANGE Start - CodeQL Change - Verify InitializeBootMenuData returned valid data + if (!EFI_ERROR (Status)) { + // + // According to boot menu data to draw boot popup menu + // + DrawBootPopupMenu (&BootMenuData); - default: - break; - } + // + // check user input to determine want to re-draw or boot from user selected item + // + ExitApplication = FALSE; + while (!ExitApplication) { + gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + if (!EFI_ERROR (Status)) { + switch (Key.UnicodeChar) { + case CHAR_NULL: + switch (Key.ScanCode) { + case SCAN_UP: + SelectItem = BootMenuData.SelectItem == 0 ? BootMenuData.ItemCount - 1 : BootMenuData.SelectItem - 1; + BootMenuSelectItem (SelectItem, &BootMenuData); + break; + + case SCAN_DOWN: + SelectItem = BootMenuData.SelectItem == BootMenuData.ItemCount - 1 ? 0 : BootMenuData.SelectItem + 1; + BootMenuSelectItem (SelectItem, &BootMenuData); + break; + + case SCAN_ESC: + gST->ConOut->ClearScreen (gST->ConOut); + ExitApplication = TRUE; + // + // Set boot resolution for normal boot + // + BdsSetConsoleMode (FALSE); + break; + + default: + break; + } - break; + break; - case CHAR_CARRIAGE_RETURN: - gST->ConOut->ClearScreen (gST->ConOut); - // - // Set boot resolution for normal boot - // - BdsSetConsoleMode (FALSE); - BootFromSelectOption (BootOption, BootOptionCount, BootMenuData.SelectItem); - // - // Back to boot manager menu again, set back to setup resolution - // - BdsSetConsoleMode (TRUE); - DrawBootPopupMenu (&BootMenuData); - break; + case CHAR_CARRIAGE_RETURN: + gST->ConOut->ClearScreen (gST->ConOut); + // + // Set boot resolution for normal boot + // + BdsSetConsoleMode (FALSE); + BootFromSelectOption (BootOption, BootOptionCount, BootMenuData.SelectItem); + // + // Back to boot manager menu again, set back to setup resolution + // + BdsSetConsoleMode (TRUE); + DrawBootPopupMenu (&BootMenuData); + break; - default: - break; + default: + break; + } } } + + EfiBootManagerFreeLoadOptions (BootOption, BootOptionCount); + FreePool (BootMenuData.PtrTokens); } - EfiBootManagerFreeLoadOptions (BootOption, BootOptionCount); - FreePool (BootMenuData.PtrTokens); + // MU_CHANGE End - CodeQL Change - Verify InitializeBootMenuData returned valid data HiiRemovePackages (gStringPackHandle); diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c index 7605153e97..442d08c6c0 100644 --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c @@ -993,7 +993,8 @@ DumpProvisionedCapsule ( // // Display description and device path // - GetEfiSysPartitionFromBootOptionFilePath (BootNextOptionEntry.FilePath, &DevicePath, &Fs); + // MU_CHANGE - CodeQL Change + Status = GetEfiSysPartitionFromBootOptionFilePath (BootNextOptionEntry.FilePath, &DevicePath, &Fs); if (!EFI_ERROR (Status)) { Print (L"Capsules are provisioned on BootOption: %s\n", BootNextOptionEntry.Description); Print (L" %s %s\n", ShellProtocol->GetMapFromDevicePath (&DevicePath), ConvertDevicePathToText (DevicePath, TRUE, TRUE)); diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c index 5ce5a50f7b..2718f0f12e 100644 --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c @@ -518,7 +518,12 @@ GetUpdateFileSystem ( // If map is assigned, try to get ESP from mapped Fs. // DevicePath = DuplicateDevicePath (MappedDevicePath); - Status = GetEfiSysPartitionFromDevPath (DevicePath, &FullPath, Fs); + // MU_CHANGE - CodeQl Change + if (DevicePath == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = GetEfiSysPartitionFromDevPath (DevicePath, &FullPath, Fs); if (EFI_ERROR (Status)) { Print (L"Error: Cannot get EFI system partition from '%s' - %r\n", Map, Status); return EFI_NOT_FOUND; diff --git a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c index a180cb7c67..89e4085501 100644 --- a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c +++ b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c @@ -614,7 +614,13 @@ DumpSmiHandler ( Print (L">\n"); ImageStruct = GetImageFromRef ((UINTN)SmiHandlerStruct->ImageRef); - NameString = GetDriverNameString (ImageStruct); + // MU_CHANGE - CodeQl Changes - If ImageStruct returned NULL, initialize NameString to an empty string + if (ImageStruct != NULL) { + NameString = GetDriverNameString (ImageStruct); + } else { + NameString = "\0"; + } + Print (L" \n", SmiHandlerStruct->ImageRef, NameString); if ((ImageStruct != NULL) && (ImageStruct->PdbStringOffset != 0)) { Print (L" %a\n", (UINT8 *)ImageStruct + ImageStruct->PdbStringOffset); diff --git a/MdeModulePkg/Application/UiApp/FrontPage.c b/MdeModulePkg/Application/UiApp/FrontPage.c index 0e784fb327..72326434fc 100644 --- a/MdeModulePkg/Application/UiApp/FrontPage.c +++ b/MdeModulePkg/Application/UiApp/FrontPage.c @@ -205,40 +205,44 @@ UpdateFrontPageForm ( // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); + // MU_CHANGE Start - CodeQl Change - Handle StartOpCodeHandle and EndOpCodeHandle allocation failures + if (StartOpCodeHandle != NULL) { + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + if (EndOpCodeHandle != NULL) { + // + // Create Hii Extend Label OpCode as the start opcode + // + StartGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartGuidLabel->Number = LABEL_FRONTPAGE_INFORMATION; + // + // Create Hii Extend Label OpCode as the end opcode + // + EndGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndGuidLabel->Number = LABEL_END; - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - // - // Create Hii Extend Label OpCode as the start opcode - // - StartGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - StartGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartGuidLabel->Number = LABEL_FRONTPAGE_INFORMATION; - // - // Create Hii Extend Label OpCode as the end opcode - // - EndGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - EndGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndGuidLabel->Number = LABEL_END; - - // - // Updata Front Page form - // - UiCustomizeFrontPage ( - gFrontPagePrivate.HiiHandle, - StartOpCodeHandle - ); - - HiiUpdateForm ( - gFrontPagePrivate.HiiHandle, - &mFrontPageGuid, - FRONT_PAGE_FORM_ID, - StartOpCodeHandle, - EndOpCodeHandle - ); + // + // Updata Front Page form + // + UiCustomizeFrontPage ( + gFrontPagePrivate.HiiHandle, + StartOpCodeHandle + ); + + HiiUpdateForm ( + gFrontPagePrivate.HiiHandle, + &mFrontPageGuid, + FRONT_PAGE_FORM_ID, + StartOpCodeHandle, + EndOpCodeHandle + ); + HiiFreeOpCodeHandle (EndOpCodeHandle); + } - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); + HiiFreeOpCodeHandle (StartOpCodeHandle); + } // // MU_CHANGE End - CodeQl Change - Handle StartOpCodeHandle and EndOpCodeHandle allocation failures } /** @@ -976,7 +980,10 @@ InitializeUserInterface ( UiSetConsoleMode (FALSE); UninitializeStringSupport (); - HiiRemovePackages (HiiHandle); + // MU_CHANGE Start - CodeQl Change - Deal with HiiHandle being NULL + if (HiiHandle != NULL) { + HiiRemovePackages (HiiHandle); + } return EFI_SUCCESS; } diff --git a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c index 8bc7883bb7..69b6440db4 100644 --- a/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c +++ b/MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c @@ -191,6 +191,12 @@ UiSupportLibCallbackHandler ( if (Action == EFI_BROWSER_ACTION_RETRIEVE) { if (QuestionId == FRONT_PAGE_KEY_LANGUAGE) { + // MU_CHANGE Start - CodeQl Change + if (Value == NULL) { + *Status = EFI_INVALID_PARAMETER; + return FALSE; + } + Value->u8 = gCurrentLanguageIndex; *Status = EFI_SUCCESS; } else { @@ -517,6 +523,8 @@ RequiredDriver ( UINTN TempSize; BOOLEAN RetVal; + Buffer = NULL; // MU_CHANGE - CodeQl Change + Status = HiiGetFormSetFromHiiHandle (HiiHandle, &Buffer, &BufferSize); if (EFI_ERROR (Status)) { return FALSE; diff --git a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/IdeMode.c b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/IdeMode.c index 19d7b4930c..490840f174 100644 --- a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/IdeMode.c +++ b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/IdeMode.c @@ -943,7 +943,7 @@ AtaPioDataInOut ( IN ATA_NONBLOCK_TASK *Task ) { - UINTN WordCount; + UINT64 WordCount; // MU_CHANGE - CodeQL Change - comparison mismatch UINTN Increment; UINT16 *Buffer16; EFI_STATUS Status; diff --git a/MdeModulePkg/Bus/Pci/IdeBusPei/AtapiPeim.c b/MdeModulePkg/Bus/Pci/IdeBusPei/AtapiPeim.c index 3f5462c257..0feaebea41 100644 --- a/MdeModulePkg/Bus/Pci/IdeBusPei/AtapiPeim.c +++ b/MdeModulePkg/Bus/Pci/IdeBusPei/AtapiPeim.c @@ -563,7 +563,8 @@ AtapiEnumerateDevices ( // // Using Command and Control Regs Base Address to fill other registers. // - for (Index1 = 0; Index1 < IdeEnabledNumber; Index1++) { + for (Index1 = 0; (UINT32)Index1 < IdeEnabledNumber; Index1++) { + // MU_CHANGE - CodeQl Change CommandBlockBaseAddr = IdeRegsBaseAddr[Index1].CommandBlockBaseAddr; AtapiBlkIoDev->IdeIoPortReg[Index1].Data = CommandBlockBaseAddr; AtapiBlkIoDev->IdeIoPortReg[Index1].Reg1.Feature = (UINT16)(CommandBlockBaseAddr + 0x1); diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index 620aa0b69f..2ae09e7f66 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c @@ -289,6 +289,8 @@ PciIoMemRead ( EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR *Desc; EFI_STATUS Status; + Desc = NULL; // MU_CHANGE - CodeQl Change + if (Buffer == NULL) { return EFI_INVALID_PARAMETER; } @@ -377,6 +379,8 @@ PciIoMemWrite ( EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR *Desc; EFI_STATUS Status; + Desc = NULL; // MS_CHANGE for vs2017 + if (Buffer == NULL) { return EFI_INVALID_PARAMETER; } @@ -1111,6 +1115,8 @@ NonCoherentPciIoAllocateBuffer ( NON_DISCOVERABLE_DEVICE_UNCACHED_ALLOCATION *Alloc; VOID *AllocAddress; + AllocAddress = NULL; // MS_CHANGE for vs2017 + if (HostAddress == NULL) { return EFI_INVALID_PARAMETER; } @@ -1243,6 +1249,8 @@ NonCoherentPciIoMap ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; BOOLEAN Bounce; + AllocAddress = NULL; // MS_CHANGE for vs2017 + if ((HostAddress == NULL) || (NumberOfBytes == NULL) || (DeviceAddress == NULL) || @@ -1610,6 +1618,8 @@ PciIoGetBarAttributes ( EFI_ACPI_END_TAG_DESCRIPTOR *End; EFI_STATUS Status; + BarDesc = NULL; // MS_CHANGE for vs2017 + if ((Supports == NULL) && (Resources == NULL)) { return EFI_INVALID_PARAMETER; } diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c index 0a6ef3a641..35bc4715c7 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressPassthru.c @@ -219,10 +219,10 @@ NvmeCreatePrpList ( OUT VOID **Mapping ) { - UINTN PrpEntryNo; + UINT64 PrpEntryNo; // MU_CHANGE - CodeQl Change - comparison mismatch UINT64 PrpListBase; - UINTN PrpListIndex; - UINTN PrpEntryIndex; + UINT64 PrpListIndex; // MU_CHANGE - CodeQl Change - comparison mismatch + UINT64 PrpEntryIndex; // MU_CHANGE - CodeQl Change - comparison mismatch UINT64 Remainder; EFI_PHYSICAL_ADDRESS PrpListPhyAddr; UINTN Bytes; diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c index fc7b684940..50b1c86910 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c @@ -564,14 +564,18 @@ NvmeControllerInit ( // // Dump the NVME controller implementation version // - NVME_GET_VER (Private, &Ver); - DEBUG ((DEBUG_INFO, "NVME controller implementation version: %d.%d\n", Ver.Mjr, Ver.Mnr)); + // MU_CHANGE - CodeQl Change - Check return status of NVME_GET_VER macro + Status = NVME_GET_VER (Private, &Ver); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "NVME controller implementation version: %d.%d\n", Ver.Mjr, Ver.Mnr)); + } // // Read the controller Capabilities register and verify that the NVM command set is supported // - NVME_GET_CAP (Private, &Private->Cap); - if ((Private->Cap.Css & BIT0) == 0) { + // MU_CHANGE - CodeQl Change - Check return status of NVME_GET_CAP macro + Status = NVME_GET_CAP (Private, &Private->Cap); + if ( !EFI_ERROR (Status) && ((Private->Cap.Css & BIT0) == 0)) { DEBUG ((DEBUG_ERROR, "%a: The NVME controller doesn't support NVMe command set.\n", __func__)); return EFI_UNSUPPORTED; } diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c index ac9328047f..86beb046b6 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c @@ -27,12 +27,12 @@ NvmeCreatePrpList ( IN UINTN Pages ) { - UINTN PrpEntryNo; + UINT64 PrpEntryNo; // MU_CHANGE - CodeQl Change - comparison mismatch UINTN PrpListNo; UINT64 PrpListBase; VOID *PrpListHost; UINTN PrpListIndex; - UINTN PrpEntryIndex; + UINT64 PrpEntryIndex; // MU_CHANGE - CodeQl Change - comparison mismatch UINT64 Remainder; EFI_PHYSICAL_ADDRESS PrpListPhyAddr; UINTN Bytes; diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumerator.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumerator.c index ce4778465a..d4362c03aa 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumerator.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumerator.c @@ -887,7 +887,10 @@ GetMaxResourceConsumerDevice ( && (Temp->ResourceUsage != PciResUsagePadding)) { PPBResNode = GetMaxResourceConsumerDevice (Temp); - PciResNode = GetLargerConsumerDevice (PciResNode, PPBResNode); + if (PPBResNode != NULL) { + // MU_CHANGE - CodeQl Change - Verify PPBResNode is non-null + PciResNode = GetLargerConsumerDevice (PciResNode, PPBResNode); + } } else { PciResNode = GetLargerConsumerDevice (PciResNode, Temp); } @@ -1439,11 +1442,11 @@ PciBridgeResourceAllocator ( IN PCI_IO_DEVICE *Bridge ) { - PCI_RESOURCE_NODE *IoBridge; - PCI_RESOURCE_NODE *Mem32Bridge; - PCI_RESOURCE_NODE *PMem32Bridge; - PCI_RESOURCE_NODE *Mem64Bridge; - PCI_RESOURCE_NODE *PMem64Bridge; + PCI_RESOURCE_NODE *IoBridge = NULL; + PCI_RESOURCE_NODE *Mem32Bridge = NULL; + PCI_RESOURCE_NODE *PMem32Bridge = NULL; + PCI_RESOURCE_NODE *Mem64Bridge = NULL; + PCI_RESOURCE_NODE *PMem64Bridge = NULL; UINT64 IoBase; UINT64 Mem32Base; UINT64 PMem32Base; @@ -1451,6 +1454,14 @@ PciBridgeResourceAllocator ( UINT64 PMem64Base; EFI_STATUS Status; + // MU_CHANGE Start - CodeQl Change + IoBridge = NULL; + Mem32Bridge = NULL; + PMem32Bridge = NULL; + Mem64Bridge = NULL; + PMem64Bridge = NULL; + // MU_CHANGE End - CodeQl Change + IoBridge = CreateResourceNode ( Bridge, 0, @@ -1459,6 +1470,12 @@ PciBridgeResourceAllocator ( PciBarTypeIo16, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (IoBridge == NULL) { + goto CleanupAndExit; + } + + // MU_CHANGE End - CodeQl Change Mem32Bridge = CreateResourceNode ( Bridge, @@ -1468,6 +1485,10 @@ PciBridgeResourceAllocator ( PciBarTypeMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Mem32Bridge == NULL) { + goto CleanupAndExit; + } PMem32Bridge = CreateResourceNode ( Bridge, @@ -1477,6 +1498,10 @@ PciBridgeResourceAllocator ( PciBarTypePMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (PMem32Bridge == NULL) { + goto CleanupAndExit; + } Mem64Bridge = CreateResourceNode ( Bridge, @@ -1486,6 +1511,10 @@ PciBridgeResourceAllocator ( PciBarTypeMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Mem64Bridge == NULL) { + goto CleanupAndExit; + } PMem64Bridge = CreateResourceNode ( Bridge, @@ -1495,6 +1524,10 @@ PciBridgeResourceAllocator ( PciBarTypePMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (PMem64Bridge == NULL) { + goto CleanupAndExit; + } // // Create resourcemap by going through all the devices subject to this root bridge @@ -1518,7 +1551,7 @@ PciBridgeResourceAllocator ( ); if (EFI_ERROR (Status)) { - return Status; + goto CleanupAndExit; // MU_CHANGE Start - CodeQl Change - On Error leave } // @@ -1561,17 +1594,35 @@ PciBridgeResourceAllocator ( PMem64Bridge ); - DestroyResourceTree (IoBridge); - DestroyResourceTree (Mem32Bridge); - DestroyResourceTree (PMem32Bridge); - DestroyResourceTree (PMem64Bridge); - DestroyResourceTree (Mem64Bridge); + // MU_CHANGE Start - CodeQl Change +CleanupAndExit: + + if (IoBridge != NULL) { + DestroyResourceTree (IoBridge); + gBS->FreePool (IoBridge); + } + + if (Mem32Bridge != NULL) { + DestroyResourceTree (Mem32Bridge); + gBS->FreePool (Mem32Bridge); + } + + if (PMem32Bridge != NULL) { + DestroyResourceTree (PMem32Bridge); + gBS->FreePool (PMem32Bridge); + } + + if (PMem64Bridge != NULL) { + DestroyResourceTree (PMem64Bridge); + gBS->FreePool (PMem64Bridge); + } + + if (Mem64Bridge != NULL) { + DestroyResourceTree (Mem64Bridge); + gBS->FreePool (Mem64Bridge); + } - gBS->FreePool (IoBridge); - gBS->FreePool (Mem32Bridge); - gBS->FreePool (PMem32Bridge); - gBS->FreePool (PMem64Bridge); - gBS->FreePool (Mem64Bridge); + // MU_CHANGE End - CodeQl Change return EFI_SUCCESS; } @@ -2021,14 +2072,12 @@ PciHotPlugRequestNotify ( return EFI_INVALID_PARAMETER; } - if (Operation == EfiPciHotPlugRequestAdd) { - if (ChildHandleBuffer == NULL) { - return EFI_INVALID_PARAMETER; - } - } else if ((Operation == EfiPciHotplugRequestRemove) && (*NumberOfChildren != 0)) { - if (ChildHandleBuffer == NULL) { - return EFI_INVALID_PARAMETER; - } + // MU_CHANGE Start - CodeQl Change - cpp/uselesstest - ChildHandleBuffer tested in every case + if ((Operation == EfiPciHotPlugRequestAdd) && (ChildHandleBuffer == NULL)) { + return EFI_INVALID_PARAMETER; + } else if ((Operation == EfiPciHotplugRequestRemove) && (*NumberOfChildren != 0) && (ChildHandleBuffer == NULL)) { + return EFI_INVALID_PARAMETER; + // MU_CHANGE End - CodeQl Change } Status = gBS->OpenProtocol ( diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c index b156a26154..d8abfda075 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c @@ -1468,6 +1468,12 @@ SupportPaletteSnoopAttributes ( // if (Temp->Parent == PciIoDevice->Parent) { Status = PCI_READ_COMMAND_REGISTER (Temp, &VGACommand); + // MU_CHANGE Start - CodeQl Change - Check return status + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + + // MU_CHANGE End - CodeQl Change - Check return status // // If they are on the same bus, either one can diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c index fbe859fb03..acc48e5c47 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c @@ -381,6 +381,13 @@ DumpResourceMap ( } ChildResources = AllocatePool (sizeof (PCI_RESOURCE_NODE *) * ChildResourceCount); + // MU_CHANGE Start - CodeQl Change - Check ChildResources before continuing + if (ChildResources == NULL) { + return; + } + + // MU_CHANGE End - CodeQl Change - Check ChildResources before continuing + ASSERT (ChildResources != NULL); ChildResourceCount = 0; for (Index = 0; Index < ResourceCount; Index++) { @@ -545,6 +552,12 @@ PciHostBridgeResourceAllocator ( PciBarTypeIo16, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (IoBridge == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQl Change Mem32Bridge = CreateResourceNode ( RootBridgeDev, @@ -554,6 +567,13 @@ PciHostBridgeResourceAllocator ( PciBarTypeMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Mem32Bridge == NULL) { + FreePool (IoBridge); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQl Change PMem32Bridge = CreateResourceNode ( RootBridgeDev, @@ -563,6 +583,14 @@ PciHostBridgeResourceAllocator ( PciBarTypePMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (PMem32Bridge == NULL) { + FreePool (IoBridge); + FreePool (Mem32Bridge); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQl Change Mem64Bridge = CreateResourceNode ( RootBridgeDev, @@ -572,6 +600,15 @@ PciHostBridgeResourceAllocator ( PciBarTypeMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Mem64Bridge == NULL) { + FreePool (IoBridge); + FreePool (Mem32Bridge); + FreePool (PMem32Bridge); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQl Change PMem64Bridge = CreateResourceNode ( RootBridgeDev, @@ -581,6 +618,16 @@ PciHostBridgeResourceAllocator ( PciBarTypePMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (PMem64Bridge == NULL) { + FreePool (IoBridge); + FreePool (Mem32Bridge); + FreePool (PMem32Bridge); + FreePool (Mem64Bridge); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQl Change // // Get the max ROM size that the root bridge can process @@ -1100,7 +1147,7 @@ PciScanBus ( EFI_HPC_STATE State; UINT64 PciAddress; EFI_HPC_PADDING_ATTRIBUTES Attributes; - VOID *DescriptorsBuffer = NULL; // MU_CHANGE + VOID *DescriptorsBuffer; EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR *Descriptors; EFI_ACPI_ADDRESS_SPACE_DESCRIPTOR *NextDescriptors; UINT16 BusRange; @@ -1109,16 +1156,17 @@ PciScanBus ( UINT32 TempReservedBusNum; BOOLEAN IsAriEnabled; - PciRootBridgeIo = Bridge->PciRootBridgeIo; - SecondBus = 0; - Register = 0; - State = 0; - Attributes = (EFI_HPC_PADDING_ATTRIBUTES)0; - BusRange = 0; - BusPadding = FALSE; - PciDevice = NULL; - PciAddress = 0; - IsAriEnabled = FALSE; + DescriptorsBuffer = NULL; // MU_CHANGE + PciRootBridgeIo = Bridge->PciRootBridgeIo; + SecondBus = 0; + Register = 0; + State = 0; + Attributes = (EFI_HPC_PADDING_ATTRIBUTES)0; + BusRange = 0; + BusPadding = FALSE; + PciDevice = NULL; + PciAddress = 0; + IsAriEnabled = FALSE; for (Device = 0; Device <= PCI_MAX_DEVICE; Device++) { if (!IsAriEnabled) { @@ -1258,7 +1306,7 @@ PciScanBus ( PciDevice->DevicePath, PciAddress, &State, - &DescriptorsBuffer, // MU_CHANGE + (VOID **)&DescriptorsBuffer, // MU_CHANGE - CodeQL Change &Attributes ); @@ -1844,7 +1892,8 @@ PciProgramResizableBar ( ); ASSERT_EFI_ERROR (Status); - for (Index = 0; Index < ResizableBarNumber; Index++) { + for (Index = 0; (UINTN)Index < ResizableBarNumber; Index++) { + // MU_CHANGE Start - CodeQl Change - comparison-with-wider-type // // When the bit of Capabilities Set, indicates that the Function supports // operating with the BAR sized to (2^Bit) MB. diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c index bd5ace18f6..9663b4639b 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c @@ -717,7 +717,10 @@ ProcessOpRomImage ( EfiOpRomImageNode.EndingOffset = (UINTN)RomBarOffset + ImageSize - 1 - (UINTN)RomBar; PciOptionRomImageDevicePath = AppendDevicePathNode (PciDevice->DevicePath, &EfiOpRomImageNode.Header); - ASSERT (PciOptionRomImageDevicePath != NULL); + if (PciOptionRomImageDevicePath == NULL) { + // MU_CHANGE Start - CodeQl Change + return EFI_NOT_FOUND; + } // // load image and start image diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c index 8ffd05f327..53072187ba 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c @@ -448,13 +448,18 @@ GetResourceFromDevice ( (PciDev->PciBar)[Index].BarType, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + Mem32Node, + Node + ); - InsertResourceNode ( - Mem32Node, - Node - ); + ResourceRequested = TRUE; + } + + // MU_CHANGE End - CodeQl Change - ResourceRequested = TRUE; break; case PciBarTypeMem64: @@ -467,13 +472,18 @@ GetResourceFromDevice ( PciBarTypeMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + Mem64Node, + Node + ); - InsertResourceNode ( - Mem64Node, - Node - ); + ResourceRequested = TRUE; + } + + // MU_CHANGE End - CodeQl Change - ResourceRequested = TRUE; break; case PciBarTypePMem64: @@ -486,13 +496,18 @@ GetResourceFromDevice ( PciBarTypePMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + PMem64Node, + Node + ); - InsertResourceNode ( - PMem64Node, - Node - ); + ResourceRequested = TRUE; + } + + // MU_CHANGE End - CodeQl Change - ResourceRequested = TRUE; break; case PciBarTypePMem32: @@ -505,12 +520,17 @@ GetResourceFromDevice ( PciBarTypePMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + PMem32Node, + Node + ); + ResourceRequested = TRUE; + } + + // MU_CHANGE End - CodeQl Change - InsertResourceNode ( - PMem32Node, - Node - ); - ResourceRequested = TRUE; break; case PciBarTypeIo16: @@ -524,12 +544,17 @@ GetResourceFromDevice ( PciBarTypeIo16, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + IoNode, + Node + ); + ResourceRequested = TRUE; + } + + // MU_CHANGE End - CodeQl Change - InsertResourceNode ( - IoNode, - Node - ); - ResourceRequested = TRUE; break; case PciBarTypeUnknown: @@ -555,11 +580,15 @@ GetResourceFromDevice ( PciBarTypeMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + Mem32Node, + Node + ); + } - InsertResourceNode ( - Mem32Node, - Node - ); + // MU_CHANGE End - CodeQl Change break; @@ -573,11 +602,15 @@ GetResourceFromDevice ( PciBarTypeMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + Mem64Node, + Node + ); + } - InsertResourceNode ( - Mem64Node, - Node - ); + // MU_CHANGE End - CodeQl Change break; @@ -591,11 +624,15 @@ GetResourceFromDevice ( PciBarTypePMem64, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + PMem64Node, + Node + ); + } - InsertResourceNode ( - PMem64Node, - Node - ); + // MU_CHANGE End - CodeQl Change break; @@ -609,11 +646,16 @@ GetResourceFromDevice ( PciBarTypePMem32, PciResUsageTypical ); + // MU_CHANGE Start - CodeQl Change + if (Node != NULL) { + InsertResourceNode ( + PMem32Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - InsertResourceNode ( - PMem32Node, - Node - ); break; case PciBarTypeIo16: @@ -820,6 +862,35 @@ CreateResourceMap ( PciResUsageTypical ); + // MU_CHANGE Startv- CodeQL change + if ((IoBridge == NULL) || (Mem32Bridge == NULL) || (PMem32Bridge == NULL) || + (Mem64Bridge == NULL) || (PMem64Bridge == NULL)) + { + if (IoBridge != NULL) { + FreePool (IoBridge); + } + + if (Mem32Bridge != NULL) { + FreePool (Mem32Bridge); + } + + if (PMem32Bridge != NULL) { + FreePool (PMem32Bridge); + } + + if (Mem64Bridge != NULL) { + FreePool (Mem64Bridge); + } + + if (PMem64Bridge != NULL) { + FreePool (PMem64Bridge); + } + + return; + } + + // MU_CHANGE End - CodeQL change + // // Recursively create resource map on this bridge // @@ -1813,11 +1884,16 @@ ResourcePaddingForCardBusBridge ( PciBarTypeMem32, PciResUsagePadding ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + ASSERT (Node != NULL); + if (Node != NULL) { + InsertResourceNode ( + Mem32Node, + Node + ); + } - InsertResourceNode ( - Mem32Node, - Node - ); + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL // // Memory Base/Limit Register 1 @@ -1832,10 +1908,16 @@ ResourcePaddingForCardBusBridge ( PciResUsagePadding ); - InsertResourceNode ( - PMem32Node, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + ASSERT (Node != NULL); + if (Node != NULL) { + InsertResourceNode ( + PMem32Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL // // Io Base/Limit @@ -1850,10 +1932,16 @@ ResourcePaddingForCardBusBridge ( PciResUsagePadding ); - InsertResourceNode ( - IoNode, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + ASSERT (Node != NULL); + if (Node != NULL) { + InsertResourceNode ( + IoNode, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL // // Io Base/Limit @@ -1868,10 +1956,16 @@ ResourcePaddingForCardBusBridge ( PciResUsagePadding ); - InsertResourceNode ( - IoNode, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + ASSERT (Node != NULL); + if (Node != NULL) { + InsertResourceNode ( + IoNode, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } /** @@ -2142,10 +2236,16 @@ ApplyResourcePadding ( PciBarTypeIo16, PciResUsagePadding ); - InsertResourceNode ( - IoNode, - Node - ); + + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + if (Node != NULL) { + InsertResourceNode ( + IoNode, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } Ptr++; @@ -2167,10 +2267,15 @@ ApplyResourcePadding ( PciBarTypePMem32, PciResUsagePadding ); - InsertResourceNode ( - PMem32Node, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + if (Node != NULL) { + InsertResourceNode ( + PMem32Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } Ptr++; @@ -2190,10 +2295,15 @@ ApplyResourcePadding ( PciBarTypeMem32, PciResUsagePadding ); - InsertResourceNode ( - Mem32Node, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + if (Node != NULL) { + InsertResourceNode ( + Mem32Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } Ptr++; @@ -2215,10 +2325,15 @@ ApplyResourcePadding ( PciBarTypePMem64, PciResUsagePadding ); - InsertResourceNode ( - PMem64Node, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + if (Node != NULL) { + InsertResourceNode ( + PMem64Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } Ptr++; @@ -2238,10 +2353,15 @@ ApplyResourcePadding ( PciBarTypeMem64, PciResUsagePadding ); - InsertResourceNode ( - Mem64Node, - Node - ); + // MU_CHANGE Start - CodeQl Change - CreateResourceNode returning a NULL + if (Node != NULL) { + InsertResourceNode ( + Mem64Node, + Node + ); + } + + // MU_CHANGE End - CodeQl Change - CreateResourceNode returning a NULL } Ptr++; diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c index 6336e92be5..c91a1540a4 100644 --- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c +++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridge.c @@ -681,6 +681,12 @@ ResourceConflict ( sizeof (EFI_ACPI_END_TAG_DESCRIPTOR) ); ASSERT (Resources != NULL); + // MU_CHANGE Start - CodeQl Change - Handle Allocation Failing + if (Resources == NULL) { + return; + } + + // MU_CHANGE End - CodeQl Change - Handle Allocation Failing for (Link = GetFirstNode (&HostBridge->RootBridges), Descriptor = Resources ; !IsNull (&HostBridge->RootBridges, Link) diff --git a/MdeModulePkg/Bus/Pci/PciSioSerialDxe/Serial.c b/MdeModulePkg/Bus/Pci/PciSioSerialDxe/Serial.c index 8b1ce70118..1b603afb70 100644 --- a/MdeModulePkg/Bus/Pci/PciSioSerialDxe/Serial.c +++ b/MdeModulePkg/Bus/Pci/PciSioSerialDxe/Serial.c @@ -891,8 +891,8 @@ SerialControllerDriverStart ( ControllerNumber = 0; ContainsControllerNode = FALSE; SerialDevices = GetChildSerialDevices (Controller, IoProtocolGuid, &SerialDeviceCount); - - if (SerialDeviceCount != 0) { + // MU_CHANGE - CodeQL Change - Ensure SerialDevices is not NULL + if ((SerialDevices != NULL) && (SerialDeviceCount != 0)) { if (RemainingDevicePath == NULL) { // // If the SerialIo instance is already created, NULL as RemainingDevicePath is treated @@ -1016,7 +1016,14 @@ SerialControllerDriverStart ( // Restore the PCI attributes when all children is destroyed (PciDeviceInfo->ChildCount == 0). // PciDeviceInfo = AllocatePool (sizeof (PCI_DEVICE_INFO)); - ASSERT (PciDeviceInfo != NULL); + // MU_CHANGE Start - CodeQL Change - If AllocatePool fails, return + if (PciDeviceInfo == NULL) { + ASSERT (PciDeviceInfo != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - If AllocatePool fails, return + PciDeviceInfo->ChildCount = 0; PciDeviceInfo->PciIo = ParentIo.PciIo; Status = ParentIo.PciIo->Attributes ( diff --git a/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c b/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c index 8a85a6c3b8..0bdc52cdef 100644 --- a/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c +++ b/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c @@ -1234,7 +1234,7 @@ SerialRead ( ) { SERIAL_DEV *SerialDevice; - UINT32 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type UINT8 *CharBuffer; UINTN Elapsed; EFI_STATUS Status; diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.c b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.c index 8496ce4727..c11992021a 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.c +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.c @@ -545,6 +545,7 @@ SdMmcPciHcDriverBindingStart ( EFI_PCI_IO_PROTOCOL *PciIo; UINT64 Supports; UINT64 PciAttributes; + UINT8 SlotMax; // MU_CHANGE - CodeQL Change UINT8 SlotNum; UINT8 FirstBar; UINT8 Slot; @@ -647,7 +648,15 @@ SdMmcPciHcDriverBindingStart ( } Support64BitDma = TRUE; - for (Slot = FirstBar; Slot < (FirstBar + SlotNum); Slot++) { + // MU_CHANGE Start - CodeQL Change - Handle overflow + Status = SafeUint8Add (FirstBar, SlotNum, &SlotMax); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Overflow when calculating SlotMax!\n", __FUNCTION__)); + goto Done; + } + + for (Slot = FirstBar; Slot < SlotMax; Slot++) { + // MU_CHANGE Start - CodeQL Change - Handle overflow Private->Slot[Slot].Enable = TRUE; // // Get SD/MMC Pci Host Controller Version diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.h b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.h index b76c7cffa2..08f8a5c0f4 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.h +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.h @@ -25,6 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include // MU_CHANGE - CodeQL Change - Enable SafeIntLib usage #include #include diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf index e502443ddd..29b5233087 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf @@ -57,6 +57,7 @@ UefiDriverEntryPoint DebugLib PcdLib + SafeIntLib # MU_CHANGE - CodeQL Change [Protocols] gEdkiiSdMmcOverrideProtocolGuid ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c index 2e7497a89d..e597526243 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c @@ -1472,7 +1472,7 @@ BuildAdmaDescTable ( EFI_PHYSICAL_ADDRESS Data; UINT64 DataLen; UINT64 Entries; - UINT32 Index; + UINT64 Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type UINT64 Remaining; UINT64 Address; UINTN TableSize; diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.c b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.c index 89e0a1b6a4..2c8803cfbf 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.c +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.c @@ -84,6 +84,7 @@ InitializeSdMmcHcPeim ( UINT8 SubClass; UINT8 BaseClass; UINT8 SlotInfo; + UINT8 SlotMax; // MU_CHANGE Start - CodeQL Change UINT8 SlotNum; UINT8 FirstBar; UINT8 Index; @@ -133,7 +134,15 @@ InitializeSdMmcHcPeim ( SlotNum = (*(SD_MMC_HC_PEI_SLOT_INFO *)&SlotInfo).SlotNum + 1; ASSERT ((FirstBar + SlotNum) < MAX_SD_MMC_SLOTS); - for (Index = 0, Slot = FirstBar; Slot < (FirstBar + SlotNum); Index++, Slot++) { + // MU_CHANGE Start - CodeQL Change - Handle overflow + Status = SafeUint8Add (FirstBar, SlotNum, &SlotMax); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Overflow when calculating SlotMax!\n", __FUNCTION__)); + return Status; + } + + for (Index = 0, Slot = FirstBar; Slot < SlotMax; Index++, Slot++) { + // MU_CHANGE End - CodeQL Change - Handle overflow // // Get the SD/MMC Pci host controller's MMIO region size. // diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.h b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.h index ade59dd6e3..f8beda01c0 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.h +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.h @@ -21,6 +21,7 @@ #include #include #include +#include // MU_CHANGE - CodeQL Change - Enable SafeIntLib usage #define SD_MMC_HC_PEI_SIGNATURE SIGNATURE_32 ('S', 'D', 'M', 'C') diff --git a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.inf b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.inf index 6879055300..54e53ba7b3 100644 --- a/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.inf +++ b/MdeModulePkg/Bus/Pci/SdMmcPciHcPei/SdMmcPciHcPei.inf @@ -37,6 +37,7 @@ PeiServicesLib MemoryAllocationLib PeimEntryPoint + SafeIntLib # MU_CHANGE - CodeQL Change [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdSdMmcPciHostControllerMmioBase ## CONSUMES diff --git a/MdeModulePkg/Bus/Pci/UhciPei/UhcPeim.c b/MdeModulePkg/Bus/Pci/UhciPei/UhcPeim.c index 96abf3ab13..b8f270cee7 100644 --- a/MdeModulePkg/Bus/Pci/UhciPei/UhcPeim.c +++ b/MdeModulePkg/Bus/Pci/UhciPei/UhcPeim.c @@ -272,7 +272,8 @@ UhcControlTransfer ( StatusReg = UhcDev->UsbHostControllerBaseAddress + USBSTS; - PktID = INPUT_PACKET_ID; + PktID = INPUT_PACKET_ID; + DataMap = NULL; // MU_CHANGE - CodeQL Change RequestMap = NULL; @@ -546,6 +547,7 @@ UhcBulkTransfer ( PtrTD = NULL; PtrFirstTD = NULL; PtrPreTD = NULL; + DataMap = NULL; // MU_CHANGE - CodeQL Change DataLen = 0; ShortPacketEnable = FALSE; @@ -2848,6 +2850,8 @@ InitializeMemoryManagement ( EFI_STATUS Status; UINTN MemPages; + MemoryHeader = NULL; // MU_CHANGE - CodeQL Change - TCBZ1559 + MemPages = NORMAL_MEMORY_BLOCK_UNIT_IN_PAGES; Status = CreateMemoryBlock (UhcDev, &MemoryHeader, MemPages); if (EFI_ERROR (Status)) { @@ -2886,6 +2890,8 @@ UhcAllocatePool ( *Pool = NULL; + NewMemoryHeader = NULL; // MU_CHANGE - CodeQL Change - TCBZ1559 + MemoryHeader = UhcDev->Header1; // diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c index e4779f5514..9c3737dce0 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c @@ -513,7 +513,14 @@ XhcInitSched ( Entries = (Xhc->MaxSlotsEn + 1) * sizeof (UINT64); Dcbaa = UsbHcAllocateMem (Xhc->MemPool, Entries, FALSE); ASSERT (Dcbaa != NULL); - ZeroMem (Dcbaa, Entries); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (Dcbaa != NULL) { + ZeroMem (Dcbaa, Entries); + } else { + return; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use // // A Scratchpad Buffer is a PAGESIZE block of system memory located on a PAGESIZE boundary. @@ -803,6 +810,13 @@ CreateEventRing ( Buf = UsbHcAllocateMem (Xhc->MemPool, Size, TRUE); ASSERT (Buf != NULL); ASSERT (((UINTN)Buf & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (Buf == NULL) { + return; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (Buf, Size); EventRing->EventRingSeg0 = Buf; @@ -822,6 +836,13 @@ CreateEventRing ( Buf = UsbHcAllocateMem (Xhc->MemPool, Size, FALSE); ASSERT (Buf != NULL); ASSERT (((UINTN)Buf & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (Buf == NULL) { + return; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (Buf, Size); ERSTBase = (EVENT_RING_SEG_TABLE_ENTRY *)Buf; @@ -900,6 +921,13 @@ CreateTransferRing ( Buf = UsbHcAllocateMem (Xhc->MemPool, sizeof (TRB_TEMPLATE) * TrbNum, TRUE); ASSERT (Buf != NULL); ASSERT (((UINTN)Buf & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (Buf == NULL) { + return; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (Buf, sizeof (TRB_TEMPLATE) * TrbNum); TransferRing->RingSeg0 = Buf; @@ -2203,6 +2231,13 @@ XhcInitializeDeviceSlot ( InputContext = UsbHcAllocateMem (Xhc->MemPool, sizeof (INPUT_CONTEXT), FALSE); ASSERT (InputContext != NULL); ASSERT (((UINTN)InputContext & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (InputContext == NULL) { + return RETURN_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (InputContext, sizeof (INPUT_CONTEXT)); Xhc->UsbDevContext[SlotId].InputContext = (VOID *)InputContext; @@ -2306,6 +2341,13 @@ XhcInitializeDeviceSlot ( OutputContext = UsbHcAllocateMem (Xhc->MemPool, sizeof (DEVICE_CONTEXT), FALSE); ASSERT (OutputContext != NULL); ASSERT (((UINTN)OutputContext & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (OutputContext == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (OutputContext, sizeof (DEVICE_CONTEXT)); Xhc->UsbDevContext[SlotId].OutputContext = OutputContext; @@ -2428,6 +2470,13 @@ XhcInitializeDeviceSlot64 ( InputContext = UsbHcAllocateMem (Xhc->MemPool, sizeof (INPUT_CONTEXT_64), FALSE); ASSERT (InputContext != NULL); ASSERT (((UINTN)InputContext & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (InputContext == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (InputContext, sizeof (INPUT_CONTEXT_64)); Xhc->UsbDevContext[SlotId].InputContext = (VOID *)InputContext; @@ -2531,6 +2580,13 @@ XhcInitializeDeviceSlot64 ( OutputContext = UsbHcAllocateMem (Xhc->MemPool, sizeof (DEVICE_CONTEXT_64), FALSE); ASSERT (OutputContext != NULL); ASSERT (((UINTN)OutputContext & 0x3F) == 0); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (OutputContext == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + ZeroMem (OutputContext, sizeof (DEVICE_CONTEXT_64)); Xhc->UsbDevContext[SlotId].OutputContext = OutputContext; diff --git a/MdeModulePkg/Bus/Pci/XhciPei/UsbHcMem.c b/MdeModulePkg/Bus/Pci/XhciPei/UsbHcMem.c index 88db5fe46e..82271f6fff 100644 --- a/MdeModulePkg/Bus/Pci/XhciPei/UsbHcMem.c +++ b/MdeModulePkg/Bus/Pci/XhciPei/UsbHcMem.c @@ -32,6 +32,8 @@ UsbHcAllocMemBlock ( UINTN PageNumber; EFI_PHYSICAL_ADDRESS TempPtr; + Mapping = NULL; // MU_CHANGE Start - CodeQL Change + PageNumber = EFI_SIZE_TO_PAGES (sizeof (USBHC_MEM_BLOCK)); Status = PeiServicesAllocatePages ( EfiBootServicesData, diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c index e79110c14e..ae9b3f9c74 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c @@ -2535,8 +2535,8 @@ ScsiDiskInquiryDevice ( EFI_SCSI_SENSE_DATA *SenseDataArray; UINTN NumberOfSenseKeys; EFI_STATUS Status; - UINT8 MaxRetry; - UINT8 Index; + UINT32 MaxRetry; // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type + UINT32 Index; // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type EFI_SCSI_SUPPORTED_VPD_PAGES_VPD_PAGE *SupportedVpdPages; EFI_SCSI_BLOCK_LIMITS_VPD_PAGE *BlockLimits; UINTN PageLength; @@ -2619,7 +2619,8 @@ ScsiDiskInquiryDevice ( // // Locate the code for the Block Limits VPD page // - for (Index = 0; Index < PageLength; Index++) { + for (Index = 0; (UINTN)Index < PageLength; Index++) { + // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type // // Sanity check // diff --git a/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHcMem.c b/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHcMem.c index 6778254b61..fc5872715d 100644 --- a/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHcMem.c +++ b/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHcMem.c @@ -30,6 +30,7 @@ EmmcPeimAllocMemBlock ( TempPtr = NULL; Block = NULL; + Mapping = NULL; // MU_CHANGE Start - CodeQL Change Status = PeiServicesAllocatePool (sizeof (EMMC_PEIM_MEM_BLOCK), &TempPtr); if (EFI_ERROR (Status)) { diff --git a/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHci.c b/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHci.c index bafd71e9b5..328a046ad5 100644 --- a/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHci.c +++ b/MdeModulePkg/Bus/Sd/EmmcBlockIoPei/EmmcHci.c @@ -934,7 +934,7 @@ BuildAdmaDescTable ( EFI_PHYSICAL_ADDRESS Data; UINT64 DataLen; UINT64 Entries; - UINT32 Index; + UINT64 Index; // MU_CHANGE - CodeQL Change - Comparison size mismatch UINT64 Remaining; UINT32 Address; diff --git a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdHcMem.c b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdHcMem.c index 27aec1fbf3..2a92f31adf 100644 --- a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdHcMem.c +++ b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdHcMem.c @@ -30,6 +30,7 @@ SdPeimAllocMemBlock ( TempPtr = NULL; Block = NULL; + Mapping = NULL; // MU_CHANGE Start - CodeQL Change Status = PeiServicesAllocatePool (sizeof (SD_PEIM_MEM_BLOCK), &TempPtr); if (EFI_ERROR (Status)) { diff --git a/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHcMem.c b/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHcMem.c index 562a77676c..0e6753b56f 100644 --- a/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHcMem.c +++ b/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHcMem.c @@ -31,6 +31,7 @@ UfsPeimAllocMemBlock ( TempPtr = NULL; Block = NULL; + Mapping = NULL; // MU_CHANGE Start - CodeQL Change Status = PeiServicesAllocatePool (sizeof (UFS_PEIM_MEM_BLOCK), &TempPtr); if (EFI_ERROR (Status)) { diff --git a/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c b/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c index d19a7fed6e..a9d541be3b 100644 --- a/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c +++ b/MdeModulePkg/Bus/Ufs/UfsBlockIoPei/UfsHci.c @@ -317,7 +317,7 @@ UfsInitUtpPrdt ( IN UINT32 BufferSize ) { - UINT32 PrdtIndex; + UINTN PrdtIndex; // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type UINT32 RemainingLen; UINT8 *Remaining; UINTN PrdtNumber; diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c index 4a9fa01e7d..820b089cb5 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c @@ -405,7 +405,8 @@ UfsInitUtpPrdt ( Remaining = Buffer; PrdtNumber = (UINTN)DivU64x32 ((UINT64)BufferSize + UFS_MAX_DATA_LEN_PER_PRD - 1, UFS_MAX_DATA_LEN_PER_PRD); - for (PrdtIndex = 0; PrdtIndex < PrdtNumber; PrdtIndex++) { + for (PrdtIndex = 0; (UINTN)PrdtIndex < PrdtNumber; PrdtIndex++) { + // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type if (RemainingLen < UFS_MAX_DATA_LEN_PER_PRD) { Prdt[PrdtIndex].DbCount = (UINT32)RemainingLen - 1; } else { diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBus.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBus.c index e31411950f..ff5c4cf412 100644 --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBus.c +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBus.c @@ -826,7 +826,7 @@ UsbIoGetStringDescriptor ( EFI_USB_STRING_DESCRIPTOR *StrDesc; EFI_TPL OldTpl; UINT8 *Buf; - UINT8 Index; + UINT16 Index; // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type` EFI_STATUS Status; if ((StringIndex == 0) || (LangID == 0)) { diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c index acb562da29..31280ec955 100644 --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c @@ -1028,7 +1028,9 @@ UsbUpdateDescriptors ( UsbCtrlGetDesc (UsbDev, USB_DESC_TYPE_DEVICE, 0, 0, &DevDesc, sizeof (EFI_USB_DEVICE_DESCRIPTOR)); for (Index = 0; Index < DevDesc.NumConfigurations; Index++) { ConfDesc = UsbGetOneConfig (UsbDev, Index); - FreePool (ConfDesc); + if (ConfDesc != NULL) { + FreePool (ConfDesc); + } } return; diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbUtility.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbUtility.c index 740e7babb0..973ff9cffe 100644 --- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbUtility.c +++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbUtility.c @@ -957,6 +957,7 @@ UsbBusAddWantedUsbIoDP ( EFI_STATUS Status; EFI_DEVICE_PATH_PROTOCOL *DevicePathPtr; + DevicePathPtr = NULL; // MU_CHANGE Start - CodeQL Change // // Check whether remaining device path is valid // @@ -1001,9 +1002,15 @@ UsbBusAddWantedUsbIoDP ( } ASSERT (DevicePathPtr != NULL); - Status = AddUsbDPToList (DevicePathPtr, &Bus->WantedUsbIoDPList); - ASSERT (!EFI_ERROR (Status)); - FreePool (DevicePathPtr); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (DevicePathPtr != NULL) { + Status = AddUsbDPToList (DevicePathPtr, &Bus->WantedUsbIoDPList); + ASSERT (!EFI_ERROR (Status)); + FreePool (DevicePathPtr); + } + + // MU_CHANGE End - CodeQL Change - Check allocation before use + return EFI_SUCCESS; } @@ -1060,7 +1067,12 @@ UsbBusIsWantedUsbIO ( // Create new Usb device path according to the usb part in UsbIo full device path // DevicePathPtr = GetUsbDPFromFullDP (UsbIf->DevicePath); - ASSERT (DevicePathPtr != NULL); + // MU_CHANGE Start - CodeQL Change - Check before use + if (DevicePathPtr == NULL) { + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - Check before use DoConvert = FALSE; WantedListIndex = WantedUsbIoDPListPtr->ForwardLink; diff --git a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c index 6d67e82504..0addca6f0d 100644 --- a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c +++ b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c @@ -437,16 +437,20 @@ GetCurrentKeyboardLayout ( if (Status == EFI_BUFFER_TOO_SMALL) { KeyboardLayout = AllocatePool (Length); ASSERT (KeyboardLayout != NULL); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (KeyboardLayout != NULL) { + Status = HiiDatabase->GetKeyboardLayout ( + HiiDatabase, + NULL, + &Length, + KeyboardLayout + ); + if (EFI_ERROR (Status)) { + FreePool (KeyboardLayout); + KeyboardLayout = NULL; + } - Status = HiiDatabase->GetKeyboardLayout ( - HiiDatabase, - NULL, - &Length, - KeyboardLayout - ); - if (EFI_ERROR (Status)) { - FreePool (KeyboardLayout); - KeyboardLayout = NULL; + // MU_CHANGE End - CodeQL Change - Check allocation before use } } @@ -683,7 +687,12 @@ SetKeyboardLayoutEvent ( // TableEntry = GetKeyDescriptor (UsbKeyboardDevice, 0x58); KeyDescriptor = GetKeyDescriptor (UsbKeyboardDevice, 0x28); - CopyMem (TableEntry, KeyDescriptor, sizeof (EFI_KEY_DESCRIPTOR)); + // MU_CHANGE Start - CodeQL Change - Check pointers before use + if ((TableEntry != NULL) && (KeyDescriptor != NULL)) { + CopyMem (TableEntry, KeyDescriptor, sizeof (EFI_KEY_DESCRIPTOR)); + } + + // MU_CHANGE End - CodeQL Change - Check pointers before use FreePool (KeyboardLayout); } diff --git a/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointer.c b/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointer.c index 770547c4b0..06e2e6e930 100644 --- a/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointer.c +++ b/MdeModulePkg/Bus/Usb/UsbMouseAbsolutePointerDxe/UsbMouseAbsolutePointer.c @@ -160,7 +160,14 @@ USBMouseAbsolutePointerDriverBindingStart ( } UsbMouseAbsolutePointerDevice = AllocateZeroPool (sizeof (USB_MOUSE_ABSOLUTE_POINTER_DEV)); - ASSERT (UsbMouseAbsolutePointerDevice != NULL); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (UsbMouseAbsolutePointerDevice == NULL) { + ASSERT (UsbMouseAbsolutePointerDevice != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto ErrorExit; + } + + // MU_CHANGE Start - CodeQL Change - Check allocation before use UsbMouseAbsolutePointerDevice->UsbIo = UsbIo; UsbMouseAbsolutePointerDevice->Signature = USB_MOUSE_ABSOLUTE_POINTER_DEV_SIGNATURE; @@ -631,7 +638,14 @@ InitializeUsbMouseDevice ( } ReportDesc = AllocateZeroPool (MouseHidDesc->HidClassDesc[0].DescriptorLength); - ASSERT (ReportDesc != NULL); + // MU_CHANGE Start - CodeQL Change - Check allocation before use + if (ReportDesc == NULL) { + ASSERT (ReportDesc != NULL); + FreePool (Buf); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQL Change - Check allocation before use Status = UsbGetReportDescriptor ( UsbIo, diff --git a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c index 4b184c1dbe..023af6ca96 100644 --- a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c @@ -776,7 +776,13 @@ FvIsBeingProcessed ( } KnownHandle = AllocateZeroPool (sizeof (KNOWN_HANDLE)); - ASSERT (KnownHandle != NULL); + // MU_CHANGE Start - CodeQL Change + if (KnownHandle == NULL) { + ASSERT (KnownHandle != NULL); + return NULL; + } + + // MU_CHANGE Start - CodeQL Change KnownHandle->Signature = KNOWN_HANDLE_SIGNATURE; KnownHandle->Handle = FvHandle; @@ -853,6 +859,7 @@ CoreFvToDevicePath ( @retval EFI_ALREADY_STARTED The driver has already been started. Only one DriverName may be active in the system at any one time. + @retval EFI_OUT_OF_RESOURCES If memory could not be allocated for the DriverEntry. // MU_CHANGE - CodeQL change **/ EFI_STATUS @@ -870,7 +877,13 @@ CoreAddToDriverList ( // NULL or FALSE. // DriverEntry = AllocateZeroPool (sizeof (EFI_CORE_DRIVER_ENTRY)); - ASSERT (DriverEntry != NULL); + // MU_CHANGE Start - CodeQL Change + if (DriverEntry == NULL) { + ASSERT (DriverEntry != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE Start - CodeQL Change if (Type == EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE) { DriverEntry->IsFvImage = TRUE; } @@ -1053,13 +1066,17 @@ CoreProcessFvImageFile ( // if (gSecurity != NULL) { FvFileDevicePath = CoreFvToDevicePath (Fv, FvHandle, FileName); - Status = gSecurity->FileAuthenticationState ( - gSecurity, - AuthenticationStatus, - FvFileDevicePath - ); + // MU_CHANGE Start - CodeQL Change if (FvFileDevicePath != NULL) { + Status = gSecurity->FileAuthenticationState ( + gSecurity, + AuthenticationStatus, + FvFileDevicePath + ); FreePool (FvFileDevicePath); + } else { + Status = EFI_OUT_OF_RESOURCES; + // MU_CHANGE End - CodeQL Change } if (Status != EFI_SUCCESS) { diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c index 38a62fc9a8..35259ab347 100644 --- a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c +++ b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c @@ -163,7 +163,13 @@ CoreDumpGcdMemorySpaceMap ( // MU_CHANGE END Status = CoreGetMemorySpaceMap (&NumberOfDescriptors, &MemorySpaceMap); - ASSERT (Status == EFI_SUCCESS && MemorySpaceMap != NULL); + // MU_CHANGE Start - CodeQL Change + if (!((Status == EFI_SUCCESS) && (MemorySpaceMap != NULL))) { + ASSERT ((Status == EFI_SUCCESS) && (MemorySpaceMap != NULL)); + return; + } + + // MU_CHANGE End - CodeQL Change if (InitialMap) { DEBUG ((DEBUG_GCD, "GCD:Initial GCD Memory Space Map\n")); @@ -209,7 +215,13 @@ CoreDumpGcdIoSpaceMap ( UINTN Index; Status = CoreGetIoSpaceMap (&NumberOfDescriptors, &IoSpaceMap); - ASSERT (Status == EFI_SUCCESS && IoSpaceMap != NULL); + // MU_CHANGE Start - CodeQL Change + if (!((Status == EFI_SUCCESS) && (IoSpaceMap != NULL))) { + ASSERT ((Status == EFI_SUCCESS) && (IoSpaceMap != NULL)); + return; + } + + // MU_CHANGE End - CodeQL Change if (InitialMap) { DEBUG ((DEBUG_GCD, "GCD:Initial GCD I/O Space Map\n")); @@ -777,7 +789,8 @@ CoreConvertSpace ( // Search for the list of descriptors that cover the range BaseAddress to BaseAddress+Length // Status = CoreSearchGcdMapEntry (BaseAddress, Length, &StartLink, &EndLink, Map); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((StartLink == NULL) || (EndLink == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_UNSUPPORTED; goto Done; @@ -896,7 +909,8 @@ CoreConvertSpace ( // Allocate work space to perform this operation // Status = CoreAllocateGcdMapEntry (&TopEntry, &BottomEntry); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((TopEntry == NULL) || (BottomEntry == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_OUT_OF_RESOURCES; goto Done; } @@ -1194,7 +1208,8 @@ CoreAllocateSpace ( // Search for the list of descriptors that cover the range BaseAddress to BaseAddress+Length // Status = CoreSearchGcdMapEntry (*BaseAddress, Length, &StartLink, &EndLink, Map); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((StartLink == NULL) || (EndLink == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_NOT_FOUND; goto Done; } @@ -1287,7 +1302,8 @@ CoreAllocateSpace ( // Search for the list of descriptors that cover the range BaseAddress to BaseAddress+Length // Status = CoreSearchGcdMapEntry (*BaseAddress, Length, &StartLink, &EndLink, Map); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((StartLink == NULL) || (EndLink == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_NOT_FOUND; goto Done; } @@ -1327,7 +1343,8 @@ CoreAllocateSpace ( // Allocate work space to perform this operation // Status = CoreAllocateGcdMapEntry (&TopEntry, &BottomEntry); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((TopEntry == NULL) || (BottomEntry == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_OUT_OF_RESOURCES; goto Done; } @@ -1640,7 +1657,8 @@ CoreGetMemorySpaceDescriptor ( // Search for the list of descriptors that contain BaseAddress // Status = CoreSearchGcdMapEntry (BaseAddress, 1, &StartLink, &EndLink, &mGcdMemorySpaceMap); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((StartLink == NULL) || (EndLink == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_NOT_FOUND; } else { ASSERT (StartLink != NULL && EndLink != NULL); @@ -2025,7 +2043,8 @@ CoreGetIoSpaceDescriptor ( // Search for the list of descriptors that contain BaseAddress // Status = CoreSearchGcdMapEntry (BaseAddress, 1, &StartLink, &EndLink, &mGcdIoSpaceMap); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || ((StartLink == NULL) || (EndLink == NULL))) { + // MU_CHANGE - CodeQL Change Status = EFI_NOT_FOUND; } else { ASSERT (StartLink != NULL && EndLink != NULL); @@ -2618,7 +2637,14 @@ CoreInitializeGcdServices ( // Get the number of address lines in the I/O and Memory space for the CPU // CpuHob = GetFirstHob (EFI_HOB_TYPE_CPU); - ASSERT (CpuHob != NULL); + // MU_CHANGE Start - CodeQL Change + if (CpuHob == NULL) { + ASSERT (CpuHob != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change + SizeOfMemorySpace = CpuHob->SizeOfMemorySpace; SizeOfIoSpace = CpuHob->SizeOfIoSpace; @@ -2626,7 +2652,13 @@ CoreInitializeGcdServices ( // Initialize the GCD Memory Space Map // Entry = AllocateCopyPool (sizeof (EFI_GCD_MAP_ENTRY), &mGcdMemorySpaceMapEntryTemplate); - ASSERT (Entry != NULL); + // MU_CHANGE Start - CodeQL Change + if (Entry == NULL) { + ASSERT (Entry != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change Entry->EndAddress = LShiftU64 (1, SizeOfMemorySpace) - 1; @@ -2638,7 +2670,13 @@ CoreInitializeGcdServices ( // Initialize the GCD I/O Space Map // Entry = AllocateCopyPool (sizeof (EFI_GCD_MAP_ENTRY), &mGcdIoSpaceMapEntryTemplate); - ASSERT (Entry != NULL); + // MU_CHANGE Start - CodeQL Change + if (Entry == NULL) { + ASSERT (Entry != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change Entry->EndAddress = LShiftU64 (1, SizeOfIoSpace) - 1; @@ -2868,7 +2906,13 @@ CoreInitializeGcdServices ( (UINTN)PhitHob->EfiFreeMemoryBottom - (UINTN)(*HobStart), *HobStart ); - ASSERT (NewHobList != NULL); + // MU_CHANGE Start - CodeQL Change + if (NewHobList == NULL) { + ASSERT (NewHobList != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change *HobStart = NewHobList; gHobList = NewHobList; diff --git a/MdeModulePkg/Core/Dxe/Hand/Handle.c b/MdeModulePkg/Core/Dxe/Hand/Handle.c index 24e4fbf5f3..868995a41b 100644 --- a/MdeModulePkg/Core/Dxe/Hand/Handle.c +++ b/MdeModulePkg/Core/Dxe/Hand/Handle.c @@ -1040,6 +1040,7 @@ CoreOpenProtocol ( return EFI_INVALID_PARAMETER; } + Prot = NULL; // MU_CHANGE - CodeQL Change // // Lock the protocol database // @@ -1218,7 +1219,8 @@ CoreOpenProtocol ( // Keep Interface unmodified in case of any Error // except EFI_ALREADY_STARTED and EFI_UNSUPPORTED. // - if (!EFI_ERROR (Status) || (Status == EFI_ALREADY_STARTED)) { + if ((!EFI_ERROR (Status) || (Status == EFI_ALREADY_STARTED)) && (Prot != NULL)) { + // MU_CHANGE - CodeQL Change // // According to above logic, if 'Prot' is NULL, then the 'Status' must be // EFI_UNSUPPORTED. Here the 'Status' is not EFI_UNSUPPORTED, so 'Prot' diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c index aea5effd3a..d9144ad9c4 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -164,8 +164,13 @@ PeCoffEmuProtocolNotify ( } Entry = AllocateZeroPool (sizeof (*Entry)); - ASSERT (Entry != NULL); + // MU_CHANGE Start - CodeQL Change + if (Entry == NULL) { + ASSERT (Entry != NULL); + break; + } + // MU_CHANGE End - CodeQL Change Entry->Emulator = Emulator; Entry->MachineType = Entry->Emulator->MachineType; @@ -1313,6 +1318,14 @@ CoreLoadImageCommon ( // LoadFile () may cause the device path of the Handle be updated. // OriginalFilePath = AppendDevicePath (DevicePathFromHandle (DeviceHandle), Node); + // MU_CHANGE Start - CodeQL Change + if (OriginalFilePath == NULL) { + Image = NULL; + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change } } } diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 17db39af37..969a38ccf0 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -351,7 +351,15 @@ CoreFreeMemoryMapStack ( // Entry = AllocateMemoryMapEntry (); - ASSERT (Entry); + // MU_CHANGE Start - CodeQL Change + // If entry allocation failed once, it is unlikely to succeed moving forward + // However, we can try since we're in the middle of moving list nodes + if (Entry == NULL) { + ASSERT (Entry != NULL); + continue; + } + + // MU_CHANGE End - CodeQL Change // // Update to proper entry diff --git a/MdeModulePkg/Core/Dxe/Mem/Pool.c b/MdeModulePkg/Core/Dxe/Mem/Pool.c index 9883831be1..2c747a1a5a 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Pool.c +++ b/MdeModulePkg/Core/Dxe/Mem/Pool.c @@ -429,6 +429,12 @@ CoreAllocatePoolI ( NoPages = EFI_SIZE_TO_PAGES (Size) + EFI_SIZE_TO_PAGES (Granularity) - 1; NoPages &= ~(UINTN)(EFI_SIZE_TO_PAGES (Granularity) - 1); Head = CoreAllocatePoolPagesI (PoolType, NoPages, Granularity, NeedGuard); + // MU_CHANGE Start - CodeQL Change + if (Head == NULL) { + return NULL; + } + + // MU_CHANGE Start - CodeQL Change if (NeedGuard) { Head = AdjustPoolHeadA ((EFI_PHYSICAL_ADDRESS)(UINTN)Head, NoPages, Size); } diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c index 420fd0b79b..f4ba432ab4 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -149,7 +149,13 @@ InstallMemoryAttributesTable ( do { MemoryMap = AllocatePool (MemoryMapSize); - ASSERT (MemoryMap != NULL); + // MU_CHANGE Start - CodeQL Change + if (MemoryMap == NULL) { + ASSERT (MemoryMap != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change Status = CoreGetMemoryMapWithSeparatedImageSection ( &MemoryMapSize, @@ -180,7 +186,14 @@ InstallMemoryAttributesTable ( // Allocate MemoryAttributesTable // MemoryAttributesTable = AllocatePool (sizeof (EFI_MEMORY_ATTRIBUTES_TABLE) + DescriptorSize * RuntimeEntryCount); - ASSERT (MemoryAttributesTable != NULL); + // MU_CHANGE Start - CodeQL Change + if (MemoryAttributesTable == NULL) { + ASSERT (MemoryAttributesTable != NULL); + FreePool (MemoryMapStart); + return; + } + + // MU_CHANGE End - CodeQL Change MemoryAttributesTable->Version = EFI_MEMORY_ATTRIBUTES_TABLE_VERSION; MemoryAttributesTable->NumberOfEntries = RuntimeEntryCount; MemoryAttributesTable->DescriptorSize = (UINT32)DescriptorSize; diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c index 2152833ff6..9fc2d83f59 100644 --- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c +++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c @@ -626,7 +626,13 @@ CreateGuidedExtractionRpnEvent ( // Allocate new event structure and context // Context = AllocatePool (sizeof (RPN_EVENT_CONTEXT)); - ASSERT (Context != NULL); + // MU_CHANGE Start - CodeQL Change + if (Context == NULL) { + ASSERT (Context != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change Context->ChildNode = ChildNode; Context->ParentStream = ParentStream; diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c index de9e8c8a18..e48edcea07 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -447,7 +447,13 @@ Split2MPageTo4K ( AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64; PageTableEntry = AllocatePageTableMemory (1); - ASSERT (PageTableEntry != NULL); + // MU_CHANGE Start - CodeQL Change + if (PageTableEntry == NULL) { + ASSERT (PageTableEntry != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change // // Fill in 2M page entry. @@ -533,7 +539,13 @@ Split1GPageTo2M ( AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64; PageDirectoryEntry = AllocatePageTableMemory (1); - ASSERT (PageDirectoryEntry != NULL); + // MU_CHANGE Start - CodeQL Change + if (PageDirectoryEntry == NULL) { + ASSERT (PageDirectoryEntry != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change // // Fill in 1G page entry. @@ -659,7 +671,13 @@ SetPageTablePoolReadOnly ( ASSERT (Level > 1); NewPageTable = AllocatePageTableMemory (1); - ASSERT (NewPageTable != NULL); + // MU_CHANGE Start - CodeQL Change + if (NewPageTable == NULL) { + ASSERT (NewPageTable != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change PhysicalAddress = PageAttr & LevelMask[Level]; for (EntryIndex = 0; diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c index 69c07525d8..aa99cd01fc 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -397,7 +397,15 @@ DiscoverPeimsAndOrderWithApriori ( TempFileHandles = AllocatePool ( sizeof (EFI_PEI_FILE_HANDLE) * (Private->TempPeimCount + TEMP_FILE_GROWTH_STEP) ); - ASSERT (TempFileHandles != NULL); + // MU_CHANGE Start - CodeQL Change + if (TempFileHandles == NULL) { + ASSERT (TempFileHandles != NULL); + Status = EFI_OUT_OF_RESOURCES; + // Let the error naturally break out of the loop + continue; + } + + // MU_CHANGE End - CodeQL Change CopyMem ( TempFileHandles, Private->TempFileHandles, @@ -407,7 +415,16 @@ DiscoverPeimsAndOrderWithApriori ( TempFileGuid = AllocatePool ( sizeof (EFI_GUID) * (Private->TempPeimCount + TEMP_FILE_GROWTH_STEP) ); - ASSERT (TempFileGuid != NULL); + // MU_CHANGE Start - CodeQL Change + if (TempFileGuid == NULL) { + ASSERT (TempFileGuid != NULL); + Status = EFI_OUT_OF_RESOURCES; + // Let the error naturally break out of the loop + continue; + } + + // MU_CHANGE End - CodeQL Change + CopyMem ( TempFileGuid, Private->TempFileGuid, @@ -1318,7 +1335,8 @@ PeiCheckAndSwitchStack ( @param PeimFileHandle Pointer to the FFS file header of the image. @param MigratedFileHandle Pointer to the FFS file header of the migrated image. - @retval EFI_SUCCESS Successfully migrated the PEIM to permanent memory. + @retval EFI_SUCCESS Successfully migrated the PEIM to permanent memory. + @retval EFI_OUT_OF_RESOURCES Insufficient memory resources for necessary internal memory allocations. // MU_CHANGE - CodeQL Change **/ EFI_STATUS @@ -1345,6 +1363,14 @@ MigratePeim ( if (ImageAddress != NULL) { DEBUG_CODE_BEGIN (); AsciiString = PeCoffLoaderGetPdbPointer (ImageAddress); + // MU_CHANGE Start - CodeQL Change + if (AsciiString == NULL) { + ASSERT_EFI_ERROR (EFI_OUT_OF_RESOURCES); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change + for (Index = 0; AsciiString[Index] != 0; Index++) { if ((AsciiString[Index] == '\\') || (AsciiString[Index] == '/')) { AsciiString = AsciiString + Index + 1; @@ -1715,7 +1741,7 @@ PeiDispatcher ( { EFI_STATUS Status; UINT32 Index1; - UINT32 Index2; + UINTN Index2; // MU_CHANGE - CodeQL Change - comparison-with-wider-type CONST EFI_PEI_SERVICES **PeiServices; EFI_PEI_FILE_HANDLE PeimFileHandle; UINTN FvCount; @@ -1837,7 +1863,13 @@ PeiDispatcher ( for (FvCount = Private->CurrentPeimFvCount; FvCount < Private->FvCount; FvCount++) { CoreFvHandle = FindNextCoreFvHandle (Private, FvCount); - ASSERT (CoreFvHandle != NULL); + // MU_CHANGE Start - CodeQL Change + if (CoreFvHandle == NULL) { + ASSERT (CoreFvHandle != NULL); + continue; + } + + // MU_CHANGE End - CodeQL Change // // If the FV has corresponding EFI_PEI_FIRMWARE_VOLUME_PPI instance, then dispatch it. diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c b/MdeModulePkg/Core/Pei/FwVol/FwVol.c index f7cc94c6eb..a8a416f4b8 100644 --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c @@ -338,7 +338,8 @@ FindFileEx ( FileOffset = (UINT32)((UINT8 *)FfsFileHeader - (UINT8 *)FwVolHeader); ASSERT (FileOffset <= 0xFFFFFFFF); - while (FileOffset < (FvLength - sizeof (EFI_FFS_FILE_HEADER))) { + while ((UINTN)FileOffset < (UINTN)(FvLength - sizeof (EFI_FFS_FILE_HEADER))) { + // MU_CHANGE - CodeQL - comparison-with-wider-type // // Get FileState which is the highest bit of the State // @@ -792,7 +793,7 @@ ProcessSection ( { EFI_STATUS Status; UINT32 SectionLength; - UINT32 ParsedLength; + UINTN ParsedLength; // MU_CHANGE - CodeQL - comparison-with-wider-type EFI_PEI_GUIDED_SECTION_EXTRACTION_PPI *GuidSectionPpi; EFI_PEI_DECOMPRESS_PPI *DecompressPpi; VOID *PpiOutput; diff --git a/MdeModulePkg/Core/Pei/Hob/Hob.c b/MdeModulePkg/Core/Pei/Hob/Hob.c index c4882a23cd..57f1746d35 100644 --- a/MdeModulePkg/Core/Pei/Hob/Hob.c +++ b/MdeModulePkg/Core/Pei/Hob/Hob.c @@ -17,7 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @retval EFI_SUCCESS Get the pointer of HOB List @retval EFI_NOT_AVAILABLE_YET the HOB List is not yet published - @retval EFI_INVALID_PARAMETER HobList is NULL (in debug mode) + @retval EFI_INVALID_PARAMETER HobList is NULL // MU_CHANGE - CodeQL Change **/ EFI_STATUS @@ -32,13 +32,16 @@ PeiGetHobList ( // // Only check this parameter in debug mode // - - DEBUG_CODE_BEGIN (); + // MU_CHANGE Start - CodeQL Change + // DEBUG_CODE_BEGIN (); + // MU_CHANGE End - CodeQL Change if (HobList == NULL) { return EFI_INVALID_PARAMETER; } - DEBUG_CODE_END (); + // MU_CHANGE Start - CodeQL Change + // DEBUG_CODE_END (); + // MU_CHANGE End - CodeQL Change PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices); diff --git a/MdeModulePkg/Core/Pei/Ppi/Ppi.c b/MdeModulePkg/Core/Pei/Ppi/Ppi.c index 0e85264ddb..180bae81f7 100644 --- a/MdeModulePkg/Core/Pei/Ppi/Ppi.c +++ b/MdeModulePkg/Core/Pei/Ppi/Ppi.c @@ -163,7 +163,7 @@ ConvertPpiPointers ( IN PEI_CORE_INSTANCE *PrivateData ) { - UINT8 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type // // Convert normal PPIs. @@ -217,7 +217,7 @@ ConvertPpiPointersFv ( IN UINTN FvSize ) { - UINT8 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type UINTN Offset; BOOLEAN OffsetPositive; EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi; @@ -324,16 +324,20 @@ ConvertPpiPointersFv ( Guid = PrivateData->PpiData.PpiList.PpiPtrs[Index].Ppi->Guid; for (GuidIndex = 0; GuidIndex < ARRAY_SIZE (GuidCheckList); ++GuidIndex) { + // MU_CHANGE Start - CodeQL Change // // Don't use CompareGuid function here for performance reasons. // Instead we compare the GUID as INT32 at a time and branch // on the first failed comparison. // - if ((((INT32 *)Guid)[0] == ((INT32 *)GuidCheckList[GuidIndex])[0]) && - (((INT32 *)Guid)[1] == ((INT32 *)GuidCheckList[GuidIndex])[1]) && - (((INT32 *)Guid)[2] == ((INT32 *)GuidCheckList[GuidIndex])[2]) && - (((INT32 *)Guid)[3] == ((INT32 *)GuidCheckList[GuidIndex])[3])) - { + // if ((((INT32 *)Guid)[0] == ((INT32 *)GuidCheckList[GuidIndex])[0]) && + // (((INT32 *)Guid)[1] == ((INT32 *)GuidCheckList[GuidIndex])[1]) && + // (((INT32 *)Guid)[2] == ((INT32 *)GuidCheckList[GuidIndex])[2]) && + // (((INT32 *)Guid)[3] == ((INT32 *)GuidCheckList[GuidIndex])[3])) + // { + if (CompareGuid (Guid, GuidCheckList[GuidIndex]) == 0) { + // MU_CHANGE End - CodeQL Change + FvInfoPpi = PrivateData->PpiData.PpiList.PpiPtrs[Index].Ppi->Ppi; DEBUG ((DEBUG_VERBOSE, " FvInfo: %p -> ", FvInfoPpi->FvInfo)); if ((UINTN)FvInfoPpi->FvInfo == OrgFvHandle) { diff --git a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c index 28fe74ecc4..5f141e24a2 100644 --- a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c @@ -433,6 +433,8 @@ SmmInstallImageRecord ( UINTN Index; EFI_SMM_DRIVER_ENTRY DriverEntry; + HandleBuffer = NULL; // MU_CHANGE - CodeQL Change + Status = SmmLocateHandleBuffer ( ByProtocol, &gEfiLoadedImageProtocolGuid, @@ -469,7 +471,12 @@ SmmInstallImageRecord ( SmmInsertImageRecord (&DriverEntry); } - FreePool (HandleBuffer); + // MU_CHANGE Start - CodeQL Change + if (HandleBuffer != NULL) { + FreePool (HandleBuffer); + } + + // MU_CHANGE End - CodeQL Change } /** diff --git a/MdeModulePkg/Core/PiSmmCore/Page.c b/MdeModulePkg/Core/PiSmmCore/Page.c index 255964c23a..cadc3b5529 100644 --- a/MdeModulePkg/Core/PiSmmCore/Page.c +++ b/MdeModulePkg/Core/PiSmmCore/Page.c @@ -165,7 +165,14 @@ CoreFreeMemoryMapStack ( // Deque an memory map entry from mFreeMemoryMapEntryList // Entry = AllocateMemoryMapEntry (); - ASSERT (Entry); + // MU_CHANGE Start - CodeQL Change + if (Entry == NULL) { + ASSERT (Entry); + mFreeMapStack -= 1; + return; + } + + // MU_CHANGE End - CodeQL Change // // Update to proper entry diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c index 6bdb80f739..b679122bee 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c @@ -1457,6 +1457,11 @@ GetFullSmramRanges ( EFI_SMM_RESERVED_SMRAM_REGION *SmramReservedRanges; UINTN MaxCount; BOOLEAN Rescan; + // MU_CHANGE Start - CodeQL Change + BOOLEAN Failed; + + Failed = FALSE; + // MU_CHANGE End - CodeQL Change // // Get SMM Configuration Protocol if it is present. @@ -1501,7 +1506,14 @@ GetFullSmramRanges ( *FullSmramRangeCount = SmramRangeCount + AdditionSmramRangeCount; Size = (*FullSmramRangeCount) * sizeof (EFI_SMRAM_DESCRIPTOR); FullSmramRanges = (EFI_SMRAM_DESCRIPTOR *)AllocateZeroPool (Size); - ASSERT (FullSmramRanges != NULL); + // MU_CHANGE Start - CodeQL Change + if (FullSmramRanges == NULL) { + ASSERT (FullSmramRanges != NULL); + Failed = TRUE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, FullSmramRanges); ASSERT_EFI_ERROR (Status); @@ -1548,18 +1560,41 @@ GetFullSmramRanges ( Size = MaxCount * sizeof (EFI_SMM_RESERVED_SMRAM_REGION); SmramReservedRanges = (EFI_SMM_RESERVED_SMRAM_REGION *)AllocatePool (Size); - ASSERT (SmramReservedRanges != NULL); + + // MU_CHANGE Start - CodeQL Change + if (SmramReservedRanges == NULL) { + ASSERT (SmramReservedRanges != NULL); + Failed = TRUE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change + for (Index = 0; Index < SmramReservedCount; Index++) { CopyMem (&SmramReservedRanges[Index], &SmmConfiguration->SmramReservedRegions[Index], sizeof (EFI_SMM_RESERVED_SMRAM_REGION)); } Size = MaxCount * sizeof (EFI_SMRAM_DESCRIPTOR); TempSmramRanges = (EFI_SMRAM_DESCRIPTOR *)AllocatePool (Size); - ASSERT (TempSmramRanges != NULL); + // MU_CHANGE Start - CodeQL Change + if (TempSmramRanges == NULL) { + ASSERT (TempSmramRanges != NULL); + Failed = TRUE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change TempSmramRangeCount = 0; SmramRanges = (EFI_SMRAM_DESCRIPTOR *)AllocatePool (Size); - ASSERT (SmramRanges != NULL); + // MU_CHANGE Start - CodeQL Change + if (SmramRanges == NULL) { + ASSERT (SmramRanges != NULL); + Failed = TRUE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, SmramRanges); ASSERT_EFI_ERROR (Status); @@ -1616,7 +1651,14 @@ GetFullSmramRanges ( // Sort the entries // FullSmramRanges = AllocateZeroPool ((TempSmramRangeCount + AdditionSmramRangeCount) * sizeof (EFI_SMRAM_DESCRIPTOR)); - ASSERT (FullSmramRanges != NULL); + // MU_CHANGE Start - CodeQL Change + if (FullSmramRanges == NULL) { + ASSERT (FullSmramRanges != NULL); + Failed = TRUE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change *FullSmramRangeCount = 0; do { for (Index = 0; Index < TempSmramRangeCount; Index++) { @@ -1640,9 +1682,25 @@ GetFullSmramRanges ( ASSERT (*FullSmramRangeCount == TempSmramRangeCount); *FullSmramRangeCount += AdditionSmramRangeCount; - FreePool (SmramRanges); - FreePool (SmramReservedRanges); - FreePool (TempSmramRanges); + // MU_CHANGE Start - CodeQL Change +Done: + if (SmramRanges != NULL) { + FreePool (SmramRanges); + } + + if (SmramReservedRanges != NULL) { + FreePool (SmramReservedRanges); + } + + if (TempSmramRanges != NULL) { + FreePool (TempSmramRanges); + } + + if (Failed) { + return NULL; + } + + // MU_CHANGE End - CodeQL Change return FullSmramRanges; } diff --git a/MdeModulePkg/Core/PiSmmCore/SmiHandlerProfile.c b/MdeModulePkg/Core/PiSmmCore/SmiHandlerProfile.c index ad84e6c4fe..57520e22b2 100644 --- a/MdeModulePkg/Core/PiSmmCore/SmiHandlerProfile.c +++ b/MdeModulePkg/Core/PiSmmCore/SmiHandlerProfile.c @@ -341,7 +341,12 @@ GetSmmLoadedImage ( if (RealImageBase != 0) { PdbString = PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)RealImageBase); - DEBUG ((DEBUG_INFO, " pdb - %a\n", PdbString)); + // MU_CHANGE Start - CodeQL Change - Ensure PdbString is not NULL before dereference + if (PdbString != NULL) { + DEBUG ((DEBUG_INFO, " pdb - %a\n", PdbString)); + } + + // MU_CHANGE End - CodeQL Change - Ensure PdbString is not NULL before dereference } else { PdbString = NULL; } diff --git a/MdeModulePkg/Core/PiSmmCore/SmramProfileRecord.c b/MdeModulePkg/Core/PiSmmCore/SmramProfileRecord.c index b437e4c433..4c0c52fc7f 100644 --- a/MdeModulePkg/Core/PiSmmCore/SmramProfileRecord.c +++ b/MdeModulePkg/Core/PiSmmCore/SmramProfileRecord.c @@ -1686,7 +1686,7 @@ SmramProfileCopyData ( LIST_ENTRY *FreePoolList; FREE_POOL_HEADER *Pool; UINTN PoolListIndex; - UINT32 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type MEMORY_PROFILE_FREE_MEMORY *FreeMemory; MEMORY_PROFILE_MEMORY_RANGE *MemoryRange; MEMORY_PROFILE_DESCRIPTOR *MemoryProfileDescriptor; @@ -1805,7 +1805,8 @@ SmramProfileCopyData ( } } - FreeMemory->FreeMemoryEntryCount = Index; + // MU_CHANGE - CodeQL Change - truncate index due to comparison size mismatch update + FreeMemory->FreeMemoryEntryCount = (UINT32)Index; RemainingSize -= sizeof (MEMORY_PROFILE_FREE_MEMORY); ProfileBuffer = (UINT8 *)ProfileBuffer + sizeof (MEMORY_PROFILE_FREE_MEMORY); diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c index 19751642a3..3f4e0c89d1 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenance.c @@ -539,7 +539,7 @@ UpdateTerminalContent ( IN BMM_FAKE_NV_DATA *BmmData ) { - UINT16 Index; + UINTN Index; BM_TERMINAL_CONTEXT *NewTerminalContext; BM_MENU_ENTRY *NewMenuEntry; @@ -581,7 +581,7 @@ UpdateConsoleContent ( IN BMM_FAKE_NV_DATA *BmmData ) { - UINT16 Index; + UINTN Index; BM_CONSOLE_CONTEXT *NewConsoleContext; BM_TERMINAL_CONTEXT *NewTerminalContext; BM_MENU_ENTRY *NewMenuEntry; @@ -784,7 +784,7 @@ BootMaintRouteConfig ( BMM_FAKE_NV_DATA *OldBmmData; BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; - UINT16 Index; + UINTN Index; BOOLEAN TerminalAttChange; BMM_CALLBACK_DATA *Private; UINTN Offset; @@ -1353,7 +1353,7 @@ DiscardChangeHandler ( IN BMM_FAKE_NV_DATA *CurrentFakeNVMap ) { - UINT16 Index; + UINTN Index; switch (Private->BmmPreviousPageId) { case FORM_BOOT_CHG_ID: @@ -1411,7 +1411,7 @@ CleanUselessBeforeSubmit ( IN BMM_CALLBACK_DATA *Private ) { - UINT16 Index; + UINTN Index; if (Private->BmmPreviousPageId != FORM_BOOT_DEL_ID) { for (Index = 0; Index < BootOptionMenu.MenuNumber; Index++) { @@ -1452,40 +1452,44 @@ CustomizeMenus ( // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); + // MU_CHANGE - Ensure that StartOpCodeHandle and EndOpCodeHandle are valid before use + if (StartOpCodeHandle != NULL) { + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + if (EndOpCodeHandle != NULL) { + // + // Create Hii Extend Label OpCode as the start opcode + // + StartGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartGuidLabel->Number = LABEL_FORM_MAIN_START; + // + // Create Hii Extend Label OpCode as the end opcode + // + EndGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndGuidLabel->Number = LABEL_FORM_MAIN_END; - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - // - // Create Hii Extend Label OpCode as the start opcode - // - StartGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - StartGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartGuidLabel->Number = LABEL_FORM_MAIN_START; - // - // Create Hii Extend Label OpCode as the end opcode - // - EndGuidLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - EndGuidLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndGuidLabel->Number = LABEL_FORM_MAIN_END; - - // - // Updata Front Page form - // - UiCustomizeBMMPage ( - mBmmCallbackInfo->BmmHiiHandle, - StartOpCodeHandle - ); - - HiiUpdateForm ( - mBmmCallbackInfo->BmmHiiHandle, - &mBootMaintGuid, - FORM_MAIN_ID, - StartOpCodeHandle, - EndOpCodeHandle - ); + // + // Updata Front Page form + // + UiCustomizeBMMPage ( + mBmmCallbackInfo->BmmHiiHandle, + StartOpCodeHandle + ); + + HiiUpdateForm ( + mBmmCallbackInfo->BmmHiiHandle, + &mBootMaintGuid, + FORM_MAIN_ID, + StartOpCodeHandle, + EndOpCodeHandle + ); + HiiFreeOpCodeHandle (EndOpCodeHandle); + } - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); + HiiFreeOpCodeHandle (StartOpCodeHandle); + } } /** @@ -1502,7 +1506,7 @@ InitializeBmmConfig ( { BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; - UINT16 Index; + UINT32 Index; ASSERT (CallbackData != NULL); @@ -1510,7 +1514,7 @@ InitializeBmmConfig ( // Initialize data which located in BMM main page // CallbackData->BmmFakeNvData.BootNext = NONE_BOOTNEXT_VALUE; - for (Index = 0; Index < BootOptionMenu.MenuNumber; Index++) { + for (Index = 0; (UINTN)Index < BootOptionMenu.MenuNumber; Index++) { NewMenuEntry = BOpt_GetMenuEntry (&BootOptionMenu, Index); NewLoadContext = (BM_LOAD_CONTEXT *)NewMenuEntry->VariableContext; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c index e16936041a..66dca7e474 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c @@ -49,7 +49,7 @@ BmmCreateBootNextMenu ( OptionsOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (OptionsOpCodeHandle != NULL); - for (Index = 0; Index < BootOptionMenu.MenuNumber; Index++) { + for (Index = 0; (UINTN)Index < BootOptionMenu.MenuNumber; Index++) { NewMenuEntry = BOpt_GetMenuEntry (&BootOptionMenu, Index); NewLoadContext = (BM_LOAD_CONTEXT *)NewMenuEntry->VariableContext; @@ -305,6 +305,8 @@ IsRequiredDriver ( UINTN TempSize; BOOLEAN RetVal; + Buffer = NULL; // MS_CHANGE for vs2017 + Status = HiiGetFormSetFromHiiHandle (HiiHandle, &Buffer, &BufferSize); if (EFI_ERROR (Status)) { return FALSE; @@ -379,88 +381,99 @@ BmmListThirdPartyDrivers ( HiiHandles = HiiGetHiiHandles (NULL); ASSERT (HiiHandles != NULL); - - gHiiDriverList = AllocateZeroPool (UI_HII_DRIVER_LIST_SIZE * sizeof (UI_HII_DRIVER_INSTANCE)); - ASSERT (gHiiDriverList != NULL); - DriverListPtr = gHiiDriverList; - CurrentSize = UI_HII_DRIVER_LIST_SIZE; - - for (Index = 0, Count = 0; HiiHandles[Index] != NULL; Index++) { - if (!IsRequiredDriver (HiiHandles[Index], ClassGuid, &Token, &TokenHelp, &gHiiDriverList[Count].FormSetGuid)) { - continue; - } - - String = HiiGetString (HiiHandles[Index], Token, NULL); - if (String == NULL) { - String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); - ASSERT (String != NULL); - } else if (SpecialHandlerFn != NULL) { - // - // Check whether need to rename the driver name. - // - EmptyLineAfter = FALSE; - if (SpecialHandlerFn (String, &NewName, &EmptyLineAfter)) { - FreePool (String); - String = NewName; - DriverListPtr[Count].EmptyLineAfter = EmptyLineAfter; + // MU_CHANGE - Ensure HiiHandles are valid before using + if (HiiHandles != NULL) { + gHiiDriverList = AllocateZeroPool (UI_HII_DRIVER_LIST_SIZE * sizeof (UI_HII_DRIVER_INSTANCE)); + ASSERT (gHiiDriverList != NULL); + if (gHiiDriverList != NULL) { + DriverListPtr = gHiiDriverList; + CurrentSize = UI_HII_DRIVER_LIST_SIZE; + + for (Index = 0, Count = 0; HiiHandles[Index] != NULL; Index++) { + if (!IsRequiredDriver (HiiHandles[Index], ClassGuid, &Token, &TokenHelp, &gHiiDriverList[Count].FormSetGuid)) { + continue; + } + + String = HiiGetString (HiiHandles[Index], Token, NULL); + if (String == NULL) { + String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); + ASSERT (String != NULL); + } else if (SpecialHandlerFn != NULL) { + // + // Check whether need to rename the driver name. + // + EmptyLineAfter = FALSE; + if (SpecialHandlerFn (String, &NewName, &EmptyLineAfter)) { + FreePool (String); + String = NewName; + DriverListPtr[Count].EmptyLineAfter = EmptyLineAfter; + } + } + + DriverListPtr[Count].PromptId = HiiSetString (HiiHandle, 0, String, NULL); + if (String != NULL) { + FreePool (String); + } + + String = HiiGetString (HiiHandles[Index], TokenHelp, NULL); + if (String == NULL) { + String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); + ASSERT (String != NULL); + } + + DriverListPtr[Count].HelpId = HiiSetString (HiiHandle, 0, String, NULL); + if (String != NULL) { + FreePool (String); + } + + DevicePathStr = ExtractDevicePathFromHandle (HiiHandles[Index]); + if (DevicePathStr != NULL) { + DriverListPtr[Count].DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); + FreePool (DevicePathStr); + } else { + DriverListPtr[Count].DevicePathId = 0; + } + + Count++; + if (Count >= CurrentSize) { + DriverListPtr = ReallocatePool ( + CurrentSize * sizeof (UI_HII_DRIVER_INSTANCE), + (Count + UI_HII_DRIVER_LIST_SIZE) + * sizeof (UI_HII_DRIVER_INSTANCE), + gHiiDriverList + ); + ASSERT (DriverListPtr != NULL); + if (DriverListPtr != NULL) { + gHiiDriverList = DriverListPtr; + } + + CurrentSize += UI_HII_DRIVER_LIST_SIZE; + } } } - DriverListPtr[Count].PromptId = HiiSetString (HiiHandle, 0, String, NULL); - FreePool (String); - - String = HiiGetString (HiiHandles[Index], TokenHelp, NULL); - if (String == NULL) { - String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); - ASSERT (String != NULL); - } - - DriverListPtr[Count].HelpId = HiiSetString (HiiHandle, 0, String, NULL); - FreePool (String); + FreePool (HiiHandles); - DevicePathStr = ExtractDevicePathFromHandle (HiiHandles[Index]); - if (DevicePathStr != NULL) { - DriverListPtr[Count].DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); - FreePool (DevicePathStr); - } else { - DriverListPtr[Count].DevicePathId = 0; - } - - Count++; - if (Count >= CurrentSize) { - DriverListPtr = ReallocatePool ( - CurrentSize * sizeof (UI_HII_DRIVER_INSTANCE), - (Count + UI_HII_DRIVER_LIST_SIZE) - * sizeof (UI_HII_DRIVER_INSTANCE), - gHiiDriverList - ); - ASSERT (DriverListPtr != NULL); - gHiiDriverList = DriverListPtr; - CurrentSize += UI_HII_DRIVER_LIST_SIZE; - } - } - - FreePool (HiiHandles); + Index = 0; + while (gHiiDriverList[Index].PromptId != 0) { + HiiCreateGotoExOpCode ( + StartOpCodeHandle, + 0, + gHiiDriverList[Index].PromptId, + gHiiDriverList[Index].HelpId, + 0, + 0, + 0, + &gHiiDriverList[Index].FormSetGuid, + gHiiDriverList[Index].DevicePathId + ); - Index = 0; - while (gHiiDriverList[Index].PromptId != 0) { - HiiCreateGotoExOpCode ( - StartOpCodeHandle, - 0, - gHiiDriverList[Index].PromptId, - gHiiDriverList[Index].HelpId, - 0, - 0, - 0, - &gHiiDriverList[Index].FormSetGuid, - gHiiDriverList[Index].DevicePathId - ); + if (gHiiDriverList[Index].EmptyLineAfter) { + BmmCreateEmptyLine (HiiHandle, StartOpCodeHandle); + } - if (gHiiDriverList[Index].EmptyLineAfter) { - BmmCreateEmptyLine (HiiHandle, StartOpCodeHandle); + Index++; } - - Index++; } return EFI_SUCCESS; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c index e22aaf3039..6f68e3f96e 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c @@ -813,7 +813,7 @@ GetBootOrder ( ) { BMM_FAKE_NV_DATA *BmmConfig; - UINT16 Index; + UINTN Index; UINT16 OptionOrderIndex; UINTN DeviceType; BM_MENU_ENTRY *NewMenuEntry; @@ -860,8 +860,8 @@ GetDriverOrder ( ) { BMM_FAKE_NV_DATA *BmmConfig; - UINT16 Index; - UINT16 OptionOrderIndex; + UINTN Index; + UINTN OptionOrderIndex; UINTN DeviceType; BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/ConsoleOption.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/ConsoleOption.c index 7c02a78166..51dddade10 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/ConsoleOption.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/ConsoleOption.c @@ -803,47 +803,50 @@ GetConsoleMenu ( Index2 = 0; for (Index = 0; Index < AllCount; Index++) { DevicePathInst = GetNextDevicePathInstance (&MultiDevicePath, &Size); + // MU_CHANGE - Ensure DevicePathInst is a valid value + ASSERT (DevicePathInst != NULL); + if (DevicePathInst != NULL) { + NewMenuEntry = BOpt_CreateMenuEntry (BM_CONSOLE_CONTEXT_SELECT); + if (NULL == NewMenuEntry) { + return EFI_OUT_OF_RESOURCES; + } - NewMenuEntry = BOpt_CreateMenuEntry (BM_CONSOLE_CONTEXT_SELECT); - if (NULL == NewMenuEntry) { - return EFI_OUT_OF_RESOURCES; - } + NewConsoleContext = (BM_CONSOLE_CONTEXT *)NewMenuEntry->VariableContext; + NewMenuEntry->OptionNumber = Index2; - NewConsoleContext = (BM_CONSOLE_CONTEXT *)NewMenuEntry->VariableContext; - NewMenuEntry->OptionNumber = Index2; + NewConsoleContext->DevicePath = DuplicateDevicePath (DevicePathInst); + ASSERT (NewConsoleContext->DevicePath != NULL); + NewMenuEntry->DisplayString = EfiLibStrFromDatahub (NewConsoleContext->DevicePath); + if (NULL == NewMenuEntry->DisplayString) { + NewMenuEntry->DisplayString = UiDevicePathToStr (NewConsoleContext->DevicePath); + } - NewConsoleContext->DevicePath = DuplicateDevicePath (DevicePathInst); - ASSERT (NewConsoleContext->DevicePath != NULL); - NewMenuEntry->DisplayString = EfiLibStrFromDatahub (NewConsoleContext->DevicePath); - if (NULL == NewMenuEntry->DisplayString) { - NewMenuEntry->DisplayString = UiDevicePathToStr (NewConsoleContext->DevicePath); - } + NewMenuEntry->DisplayStringToken = HiiSetString (mBmmCallbackInfo->BmmHiiHandle, 0, NewMenuEntry->DisplayString, NULL); - NewMenuEntry->DisplayStringToken = HiiSetString (mBmmCallbackInfo->BmmHiiHandle, 0, NewMenuEntry->DisplayString, NULL); + if (NULL == NewMenuEntry->HelpString) { + NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken; + } else { + NewMenuEntry->HelpStringToken = HiiSetString (mBmmCallbackInfo->BmmHiiHandle, 0, NewMenuEntry->HelpString, NULL); + } - if (NULL == NewMenuEntry->HelpString) { - NewMenuEntry->HelpStringToken = NewMenuEntry->DisplayStringToken; - } else { - NewMenuEntry->HelpStringToken = HiiSetString (mBmmCallbackInfo->BmmHiiHandle, 0, NewMenuEntry->HelpString, NULL); - } + NewConsoleContext->IsTerminal = IsTerminalDevicePath ( + NewConsoleContext->DevicePath, + &Terminal, + &Com + ); - NewConsoleContext->IsTerminal = IsTerminalDevicePath ( - NewConsoleContext->DevicePath, - &Terminal, - &Com + NewConsoleContext->IsActive = MatchDevicePaths ( + DevicePath, + NewConsoleContext->DevicePath ); - NewConsoleContext->IsActive = MatchDevicePaths ( - DevicePath, - NewConsoleContext->DevicePath - ); - - if (NewConsoleContext->IsTerminal) { - BOpt_DestroyMenuEntry (NewMenuEntry); - } else { - Index2++; - ConsoleMenu->MenuNumber++; - InsertTailList (&ConsoleMenu->Head, &NewMenuEntry->Link); + if (NewConsoleContext->IsTerminal) { + BOpt_DestroyMenuEntry (NewMenuEntry); + } else { + Index2++; + ConsoleMenu->MenuNumber++; + InsertTailList (&ConsoleMenu->Head, &NewMenuEntry->Link); + } } } @@ -1019,7 +1022,7 @@ GetConsoleInCheck ( IN BMM_CALLBACK_DATA *CallbackData ) { - UINT16 Index; + UINTN Index; BM_MENU_ENTRY *NewMenuEntry; UINT8 *ConInCheck; BM_CONSOLE_CONTEXT *NewConsoleContext; @@ -1057,7 +1060,7 @@ GetConsoleOutCheck ( IN BMM_CALLBACK_DATA *CallbackData ) { - UINT16 Index; + UINTN Index; BM_MENU_ENTRY *NewMenuEntry; UINT8 *ConOutCheck; BM_CONSOLE_CONTEXT *NewConsoleContext; @@ -1094,7 +1097,7 @@ GetConsoleErrCheck ( IN BMM_CALLBACK_DATA *CallbackData ) { - UINT16 Index; + UINTN Index; BM_MENU_ENTRY *NewMenuEntry; UINT8 *ConErrCheck; BM_CONSOLE_CONTEXT *NewConsoleContext; @@ -1134,7 +1137,7 @@ GetTerminalAttribute ( BMM_FAKE_NV_DATA *CurrentFakeNVMap; BM_MENU_ENTRY *NewMenuEntry; BM_TERMINAL_CONTEXT *NewTerminalContext; - UINT16 TerminalIndex; + UINTN TerminalIndex; UINT8 AttributeIndex; ASSERT (CallbackData != NULL); diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c index b1d1e2ee44..d2e2d416f6 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/UpdatePage.c @@ -200,7 +200,7 @@ UpdateConCOMPage ( UpdatePageStart (CallbackData); - for (Index = 0; Index < TerminalMenu.MenuNumber; Index++) { + for (Index = 0; (UINTN)Index < TerminalMenu.MenuNumber; Index++) { NewMenuEntry = BOpt_GetMenuEntry (&TerminalMenu, Index); HiiCreateGotoOpCode ( @@ -230,7 +230,7 @@ UpdateBootDelPage ( { BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; - UINT16 Index; + UINTN Index; CallbackData->BmmAskSaveOrNot = TRUE; @@ -291,7 +291,7 @@ UpdateDrvAddHandlePage ( UpdatePageStart (CallbackData); - for (Index = 0; Index < DriverMenu.MenuNumber; Index++) { + for (Index = 0; (UINTN)Index < DriverMenu.MenuNumber; Index++) { NewMenuEntry = BOpt_GetMenuEntry (&DriverMenu, Index); HiiCreateGotoOpCode ( @@ -328,7 +328,7 @@ UpdateDrvDelPage ( UpdatePageStart (CallbackData); ASSERT (DriverOptionMenu.MenuNumber <= (sizeof (CallbackData->BmmFakeNvData.DriverOptionDel) / sizeof (CallbackData->BmmFakeNvData.DriverOptionDel[0]))); - for (Index = 0; Index < DriverOptionMenu.MenuNumber; Index++) { + for (Index = 0; (UINTN)Index < DriverOptionMenu.MenuNumber; Index++) { NewMenuEntry = BOpt_GetMenuEntry (&DriverOptionMenu, Index); NewLoadContext = (BM_LOAD_CONTEXT *)NewMenuEntry->VariableContext; @@ -488,7 +488,7 @@ UpdateConsolePage ( ASSERT (ConsoleCheck != NULL); - for (Index = 0; ((Index < ConsoleMenu->MenuNumber) && \ + for (Index = 0; (((UINTN)Index < ConsoleMenu->MenuNumber) && \ (Index < MAX_MENU_NUMBER)); Index++) { CheckFlags = 0; @@ -514,7 +514,7 @@ UpdateConsolePage ( ); } - for (Index2 = 0; ((Index2 < TerminalMenu.MenuNumber) && \ + for (Index2 = 0; (((UINTN)Index2 < TerminalMenu.MenuNumber) && \ (Index2 < MAX_MENU_NUMBER)); Index2++) { CheckFlags = 0; @@ -571,7 +571,7 @@ UpdateOrderPage ( ) { BM_MENU_ENTRY *NewMenuEntry; - UINT16 Index; + UINTN Index; UINT16 OptionIndex; VOID *OptionsOpCodeHandle; BOOLEAN BootOptionFound; diff --git a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/Variable.c b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/Variable.c index 82a0ed66a7..b38016f2f1 100644 --- a/MdeModulePkg/Library/BootMaintenanceManagerUiLib/Variable.c +++ b/MdeModulePkg/Library/BootMaintenanceManagerUiLib/Variable.c @@ -198,11 +198,14 @@ Var_UpdateConsoleOption ( (EFI_DEVICE_PATH_PROTOCOL *)&Vendor ); ASSERT (TerminalDevicePath != NULL); - ChangeTerminalDevicePath (TerminalDevicePath, TRUE); - ConDevicePath = AppendDevicePathInstance ( - ConDevicePath, - TerminalDevicePath - ); + // MU_CHANGE - Ensure TerminalDevicePath is valid + if (TerminalDevicePath != NULL) { + ChangeTerminalDevicePath (TerminalDevicePath, TRUE); + ConDevicePath = AppendDevicePathInstance ( + ConDevicePath, + TerminalDevicePath + ); + } } } @@ -537,7 +540,7 @@ Var_UpdateBootNext ( BM_MENU_ENTRY *NewMenuEntry; BM_LOAD_CONTEXT *NewLoadContext; BMM_FAKE_NV_DATA *CurrentFakeNVMap; - UINT16 Index; + UINTN Index; EFI_STATUS Status; Status = EFI_SUCCESS; @@ -592,8 +595,8 @@ Var_UpdateBootOrder ( ) { EFI_STATUS Status; - UINT16 Index; - UINT16 OrderIndex; + UINTN Index; + UINTN OrderIndex; UINT16 *BootOrder; UINTN BootOrderSize; UINT16 OptionNumber; @@ -654,7 +657,7 @@ Var_UpdateDriverOrder ( ) { EFI_STATUS Status; - UINT16 Index; + UINTN Index; UINT16 *DriverOrderList; UINT16 *NewDriverOrderList; UINTN DriverOrderListSize; diff --git a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c index b7526796d6..9562401d0c 100644 --- a/MdeModulePkg/Library/BootManagerUiLib/BootManager.c +++ b/MdeModulePkg/Library/BootManagerUiLib/BootManager.c @@ -518,108 +518,115 @@ UpdateBootManager ( // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); + // MU_CHANGE - Ensure StartOpCodeHandle and EndOpCodeHandle are both valid + if (StartOpCodeHandle != NULL) { + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + if (EndOpCodeHandle != NULL) { + // + // Create Hii Extend Label OpCode as the start opcode + // + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LABEL_BOOT_OPTION; - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode as the start opcode - // - StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_BOOT_OPTION; + // + // Create Hii Extend Label OpCode as the end opcode + // + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_BOOT_OPTION_END; + mKeyInput = 0; + NeedEndOp = FALSE; + for (Index = 0; Index < BootOptionCount; Index++) { + // + // At this stage we are creating a menu entry, thus the Keys are reproduceable + // + mKeyInput++; - // - // Create Hii Extend Label OpCode as the end opcode - // - EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_BOOT_OPTION_END; - mKeyInput = 0; - NeedEndOp = FALSE; - for (Index = 0; Index < BootOptionCount; Index++) { - // - // At this stage we are creating a menu entry, thus the Keys are reproduceable - // - mKeyInput++; + // + // Don't display hidden boot options, but retain inactive ones. + // + if ((BootOption[Index].Attributes & LOAD_OPTION_HIDDEN) != 0) { + continue; + } - // - // Don't display hidden boot options, but retain inactive ones. - // - if ((BootOption[Index].Attributes & LOAD_OPTION_HIDDEN) != 0) { - continue; - } + // + // Group the legacy boot option in the sub title created dynamically + // + IsLegacyOption = (BOOLEAN)( + (DevicePathType (BootOption[Index].FilePath) == BBS_DEVICE_PATH) && + (DevicePathSubType (BootOption[Index].FilePath) == BBS_BBS_DP) + ); + + if (!IsLegacyOption && NeedEndOp) { + NeedEndOp = FALSE; + HiiCreateEndOpCode (StartOpCodeHandle); + } - // - // Group the legacy boot option in the sub title created dynamically - // - IsLegacyOption = (BOOLEAN)( - (DevicePathType (BootOption[Index].FilePath) == BBS_DEVICE_PATH) && - (DevicePathSubType (BootOption[Index].FilePath) == BBS_BBS_DP) - ); + if (IsLegacyOption && (DeviceType != ((BBS_BBS_DEVICE_PATH *)BootOption[Index].FilePath)->DeviceType)) { + if (NeedEndOp) { + HiiCreateEndOpCode (StartOpCodeHandle); + } - if (!IsLegacyOption && NeedEndOp) { - NeedEndOp = FALSE; - HiiCreateEndOpCode (StartOpCodeHandle); - } + DeviceType = ((BBS_BBS_DEVICE_PATH *)BootOption[Index].FilePath)->DeviceType; + Token = HiiSetString ( + HiiHandle, + 0, + mDeviceTypeStr[ + MIN (DeviceType & 0xF, ARRAY_SIZE (mDeviceTypeStr) - 1) + ], + NULL + ); + HiiCreateSubTitleOpCode (StartOpCodeHandle, Token, 0, 0, 1); + NeedEndOp = TRUE; + } - if (IsLegacyOption && (DeviceType != ((BBS_BBS_DEVICE_PATH *)BootOption[Index].FilePath)->DeviceType)) { - if (NeedEndOp) { - HiiCreateEndOpCode (StartOpCodeHandle); - } + ASSERT (BootOption[Index].Description != NULL); - DeviceType = ((BBS_BBS_DEVICE_PATH *)BootOption[Index].FilePath)->DeviceType; - Token = HiiSetString ( - HiiHandle, - 0, - mDeviceTypeStr[ - MIN (DeviceType & 0xF, ARRAY_SIZE (mDeviceTypeStr) - 1) - ], - NULL - ); - HiiCreateSubTitleOpCode (StartOpCodeHandle, Token, 0, 0, 1); - NeedEndOp = TRUE; - } + Token = HiiSetString (HiiHandle, 0, BootOption[Index].Description, NULL); - ASSERT (BootOption[Index].Description != NULL); + TempStr = BmDevicePathToStr (BootOption[Index].FilePath); + if (TempStr != NULL) { + TempSize = StrSize (TempStr); + HelpString = AllocateZeroPool (TempSize + StrSize (L"Device Path : ")); + MaxLen = (TempSize + StrSize (L"Device Path : "))/sizeof (CHAR16); + ASSERT (HelpString != NULL); + if (HelpString != NULL) { + StrCatS (HelpString, MaxLen, L"Device Path : "); + StrCatS (HelpString, MaxLen, TempStr); + } + } - Token = HiiSetString (HiiHandle, 0, BootOption[Index].Description, NULL); + HelpToken = HiiSetString (HiiHandle, 0, HelpString, NULL); - TempStr = BmDevicePathToStr (BootOption[Index].FilePath); - TempSize = StrSize (TempStr); - HelpString = AllocateZeroPool (TempSize + StrSize (L"Device Path : ")); - MaxLen = (TempSize + StrSize (L"Device Path : "))/sizeof (CHAR16); - ASSERT (HelpString != NULL); - StrCatS (HelpString, MaxLen, L"Device Path : "); - StrCatS (HelpString, MaxLen, TempStr); + HiiCreateActionOpCode ( + StartOpCodeHandle, + mKeyInput, + Token, + HelpToken, + EFI_IFR_FLAG_CALLBACK, + 0 + ); + } - HelpToken = HiiSetString (HiiHandle, 0, HelpString, NULL); + if (NeedEndOp) { + HiiCreateEndOpCode (StartOpCodeHandle); + } - HiiCreateActionOpCode ( - StartOpCodeHandle, - mKeyInput, - Token, - HelpToken, - EFI_IFR_FLAG_CALLBACK, - 0 - ); - } + HiiUpdateForm ( + HiiHandle, + &mBootManagerGuid, + BOOT_MANAGER_FORM_ID, + StartOpCodeHandle, + EndOpCodeHandle + ); + HiiFreeOpCodeHandle (EndOpCodeHandle); + } - if (NeedEndOp) { - HiiCreateEndOpCode (StartOpCodeHandle); + HiiFreeOpCodeHandle (StartOpCodeHandle); } - HiiUpdateForm ( - HiiHandle, - &mBootManagerGuid, - BOOT_MANAGER_FORM_ID, - StartOpCodeHandle, - EndOpCodeHandle - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - EfiBootManagerFreeLoadOptions (BootOption, BootOptionCount); } @@ -839,10 +846,14 @@ BootManagerCallback ( // parse the selected option // BmSetConsoleMode (FALSE); - EfiBootManagerBoot (&BootOption[QuestionId - 1]); - BmSetConsoleMode (TRUE); + // MU_CHANGE - Ensure BootOption is not null before dereference + if (BootOption != NULL) { + EfiBootManagerBoot (&BootOption[QuestionId - 1]); + } - if (EFI_ERROR (BootOption[QuestionId - 1].Status)) { + BmSetConsoleMode (TRUE); + // MU_CHANGE - Verify BootOption is not NULL before dereference + if ((BootOption != NULL) && EFI_ERROR (BootOption[QuestionId - 1].Status)) { gST->ConOut->OutputString ( gST->ConOut, HiiGetString (gBootManagerPrivate.HiiHandle, STRING_TOKEN (STR_ANY_KEY_CONTINUE), NULL) diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c index 3cb31ab984..4e71c210a3 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c @@ -182,12 +182,12 @@ BrGetDecodedSizeOfBuf ( ) { UINT64 DecodedSize; - INTN Index; + UINT8 Index; /* Parse header */ DecodedSize = 0; - for (Index = EndOffset - 1; Index >= StartOffset; Index--) { - DecodedSize = LShiftU64 (DecodedSize, 8) + EncodedData[Index]; + for (Index = EndOffset; Index > StartOffset; Index--) { + DecodedSize = LShiftU64 (DecodedSize, 8) + EncodedData[Index - 1]; } return DecodedSize; diff --git a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c index 58130d9383..7e9cbeb62c 100644 --- a/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c +++ b/MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLibInternal.c @@ -68,12 +68,12 @@ PrintBannerInfo ( // // for (Line = 0; Line < BANNER_HEIGHT; Line++) { // - for (Line = (UINT8)gScreenDimensions.TopRow; Line < BANNER_HEIGHT + (UINT8)gScreenDimensions.TopRow; Line++) { + for (Line = (UINT8)gScreenDimensions.TopRow; (UINTN)Line < (UINTN)(BANNER_HEIGHT + (UINT8)gScreenDimensions.TopRow); Line++) { // // for (Alignment = 0; Alignment < BANNER_COLUMNS; Alignment++) { // for (Alignment = (UINT8)gScreenDimensions.LeftColumn; - Alignment < BANNER_COLUMNS + (UINT8)gScreenDimensions.LeftColumn; + (UINTN)Alignment < (UINTN)(BANNER_COLUMNS + (UINT8)gScreenDimensions.LeftColumn); Alignment++ ) { diff --git a/MdeModulePkg/Library/DeviceManagerUiLib/DeviceManager.c b/MdeModulePkg/Library/DeviceManagerUiLib/DeviceManager.c index b32e5bc906..50f145c855 100644 --- a/MdeModulePkg/Library/DeviceManagerUiLib/DeviceManager.c +++ b/MdeModulePkg/Library/DeviceManagerUiLib/DeviceManager.c @@ -558,10 +558,14 @@ CreateDeviceManagerForm ( NewStringLen = StrLen (mSelectedMacAddrString) * 2; NewStringLen += (StrLen (String) + 2) * 2; NewStringTitle = AllocatePool (NewStringLen); - UnicodeSPrint (NewStringTitle, NewStringLen, L"%s %s", String, mSelectedMacAddrString); - HiiSetString (HiiHandle, STRING_TOKEN (STR_FORM_NETWORK_DEVICE_TITLE), NewStringTitle, NULL); + // MU_CHANGE - Verify Allocation before using memory + if (NewStringTitle != NULL) { + UnicodeSPrint (NewStringTitle, NewStringLen, L"%s %s", String, mSelectedMacAddrString); + HiiSetString (HiiHandle, STRING_TOKEN (STR_FORM_NETWORK_DEVICE_TITLE), NewStringTitle, NULL); + FreePool (NewStringTitle); + } + FreePool (String); - FreePool (NewStringTitle); } // @@ -569,184 +573,192 @@ CreateDeviceManagerForm ( // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); + // MU_CHANGE - Verify StartOpCodeHandle and EndOpCodeHandle are valid before using + if (StartOpCodeHandle != NULL) { + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + if (EndOpCodeHandle != NULL) { + // + // Create Hii Extend Label OpCode as the start opcode + // + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + // + // According to the next show Form id(mNextShowFormId) to decide which form need to update. + // + StartLabel->Number = (UINT16)(LABEL_FORM_ID_OFFSET + NextShowFormId); - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode as the start opcode - // - StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - // - // According to the next show Form id(mNextShowFormId) to decide which form need to update. - // - StartLabel->Number = (UINT16)(LABEL_FORM_ID_OFFSET + NextShowFormId); - - // - // Create Hii Extend Label OpCode as the end opcode - // - EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Get all the Hii handles - // - HiiHandles = HiiGetHiiHandles (NULL); - ASSERT (HiiHandles != NULL); - - // - // Search for formset of each class type - // - for (Index = 0; HiiHandles[Index] != NULL; Index++) { - Status = HiiGetFormSetFromHiiHandle (HiiHandles[Index], &Buffer, &BufferSize); - if (EFI_ERROR (Status)) { - continue; - } - - Ptr = (UINT8 *)Buffer; - while (TempSize < BufferSize) { - TempSize += ((EFI_IFR_OP_HEADER *)Ptr)->Length; - if (((EFI_IFR_OP_HEADER *)Ptr)->Length <= OFFSET_OF (EFI_IFR_FORM_SET, Flags)) { - Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length; - continue; - } - - ClassGuidNum = (UINT8)(((EFI_IFR_FORM_SET *)Ptr)->Flags & 0x3); - ClassGuid = (EFI_GUID *)(VOID *)(Ptr + sizeof (EFI_IFR_FORM_SET)); - while (ClassGuidNum-- > 0) { - if (CompareGuid (&gEfiHiiPlatformSetupFormsetGuid, ClassGuid) == 0) { - ClassGuid++; - continue; - } - - String = HiiGetString (HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->FormSetTitle, NULL); - if (String == NULL) { - String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); - ASSERT (String != NULL); - } - - Token = HiiSetString (HiiHandle, 0, String, NULL); - FreePool (String); - - String = HiiGetString (HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->Help, NULL); - if (String == NULL) { - String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); - ASSERT (String != NULL); - } - - TokenHelp = HiiSetString (HiiHandle, 0, String, NULL); - FreePool (String); - - CopyMem (&FormSetGuid, &((EFI_IFR_FORM_SET *)Ptr)->Guid, sizeof (EFI_GUID)); + // + // Create Hii Extend Label OpCode as the end opcode + // + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; + // + // Get all the Hii handles + // + HiiHandles = HiiGetHiiHandles (NULL); + ASSERT (HiiHandles != NULL); + if (HiiHandles != NULL) { // - // Network device process + // Search for formset of each class type // - if (IsNeedAddNetworkMenu (HiiHandles[Index], NextShowFormId, &AddItemCount)) { - if (NextShowFormId == DEVICE_MANAGER_FORM_ID) { - // - // Only show one menu item "Network Config" in the device manger form. - // - if (!AddNetworkMenu) { - AddNetworkMenu = TRUE; - HiiCreateGotoOpCode ( - StartOpCodeHandle, - NETWORK_DEVICE_LIST_FORM_ID, - STRING_TOKEN (STR_FORM_NETWORK_DEVICE_LIST_TITLE), - STRING_TOKEN (STR_FORM_NETWORK_DEVICE_LIST_HELP), - EFI_IFR_FLAG_CALLBACK, - (EFI_QUESTION_ID)QUESTION_NETWORK_DEVICE_ID - ); - } - } else if (NextShowFormId == NETWORK_DEVICE_LIST_FORM_ID) { - // - // In network device list form, same mac address device only show one menu. - // - while (AddItemCount > 0) { - HiiCreateGotoOpCode ( - StartOpCodeHandle, - NETWORK_DEVICE_FORM_ID, - mMacDeviceList.NodeList[mMacDeviceList.CurListLen - AddItemCount].PromptId, - STRING_TOKEN (STR_NETWORK_DEVICE_HELP), - EFI_IFR_FLAG_CALLBACK, - mMacDeviceList.NodeList[mMacDeviceList.CurListLen - AddItemCount].QuestionId - ); - AddItemCount -= 1; - } - } else if (NextShowFormId == NETWORK_DEVICE_FORM_ID) { - // - // In network device form, only the selected mac address device need to be show. - // - DevicePathStr = DmExtractDevicePathFromHiiHandle (HiiHandles[Index]); - DevicePathId = 0; - if (DevicePathStr != NULL) { - DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); - FreePool (DevicePathStr); + for (Index = 0; HiiHandles[Index] != NULL; Index++) { + Status = HiiGetFormSetFromHiiHandle (HiiHandles[Index], &Buffer, &BufferSize); + if (EFI_ERROR (Status)) { + continue; + } + + Ptr = (UINT8 *)Buffer; + while (TempSize < BufferSize) { + TempSize += ((EFI_IFR_OP_HEADER *)Ptr)->Length; + if (((EFI_IFR_OP_HEADER *)Ptr)->Length <= OFFSET_OF (EFI_IFR_FORM_SET, Flags)) { + Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length; + continue; } - HiiCreateGotoExOpCode ( - StartOpCodeHandle, - 0, - Token, - TokenHelp, - 0, - (EFI_QUESTION_ID)(Index + DEVICE_KEY_OFFSET), - 0, - &FormSetGuid, - DevicePathId - ); - } - } else { - // - // Not network device process, only need to show at device manger form. - // - if (NextShowFormId == DEVICE_MANAGER_FORM_ID) { - DevicePathStr = DmExtractDevicePathFromHiiHandle (HiiHandles[Index]); - DevicePathId = 0; - if (DevicePathStr != NULL) { - DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); - FreePool (DevicePathStr); + ClassGuidNum = (UINT8)(((EFI_IFR_FORM_SET *)Ptr)->Flags & 0x3); + ClassGuid = (EFI_GUID *)(VOID *)(Ptr + sizeof (EFI_IFR_FORM_SET)); + while (ClassGuidNum-- > 0) { + if (CompareGuid (&gEfiHiiPlatformSetupFormsetGuid, ClassGuid) == 0) { + ClassGuid++; + continue; + } + + String = HiiGetString (HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->FormSetTitle, NULL); + if (String == NULL) { + String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); + ASSERT (String != NULL); + } + + Token = HiiSetString (HiiHandle, 0, String, NULL); + if (String != NULL) { + FreePool (String); + } + + String = HiiGetString (HiiHandles[Index], ((EFI_IFR_FORM_SET *)Ptr)->Help, NULL); + if (String == NULL) { + String = HiiGetString (HiiHandle, STRING_TOKEN (STR_MISSING_STRING), NULL); + ASSERT (String != NULL); + } + + TokenHelp = HiiSetString (HiiHandle, 0, String, NULL); + if (String != NULL) { + FreePool (String); + } + + CopyMem (&FormSetGuid, &((EFI_IFR_FORM_SET *)Ptr)->Guid, sizeof (EFI_GUID)); + + // + // Network device process + // + if (IsNeedAddNetworkMenu (HiiHandles[Index], NextShowFormId, &AddItemCount)) { + if (NextShowFormId == DEVICE_MANAGER_FORM_ID) { + // + // Only show one menu item "Network Config" in the device manger form. + // + if (!AddNetworkMenu) { + AddNetworkMenu = TRUE; + HiiCreateGotoOpCode ( + StartOpCodeHandle, + NETWORK_DEVICE_LIST_FORM_ID, + STRING_TOKEN (STR_FORM_NETWORK_DEVICE_LIST_TITLE), + STRING_TOKEN (STR_FORM_NETWORK_DEVICE_LIST_HELP), + EFI_IFR_FLAG_CALLBACK, + (EFI_QUESTION_ID)QUESTION_NETWORK_DEVICE_ID + ); + } + } else if (NextShowFormId == NETWORK_DEVICE_LIST_FORM_ID) { + // + // In network device list form, same mac address device only show one menu. + // + while (AddItemCount > 0) { + HiiCreateGotoOpCode ( + StartOpCodeHandle, + NETWORK_DEVICE_FORM_ID, + mMacDeviceList.NodeList[mMacDeviceList.CurListLen - AddItemCount].PromptId, + STRING_TOKEN (STR_NETWORK_DEVICE_HELP), + EFI_IFR_FLAG_CALLBACK, + mMacDeviceList.NodeList[mMacDeviceList.CurListLen - AddItemCount].QuestionId + ); + AddItemCount -= 1; + } + } else if (NextShowFormId == NETWORK_DEVICE_FORM_ID) { + // + // In network device form, only the selected mac address device need to be show. + // + DevicePathStr = DmExtractDevicePathFromHiiHandle (HiiHandles[Index]); + DevicePathId = 0; + if (DevicePathStr != NULL) { + DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); + FreePool (DevicePathStr); + } + + HiiCreateGotoExOpCode ( + StartOpCodeHandle, + 0, + Token, + TokenHelp, + 0, + (EFI_QUESTION_ID)(Index + DEVICE_KEY_OFFSET), + 0, + &FormSetGuid, + DevicePathId + ); + } + } else { + // + // Not network device process, only need to show at device manger form. + // + if (NextShowFormId == DEVICE_MANAGER_FORM_ID) { + DevicePathStr = DmExtractDevicePathFromHiiHandle (HiiHandles[Index]); + DevicePathId = 0; + if (DevicePathStr != NULL) { + DevicePathId = HiiSetString (HiiHandle, 0, DevicePathStr, NULL); + FreePool (DevicePathStr); + } + + HiiCreateGotoExOpCode ( + StartOpCodeHandle, + 0, + Token, + TokenHelp, + 0, + (EFI_QUESTION_ID)(Index + DEVICE_KEY_OFFSET), + 0, + &FormSetGuid, + DevicePathId + ); + } + } + + break; } - HiiCreateGotoExOpCode ( - StartOpCodeHandle, - 0, - Token, - TokenHelp, - 0, - (EFI_QUESTION_ID)(Index + DEVICE_KEY_OFFSET), - 0, - &FormSetGuid, - DevicePathId - ); + Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length; } - } - break; + FreePool (Buffer); + Buffer = NULL; + TempSize = 0; + BufferSize = 0; + } } - Ptr += ((EFI_IFR_OP_HEADER *)Ptr)->Length; + HiiUpdateForm ( + HiiHandle, + &mDeviceManagerGuid, + NextShowFormId, + StartOpCodeHandle, + EndOpCodeHandle + ); + HiiFreeOpCodeHandle (EndOpCodeHandle); } - FreePool (Buffer); - Buffer = NULL; - TempSize = 0; - BufferSize = 0; + HiiFreeOpCodeHandle (StartOpCodeHandle); } - HiiUpdateForm ( - HiiHandle, - &mDeviceManagerGuid, - NextShowFormId, - StartOpCodeHandle, - EndOpCodeHandle - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - // MU_CHANGE: Only free HiiHandles if it is not NULL if (HiiHandles != NULL) { FreePool (HiiHandles); } diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c index 41b3282d29..3f165a4784 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c @@ -301,7 +301,8 @@ GetBootOptionInOrder ( // Second get BootOption from "BootOrder" // BootOrderOptionBuf = EfiBootManagerGetLoadOptions (&BootOrderCount, LoadOptionTypeBoot); - if ((BootNextCount == 0) && (BootOrderCount == 0)) { + // MU_CHANGE - CodeQL change + if (((BootNextCount == 0) && (BootOrderCount == 0)) || (BootOrderOptionBuf == NULL)) { return EFI_NOT_FOUND; } diff --git a/MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.c b/MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.c index 9231c2b096..0e418f4a32 100644 --- a/MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.c +++ b/MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.c @@ -1054,7 +1054,13 @@ InsertFpdtRecord ( switch (PerfId) { case MODULE_START_ID: case MODULE_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + // MU_CHANGE [END] - CodeQL change StringPtr = ModuleName; // // Cache the offset of start image start record and use to update the start image end record if needed. @@ -1090,7 +1096,13 @@ InsertFpdtRecord ( case MODULE_LOADIMAGE_START_ID: case MODULE_LOADIMAGE_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + // MU_CHANGE [END] - CodeQL change StringPtr = ModuleName; if (PerfId == MODULE_LOADIMAGE_START_ID) { mLoadImageCount++; @@ -1133,7 +1145,13 @@ InsertFpdtRecord ( case MODULE_DB_SUPPORT_END_ID: case MODULE_DB_STOP_START_ID: case MODULE_DB_STOP_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + // MU_CHANGE [END] - CodeQL change StringPtr = ModuleName; if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.GuidQwordEvent->Header.Type = FPDT_GUID_QWORD_EVENT_TYPE; @@ -1148,7 +1166,13 @@ InsertFpdtRecord ( break; case MODULE_DB_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + // MU_CHANGE [END] - CodeQL change StringPtr = ModuleName; if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.GuidQwordStringEvent->Header.Type = FPDT_GUID_QWORD_STRING_EVENT_TYPE; @@ -1198,17 +1222,26 @@ InsertFpdtRecord ( case PERF_INMODULE_END_ID: case PERF_CROSSMODULE_START_ID: case PERF_CROSSMODULE_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + StringPtr = NULL; + if (String != NULL) { StringPtr = String; - } else { + } else if (ModuleName != NULL) { StringPtr = ModuleName; } - if (AsciiStrLen (StringPtr) == 0) { + if ((StringPtr == NULL) || (AsciiStrLen (StringPtr) == 0)) { StringPtr = "unknown name"; } + // MU_CHANGE [END] - CodeQL change + if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.DynamicStringEvent->Header.Type = FPDT_DYNAMIC_STRING_EVENT_TYPE; FpdtRecordPtr.DynamicStringEvent->Header.Length = sizeof (FPDT_DYNAMIC_STRING_EVENT_RECORD); @@ -1223,17 +1256,26 @@ InsertFpdtRecord ( default: if (Attribute != PerfEntry) { - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + StringPtr = NULL; + if (String != NULL) { StringPtr = String; - } else { + } else if (ModuleName != NULL) { StringPtr = ModuleName; } - if (AsciiStrLen (StringPtr) == 0) { + if ((StringPtr == NULL) || (AsciiStrLen (StringPtr) == 0)) { StringPtr = "unknown name"; } + // MU_CHANGE [END] - CodeQL change + if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.DynamicStringEvent->Header.Type = FPDT_DYNAMIC_STRING_EVENT_TYPE; FpdtRecordPtr.DynamicStringEvent->Header.Length = sizeof (FPDT_DYNAMIC_STRING_EVENT_RECORD); diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c index 8b8cf3a7d3..c89cf9f985 100644 --- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c +++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c @@ -220,7 +220,7 @@ ExecuteSecurityHandlers ( UINTN FileSize; EFI_HANDLE Handle; EFI_DEVICE_PATH_PROTOCOL *Node; - EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy; + EFI_DEVICE_PATH_PROTOCOL *FilePathToVerify; if (FilePath == NULL) { return EFI_INVALID_PARAMETER; @@ -237,7 +237,7 @@ ExecuteSecurityHandlers ( FileBuffer = NULL; FileSize = 0; HandlerAuthenticationStatus = AuthenticationStatus; - FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *)FilePath; + FilePathToVerify = (EFI_DEVICE_PATH_PROTOCOL *)FilePath; // // Run security handler in same order to their registered list // @@ -247,7 +247,7 @@ ExecuteSecurityHandlers ( // Try get file buffer when the handler requires image buffer. // if (FileBuffer == NULL) { - Node = FilePathToVerfiy; + Node = FilePathToVerify; Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle); // // Try to get image by FALSE boot policy for the exact boot file path. @@ -264,14 +264,19 @@ ExecuteSecurityHandlers ( // // LoadFile () may cause the device path of the Handle be updated. // - FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node); + FilePathToVerify = AppendDevicePath (DevicePathFromHandle (Handle), Node); } } } + if (FilePathToVerify == NULL) { + ASSERT (FilePathToVerify != NULL); + continue; + } + Status = mSecurityTable[Index].SecurityHandler ( HandlerAuthenticationStatus, - FilePathToVerfiy, + FilePathToVerify, FileBuffer, FileSize ); @@ -284,8 +289,8 @@ ExecuteSecurityHandlers ( FreePool (FileBuffer); } - if (FilePathToVerfiy != FilePath) { - FreePool (FilePathToVerfiy); + if (FilePathToVerify != FilePath) { + FreePool (FilePathToVerify); } return Status; diff --git a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c b/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c index 804a03d868..c9f2c38a63 100644 --- a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c +++ b/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c @@ -560,7 +560,14 @@ LibFileInfo ( ); if (Status == EFI_BUFFER_TOO_SMALL) { Buffer = AllocatePool (BufferSize); - ASSERT (Buffer != NULL); + + // MU_CHANGE START + if (Buffer == NULL) { + ASSERT (Buffer != NULL); + return NULL; + } + + // MU_CHANGE END } Status = FHand->GetInfo ( @@ -1074,6 +1081,11 @@ LibCreateNewFile ( NewHandle = NULL; FullFileName = NULL; + // MU_CHANGE - Check return status of LibGetFileHandleFromDevicePath + Status = LibGetFileHandleFromDevicePath (gFileExplorerPrivate.RetDevicePath, &FileHandle, &ParentName, &DeviceHandle); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } if (EFI_ERROR (LibGetFileHandleFromDevicePath (gFileExplorerPrivate.RetDevicePath, &FileHandle, &ParentName, &DeviceHandle))) { return EFI_DEVICE_ERROR; diff --git a/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c b/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c index 2700f5adbc..bb96fdcd7c 100644 --- a/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c +++ b/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c @@ -694,17 +694,26 @@ InsertFpdtRecord ( case PERF_INMODULE_END_ID: case PERF_CROSSMODULE_START_ID: case PERF_CROSSMODULE_END_ID: - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + StringPtr = NULL; + if (String != NULL) { StringPtr = String; - } else { + } else if (ModuleName != NULL) { StringPtr = ModuleName; } - if (AsciiStrLen (StringPtr) == 0) { + if ((StringPtr == NULL) || (AsciiStrLen (StringPtr) == 0)) { StringPtr = "unknown name"; } + // MU_CHANGE [END] - CodeQL change + if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.DynamicStringEvent->Header.Type = FPDT_DYNAMIC_STRING_EVENT_TYPE; FpdtRecordPtr.DynamicStringEvent->Header.Length = sizeof (FPDT_DYNAMIC_STRING_EVENT_RECORD); @@ -719,17 +728,26 @@ InsertFpdtRecord ( default: if (Attribute != PerfEntry) { - GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + // MU_CHANGE [BEGIN] - CodeQL change + Status = GetModuleInfoFromHandle ((EFI_HANDLE)CallerIdentifier, ModuleName, sizeof (ModuleName), &ModuleGuid); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to get Module Info from Handle! Status = %r\n", Status)); + } + + StringPtr = NULL; + if (String != NULL) { StringPtr = String; - } else { + } else if (ModuleName != NULL) { StringPtr = ModuleName; } - if (AsciiStrLen (StringPtr) == 0) { + if ((StringPtr == NULL) || (AsciiStrLen (StringPtr) == 0)) { StringPtr = "unknown name"; } + // MU_CHANGE [END] - CodeQL change + if (!PcdGetBool (PcdEdkiiFpdtStringRecordEnableOnly)) { FpdtRecordPtr.DynamicStringEvent->Header.Type = FPDT_DYNAMIC_STRING_EVENT_TYPE; FpdtRecordPtr.DynamicStringEvent->Header.Length = sizeof (FPDT_DYNAMIC_STRING_EVENT_RECORD); diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c index ab2cb7a2b4..3b9c30dac2 100644 --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c @@ -366,7 +366,9 @@ InternalGetLockBoxQueue ( /** This function find LockBox by GUID. - @param Guid The guid to indentify the LockBox + NULL will be returned by this function if the lock box queue is not found. + + @param Guid The guid to identify the LockBox @return LockBoxData **/ @@ -380,7 +382,11 @@ InternalFindLockBoxByGuid ( LIST_ENTRY *LockBoxQueue; LockBoxQueue = InternalGetLockBoxQueue (); - ASSERT (LockBoxQueue != NULL); + + if (LockBoxQueue == NULL) { + ASSERT (LockBoxQueue != NULL); + return NULL; + } for (Link = LockBoxQueue->ForwardLink; Link != LockBoxQueue; @@ -500,7 +506,11 @@ SaveLockBox ( )); LockBoxQueue = InternalGetLockBoxQueue (); - ASSERT (LockBoxQueue != NULL); + if (LockBoxQueue == NULL) { + ASSERT (LockBoxQueue != NULL); + return EFI_OUT_OF_RESOURCES; + } + InsertTailList (LockBoxQueue, &LockBox->Link); // @@ -834,6 +844,7 @@ RestoreLockBox ( @retval RETURN_SUCCESS the information is restored successfully. @retval RETURN_NOT_STARTED it is too early to invoke this interface @retval RETURN_UNSUPPORTED the service is not supported by implementaion. + @retval RETURN_OUT_OF_RESOURCES noT enough resourceS to save the information. **/ RETURN_STATUS EFIAPI @@ -848,7 +859,10 @@ RestoreAllLockBoxInPlace ( DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n")); LockBoxQueue = InternalGetLockBoxQueue (); - ASSERT (LockBoxQueue != NULL); + if (LockBoxQueue == NULL) { + ASSERT (LockBoxQueue != NULL); + return EFI_OUT_OF_RESOURCES; + } // // Restore all, Buffer and Length MUST be NULL diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c index 06a1ebf324..efb34ff54e 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c @@ -217,10 +217,12 @@ BmAdjustFvFilePath ( (VOID **)&LoadedImage ); NewDevicePath = AppendDevicePathNode (DevicePathFromHandle (LoadedImage->DeviceHandle), FvFileNode); - FullPath = BmAdjustFvFilePath (NewDevicePath); - FreePool (NewDevicePath); - if (FullPath != NULL) { - return FullPath; + if (NewDevicePath != NULL) { + FullPath = BmAdjustFvFilePath (NewDevicePath); + FreePool (NewDevicePath); + if (FullPath != NULL) { + return FullPath; + } } // @@ -242,7 +244,12 @@ BmAdjustFvFilePath ( } NewDevicePath = AppendDevicePathNode (DevicePathFromHandle (FvHandles[Index]), FvFileNode); - FullPath = BmAdjustFvFilePath (NewDevicePath); + if (NewDevicePath == NULL) { + ASSERT (NewDevicePath != NULL); + continue; + } + + FullPath = BmAdjustFvFilePath (NewDevicePath); FreePool (NewDevicePath); if (FullPath != NULL) { break; @@ -625,6 +632,10 @@ BmExpandUsbDevicePath ( ParentDevicePathSize = (UINTN)ShortformNode - (UINTN)FilePath; RemainingDevicePath = NextDevicePathNode (ShortformNode); Handles = BmFindUsbDevice (FilePath, ParentDevicePathSize, &HandleCount); + if (Handles == NULL) { + ASSERT (Handles != NULL); + return NULL; + } for (Index = 0; Index < HandleCount; Index++) { FilePath = AppendDevicePath (DevicePathFromHandle (Handles[Index]), RemainingDevicePath); @@ -712,13 +723,20 @@ BmExpandFileDevicePath ( ) { NextFullPath = AppendDevicePath (DevicePathFromHandle (Handles[Index]), FilePath); + if (NextFullPath == NULL) { + continue; + } + if (GetNext) { + // this is the break/exit condition. Occurs on first if FullPath input parameter was NULL + // or on the next loop after input parameter FullPath matches NextFullPath. + // NextFullPath will not be NULL so outer loop is broken too break; - } else { - GetNext = (BOOLEAN)(CompareMem (NextFullPath, FullPath, GetDevicePathSize (NextFullPath)) == 0); - FreePool (NextFullPath); - NextFullPath = NULL; } + + GetNext = (BOOLEAN)(CompareMem (NextFullPath, FullPath, GetDevicePathSize (NextFullPath)) == 0); + FreePool (NextFullPath); + NextFullPath = NULL; } } @@ -926,6 +944,10 @@ BmExpandPartitionDevicePath ( // partial partition boot option. Second, check whether the instance could be connected. // Instance = GetNextDevicePathInstance (&TempNewDevicePath, &Size); + if (Instance == NULL) { + break; + } + if (BmMatchPartitionDevicePathNode (Instance, (HARDDRIVE_DEVICE_PATH *)FilePath)) { // // Connect the device path instance, the device path point to hard drive media device path node @@ -944,31 +966,33 @@ BmExpandPartitionDevicePath ( // 2. ACPI()/PCI()/ATA()/Partition()/Partition(A2)/EFI/BootX64.EFI // For simplicity, only #1 is returned. // - FullPath = BmGetNextLoadOptionDevicePath (TempDevicePath, NULL); - FreePool (TempDevicePath); - - if (FullPath != NULL) { - // - // Adjust the 'HDDP' instances sequence if the matched one is not first one. - // - if (NeedAdjust) { - BmCachePartitionDevicePath (&CachedDevicePath, Instance); + if (TempDevicePath != NULL) { + FullPath = BmGetNextLoadOptionDevicePath (TempDevicePath, NULL); + FreePool (TempDevicePath); + + if (FullPath != NULL) { // - // Save the matching Device Path so we don't need to do a connect all next time - // Failing to save only impacts performance next time expanding the short-form device path + // Adjust the 'HDDP' instances sequence if the matched one is not first one. // - Status = gRT->SetVariable ( - L"HDDP", - &mBmHardDriveBootVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - GetDevicePathSize (CachedDevicePath), - CachedDevicePath - ); + if (NeedAdjust) { + BmCachePartitionDevicePath (&CachedDevicePath, Instance); + // + // Save the matching Device Path so we don't need to do a connect all next time + // Failing to save only impacts performance next time expanding the short-form device path + // + Status = gRT->SetVariable ( + L"HDDP", + &mBmHardDriveBootVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, + GetDevicePathSize (CachedDevicePath), + CachedDevicePath + ); + } + + FreePool (Instance); + FreePool (CachedDevicePath); + return FullPath; } - - FreePool (Instance); - FreePool (CachedDevicePath); - return FullPath; } } } @@ -1013,7 +1037,11 @@ BmExpandPartitionDevicePath ( // Find the matched partition device path // TempDevicePath = AppendDevicePath (BlockIoDevicePath, NextDevicePathNode (FilePath)); - FullPath = BmGetNextLoadOptionDevicePath (TempDevicePath, NULL); + if (TempDevicePath == NULL) { + continue; + } + + FullPath = BmGetNextLoadOptionDevicePath (TempDevicePath, NULL); FreePool (TempDevicePath); if (FullPath != NULL) { @@ -1106,7 +1134,10 @@ BmExpandMediaDevicePath ( if (GetNext) { return NextFullPath; } else { - FreePool (NextFullPath); + if (NextFullPath != NULL) { + FreePool (NextFullPath); + } + return NULL; } } @@ -1163,7 +1194,11 @@ BmExpandMediaDevicePath ( // Get the device path size of SimpleFileSystem handle // TempDevicePath = DevicePathFromHandle (SimpleFileSystemHandles[Index]); - TempSize = GetDevicePathSize (TempDevicePath) - END_DEVICE_PATH_LENGTH; + if (TempDevicePath == NULL) { + continue; + } + + TempSize = GetDevicePathSize (TempDevicePath) - END_DEVICE_PATH_LENGTH; // // Check whether the device path of boot option is part of the SimpleFileSystem handle's device path // @@ -1172,9 +1207,11 @@ BmExpandMediaDevicePath ( if (GetNext) { break; } else { - GetNext = (BOOLEAN)(CompareMem (NextFullPath, FullPath, GetDevicePathSize (NextFullPath)) == 0); - FreePool (NextFullPath); - NextFullPath = NULL; + if (NextFullPath != NULL) { + GetNext = (BOOLEAN)(CompareMem (NextFullPath, FullPath, GetDevicePathSize (NextFullPath)) == 0); + FreePool (NextFullPath); + NextFullPath = NULL; + } } } } @@ -2317,12 +2354,20 @@ BmEnumerateBootOptions ( } Description = BmGetBootDescription (Handles[Index]); + if (Description == NULL) { + continue; + } + BootOptions = ReallocatePool ( sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount), sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount + 1), BootOptions ); - ASSERT (BootOptions != NULL); + if (BootOptions == NULL) { + ASSERT (BootOptions != NULL); + FreePool (Description); + continue; + } Status = EfiBootManagerInitializeLoadOption ( &BootOptions[(*BootOptionCount)++], @@ -2368,12 +2413,20 @@ BmEnumerateBootOptions ( } Description = BmGetBootDescription (Handles[Index]); + if (Description == NULL) { + continue; + } + BootOptions = ReallocatePool ( sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount), sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount + 1), BootOptions ); - ASSERT (BootOptions != NULL); + if (BootOptions == NULL) { + ASSERT (BootOptions != NULL); + FreePool (Description); + continue; + } Status = EfiBootManagerInitializeLoadOption ( &BootOptions[(*BootOptionCount)++], @@ -2412,12 +2465,20 @@ BmEnumerateBootOptions ( } Description = BmGetBootDescription (Handles[Index]); + if (Description == NULL) { + continue; + } + BootOptions = ReallocatePool ( sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount), sizeof (EFI_BOOT_MANAGER_LOAD_OPTION) * (*BootOptionCount + 1), BootOptions ); - ASSERT (BootOptions != NULL); + if (BootOptions == NULL) { + ASSERT (BootOptions != NULL); + FreePool (Description); + continue; + } Status = EfiBootManagerInitializeLoadOption ( &BootOptions[(*BootOptionCount)++], @@ -2504,6 +2565,9 @@ EfiBootManagerRefreshAllBootOption ( } NvBootOptions = EfiBootManagerGetLoadOptions (&NvBootOptionCount, LoadOptionTypeBoot); + if (NvBootOptions == NULL) { + goto Exit; + } // // Remove invalid EFI boot options from NV @@ -2540,8 +2604,14 @@ EfiBootManagerRefreshAllBootOption ( } } - EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); - EfiBootManagerFreeLoadOptions (NvBootOptions, NvBootOptionCount); +Exit: + if (BootOptions != NULL) { + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); + } + + if (NvBootOptions != NULL) { + EfiBootManagerFreeLoadOptions (NvBootOptions, NvBootOptionCount); + } } /** @@ -2640,14 +2710,17 @@ BmRegisterBootManagerMenu ( FreePool (Description); } - DEBUG_CODE ( - EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; - UINTN BootOptionCount; + DEBUG_CODE_BEGIN (); + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; - BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + if (BootOptions != NULL) { ASSERT (EfiBootManagerFindLoadOption (BootOption, BootOptions, BootOptionCount) == -1); EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); - ); + } + + DEBUG_CODE_END (); if (!EFI_ERROR (Status) && (PcdGetBool (PcdBootManagerInBootOrder))) { // MU_CHANGE @@ -2681,6 +2754,11 @@ EfiBootManagerGetBootManagerMenu ( UINTN Index; BootOptions = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot); + if ((BootOptions == NULL) || (BootOptionCount == 0)) { + BootOptionCount = 0; + Index = 0; + goto Register; + } for (Index = 0; Index < BootOptionCount; Index++) { if (BmIsBootManagerMenuFilePath (BootOptions[Index].FilePath)) { @@ -2704,6 +2782,7 @@ EfiBootManagerGetBootManagerMenu ( // // Automatically create the Boot#### for Boot Manager Menu when not found. // +Register: if (Index == BootOptionCount) { return BmRegisterBootManagerMenu (BootOption); } else { diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c index 030b2ee3ec..cbeda6572e 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBootDescription.c @@ -175,7 +175,13 @@ BmGetDescriptionFromDiskInfo ( ); if (!EFI_ERROR (Status)) { Description = AllocateZeroPool ((ModelNameLength + SerialNumberLength + 2) * sizeof (CHAR16)); - ASSERT (Description != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Description == NULL) { + ASSERT (Description != NULL); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change for (Index = 0; Index + 1 < ModelNameLength; Index += 2) { Description[Index] = (CHAR16)IdentifyData.ModelName[Index + 1]; Description[Index + 1] = (CHAR16)IdentifyData.ModelName[Index]; @@ -206,7 +212,13 @@ BmGetDescriptionFromDiskInfo ( ); if (!EFI_ERROR (Status)) { Description = AllocateZeroPool ((VENDOR_IDENTIFICATION_LENGTH + PRODUCT_IDENTIFICATION_LENGTH + 2) * sizeof (CHAR16)); - ASSERT (Description != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Description == NULL) { + ASSERT (Description != NULL); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change // // Per SCSI spec, EFI_SCSI_INQUIRY_DATA.Reserved_5_95[3 - 10] save the Verdor identification @@ -336,7 +348,13 @@ BmGetUsbDescription ( DescMaxSize = StrSize (Manufacturer) + StrSize (Product) + StrSize (SerialNumber); Description = AllocateZeroPool (DescMaxSize); - ASSERT (Description != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Description == NULL) { + ASSERT (Description != NULL); + return NULL; + } + + // MU_CHANGE [END] - CodeQL change StrCatS (Description, DescMaxSize/sizeof (CHAR16), Manufacturer); StrCatS (Description, DescMaxSize/sizeof (CHAR16), L" "); @@ -367,7 +385,7 @@ BmGetUsbDescription ( @param Handle Controller handle. - @return The description string. + @return The description string or NULL if the string could not be created. **/ CHAR16 * BmGetNetworkDescription ( @@ -499,7 +517,11 @@ BmGetNetworkDescription ( // DescriptionSize = sizeof (L"HTTPv6 (MAC:112233445566 VLAN65535)"); Description = AllocatePool (DescriptionSize); - ASSERT (Description != NULL); + if (Description == NULL) { + ASSERT (Description != NULL); + return NULL; + } + UnicodeSPrint ( Description, DescriptionSize, @@ -792,7 +814,7 @@ BM_GET_BOOT_DESCRIPTION mBmBootDescriptionHandlers[] = { @param Handle Controller handle. - @return The description string. + @return The description string or NULL if the string could not be created. **/ CHAR16 * BmGetBootDescription ( @@ -818,7 +840,11 @@ BmGetBootDescription ( // ONLY for core provided boot description handler. // Temp = AllocatePool (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)); - ASSERT (Temp != NULL); + if (Temp == NULL) { + ASSERT (Temp != NULL); + return NULL; + } + StrCpyS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), mBmUefiPrefix); StrCatS (Temp, (StrSize (DefaultDescription) + sizeof (mBmUefiPrefix)) / sizeof (CHAR16), DefaultDescription); FreePool (DefaultDescription); @@ -882,7 +908,13 @@ BmMakeBootOptionDescriptionUnique ( } Visited = AllocateZeroPool (sizeof (BOOLEAN) * BootOptionCount); - ASSERT (Visited != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Visited == NULL) { + ASSERT (Visited != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change for (Base = 0; Base < BootOptionCount; Base++) { if (!Visited[Base]) { diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c b/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c index 60e7b1099a..dcbba58ede 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c @@ -193,7 +193,9 @@ EfiBootManagerGetGopDevicePath ( // TempDevicePath = GopPool; GopPool = AppendDevicePathInstance (GopPool, DevicePath); - gBS->FreePool (TempDevicePath); + if (TempDevicePath != NULL) { + gBS->FreePool (TempDevicePath); + } } } @@ -204,9 +206,15 @@ EfiBootManagerGetGopDevicePath ( DEBUG ((DEBUG_INFO, "[Bds] Looking for GOP child deeper ... \n")); TempDevicePath = GopPool; ReturnDevicePath = EfiBootManagerGetGopDevicePath (OpenInfoBuffer[Index].ControllerHandle); - GopPool = AppendDevicePathInstance (GopPool, ReturnDevicePath); - gBS->FreePool (ReturnDevicePath); - gBS->FreePool (TempDevicePath); + // MU_CHANGE verify ReturnDevicePath is valid before Appending + if (ReturnDevicePath != NULL) { + GopPool = AppendDevicePathInstance (GopPool, ReturnDevicePath); + gBS->FreePool (ReturnDevicePath); + } + + if (TempDevicePath != NULL) { + gBS->FreePool (TempDevicePath); + } } } } @@ -421,7 +429,7 @@ EfiBootManagerUpdateConsoleVariable ( IN EFI_DEVICE_PATH_PROTOCOL *ExclusiveDevicePath ) { - EFI_STATUS Status; + EFI_STATUS Status = EFI_SUCCESS; // MU_CHANGE EFI_DEVICE_PATH_PROTOCOL *VarConsole; EFI_DEVICE_PATH_PROTOCOL *NewDevicePath; EFI_DEVICE_PATH_PROTOCOL *TempNewDevicePath; @@ -438,6 +446,9 @@ EfiBootManagerUpdateConsoleVariable ( return EFI_UNSUPPORTED; } + // MU_CHANGE - Initialize variable that might not be updated due to error checking + TempNewDevicePath = NULL; + // // Delete the ExclusiveDevicePath from current default console // @@ -464,29 +475,35 @@ EfiBootManagerUpdateConsoleVariable ( // Check if there is part of CustomizedConDevicePath in NewDevicePath, delete it. // NewDevicePath = BmDelPartMatchInstance (NewDevicePath, CustomizedConDevicePath); - // - // In the first check, the default console variable will be _ModuleEntryPoint, - // just append current customized device path - // - TempNewDevicePath = NewDevicePath; - NewDevicePath = AppendDevicePathInstance (NewDevicePath, CustomizedConDevicePath); + // MU_CHANGE - Verify NewDevicePath is valid before using it + if (NewDevicePath != NULL) { + // + // In the first check, the default console variable will be _ModuleEntryPoint, + // just append current customized device path + // + TempNewDevicePath = NewDevicePath; + } + + NewDevicePath = AppendDevicePathInstance (NewDevicePath, CustomizedConDevicePath); if (TempNewDevicePath != NULL) { FreePool (TempNewDevicePath); } } } - // - // Finally, Update the variable of the default console by NewDevicePath - // - Status = gRT->SetVariable ( - mConVarName[ConsoleType], - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS - | ((ConsoleType < ConInDev) ? EFI_VARIABLE_NON_VOLATILE : 0), - GetDevicePathSize (NewDevicePath), - NewDevicePath - ); + if (NewDevicePath != NULL) { + // + // Finally, Update the variable of the default console by NewDevicePath + // + Status = gRT->SetVariable ( + mConVarName[ConsoleType], + &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS + | ((ConsoleType < ConInDev) ? EFI_VARIABLE_NON_VOLATILE : 0), + GetDevicePathSize (NewDevicePath), + NewDevicePath + ); + } if (VarConsole == NewDevicePath) { if (VarConsole != NULL) { diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmDriverHealth.c b/MdeModulePkg/Library/UefiBootManagerLib/BmDriverHealth.c index 46a8b780e3..448c6d979b 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmDriverHealth.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmDriverHealth.c @@ -84,24 +84,25 @@ BmGetControllerName ( FreePool (LanguageVariable); } - Status = ComponentName->GetControllerName ( - ComponentName, - ControllerHandle, - ChildHandle, - BestLanguage, - &ControllerName - ); + if (BestLanguage != NULL) { + Status = ComponentName->GetControllerName ( + ComponentName, + ControllerHandle, + ChildHandle, + BestLanguage, + &ControllerName + ); + if (!EFI_ERROR (Status)) { + return AllocateCopyPool (StrSize (ControllerName), ControllerName); + } + } } - if (!EFI_ERROR (Status)) { - return AllocateCopyPool (StrSize (ControllerName), ControllerName); - } else { - return ConvertDevicePathToText ( - DevicePathFromHandle (ChildHandle != NULL ? ChildHandle : ControllerHandle), - FALSE, - FALSE - ); - } + return ConvertDevicePathToText ( + DevicePathFromHandle (ChildHandle != NULL ? ChildHandle : ControllerHandle), + FALSE, + FALSE + ); } /** @@ -129,7 +130,12 @@ BmDisplayMessages ( DriverHealthInfo->ControllerHandle, DriverHealthInfo->ChildHandle ); + // MU_CHANGE [BEGIN] - CodeQL change + if (ControllerName == NULL) { + return; + } + // MU_CHANGE [END] - CodeQL change DEBUG ((DEBUG_INFO, "Controller: %s\n", ControllerName)); Print (L"Controller: %s\n", ControllerName); for (Index = 0; DriverHealthInfo->MessageList[Index].HiiHandle != NULL; Index++) { @@ -465,33 +471,35 @@ BmRepairAllControllers ( // Deal with Repair Required // DriverHealthInfo = EfiBootManagerGetDriverHealthInfo (&Count); - for (Index = 0; Index < Count; Index++) { - if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusConfigurationRequired) { - ConfigurationRequired = TRUE; - } + if (DriverHealthInfo != NULL) { + for (Index = 0; Index < Count; Index++) { + if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusConfigurationRequired) { + ConfigurationRequired = TRUE; + } - if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusRepairRequired) { - RepairRequired = TRUE; + if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusRepairRequired) { + RepairRequired = TRUE; - BmDisplayMessages (&DriverHealthInfo[Index]); + BmDisplayMessages (&DriverHealthInfo[Index]); - Status = DriverHealthInfo[Index].DriverHealth->Repair ( - DriverHealthInfo[Index].DriverHealth, - DriverHealthInfo[Index].ControllerHandle, - DriverHealthInfo[Index].ChildHandle, - BmRepairNotify - ); - if (!EFI_ERROR (Status) && !ConfigurationRequired) { - Status = DriverHealthInfo[Index].DriverHealth->GetHealthStatus ( + Status = DriverHealthInfo[Index].DriverHealth->Repair ( DriverHealthInfo[Index].DriverHealth, DriverHealthInfo[Index].ControllerHandle, DriverHealthInfo[Index].ChildHandle, - &HealthStatus, - NULL, - NULL + BmRepairNotify ); - if (!EFI_ERROR (Status) && (HealthStatus == EfiDriverHealthStatusConfigurationRequired)) { - ConfigurationRequired = TRUE; + if (!EFI_ERROR (Status) && !ConfigurationRequired) { + Status = DriverHealthInfo[Index].DriverHealth->GetHealthStatus ( + DriverHealthInfo[Index].DriverHealth, + DriverHealthInfo[Index].ControllerHandle, + DriverHealthInfo[Index].ChildHandle, + &HealthStatus, + NULL, + NULL + ); + if (!EFI_ERROR (Status) && (HealthStatus == EfiDriverHealthStatusConfigurationRequired)) { + ConfigurationRequired = TRUE; + } } } } @@ -519,59 +527,67 @@ BmRepairAllControllers ( } } - EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); + if (DriverHealthInfo != NULL) { + EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); + } + RepairCount++; } while ((RepairRequired || ConfigurationRequired) && ((MaxRepairCount == 0) || (RepairCount < MaxRepairCount))); RebootRequired = FALSE; ReconnectRequired = FALSE; DriverHealthInfo = EfiBootManagerGetDriverHealthInfo (&Count); - for (Index = 0; Index < Count; Index++) { - BmDisplayMessages (&DriverHealthInfo[Index]); + if (DriverHealthInfo != NULL) { + for (Index = 0; Index < Count; Index++) { + BmDisplayMessages (&DriverHealthInfo[Index]); - if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusReconnectRequired) { - Status = gBS->DisconnectController (DriverHealthInfo[Index].ControllerHandle, NULL, NULL); - if (EFI_ERROR (Status)) { - // - // Disconnect failed. Need to promote reconnect to a reboot. - // + if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusReconnectRequired) { + Status = gBS->DisconnectController (DriverHealthInfo[Index].ControllerHandle, NULL, NULL); + if (EFI_ERROR (Status)) { + // + // Disconnect failed. Need to promote reconnect to a reboot. + // + RebootRequired = TRUE; + } else { + gBS->ConnectController (DriverHealthInfo[Index].ControllerHandle, NULL, NULL, TRUE); + ReconnectRequired = TRUE; + } + } + + if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusRebootRequired) { RebootRequired = TRUE; - } else { - gBS->ConnectController (DriverHealthInfo[Index].ControllerHandle, NULL, NULL, TRUE); - ReconnectRequired = TRUE; } } - if (DriverHealthInfo[Index].HealthStatus == EfiDriverHealthStatusRebootRequired) { - RebootRequired = TRUE; - } + EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); } - EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); - DEBUG_CODE_BEGIN (); CHAR16 *ControllerName; DriverHealthInfo = EfiBootManagerGetDriverHealthInfo (&Count); - for (Index = 0; Index < Count; Index++) { - ControllerName = BmGetControllerName ( - DriverHealthInfo[Index].DriverHealthHandle, - DriverHealthInfo[Index].ControllerHandle, - DriverHealthInfo[Index].ChildHandle - ); - DEBUG (( - DEBUG_INFO, - "%02d: %s - %s\n", - Index, - ControllerName, - mBmHealthStatusText[DriverHealthInfo[Index].HealthStatus] - )); - if (ControllerName != NULL) { - FreePool (ControllerName); + if (DriverHealthInfo != NULL) { + for (Index = 0; Index < Count; Index++) { + ControllerName = BmGetControllerName ( + DriverHealthInfo[Index].DriverHealthHandle, + DriverHealthInfo[Index].ControllerHandle, + DriverHealthInfo[Index].ChildHandle + ); + DEBUG (( + DEBUG_INFO, + "%02d: %s - %s\n", + Index, + ControllerName, + mBmHealthStatusText[DriverHealthInfo[Index].HealthStatus] + )); + if (ControllerName != NULL) { + FreePool (ControllerName); + } } + + EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); } - EfiBootManagerFreeDriverHealthInfo (DriverHealthInfo, Count); DEBUG_CODE_END (); if (ReconnectRequired) { diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c b/MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c index 90bee73a23..7136601877 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c @@ -689,7 +689,19 @@ BmProcessKeyOption ( for (Index = 0; Index < KeyShiftStateCount; Index++) { Hotkey = AllocateZeroPool (sizeof (BM_HOTKEY)); - ASSERT (Hotkey != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Hotkey == NULL) { + ASSERT (Hotkey != NULL); + if (Handles != NULL) { + FreePool (Handles); + } + + EfiReleaseLock (&mBmHotkeyLock); + + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE [END] - CodeQL change Hotkey->Signature = BM_HOTKEY_SIGNATURE; Hotkey->BootOption = KeyOption->BootOption; @@ -918,11 +930,13 @@ EfiBootManagerStartHotkeyService ( } KeyOptions = BmGetKeyOptions (&KeyOptionCount); - for (Index = 0; Index < KeyOptionCount; Index++) { - BmProcessKeyOption (&KeyOptions[Index]); - } + if (KeyOptions != NULL) { + for (Index = 0; Index < KeyOptionCount; Index++) { + BmProcessKeyOption (&KeyOptions[Index]); + } - BmFreeKeyOptions (KeyOptions, KeyOptionCount); + BmFreeKeyOptions (KeyOptions, KeyOptionCount); + } if (mBmContinueKeyOption != NULL) { BmProcessKeyOption (mBmContinueKeyOption); @@ -1014,27 +1028,31 @@ EfiBootManagerAddKeyOptionVariable ( return Status; } + Index = 0; + KeyOptionCount = 0; KeyOptionNumber = LoadOptionNumberUnassigned; // // Check if the hot key sequence was defined already // KeyOptions = BmGetKeyOptions (&KeyOptionCount); - for (Index = 0; Index < KeyOptionCount; Index++) { - if ((KeyOptions[Index].KeyData.PackedValue == KeyOption.KeyData.PackedValue) && - (CompareMem (KeyOptions[Index].Keys, KeyOption.Keys, KeyOption.KeyData.Options.InputKeyCount * sizeof (EFI_INPUT_KEY)) == 0)) - { - break; - } + if (KeyOptions != NULL) { + for ( ; Index < KeyOptionCount; Index++) { + if ((KeyOptions[Index].KeyData.PackedValue == KeyOption.KeyData.PackedValue) && + (CompareMem (KeyOptions[Index].Keys, KeyOption.Keys, KeyOption.KeyData.Options.InputKeyCount * sizeof (EFI_INPUT_KEY)) == 0)) + { + break; + } - if ((KeyOptionNumber == LoadOptionNumberUnassigned) && - (KeyOptions[Index].OptionNumber > Index) - ) - { - KeyOptionNumber = Index; + if ((KeyOptionNumber == LoadOptionNumberUnassigned) && + (KeyOptions[Index].OptionNumber > Index) + ) + { + KeyOptionNumber = Index; + } } - } - BmFreeKeyOptions (KeyOptions, KeyOptionCount); + BmFreeKeyOptions (KeyOptions, KeyOptionCount); + } if (Index < KeyOptionCount) { return EFI_ALREADY_STARTED; @@ -1155,35 +1173,37 @@ EfiBootManagerDeleteKeyOptionVariable ( // Status = EFI_NOT_FOUND; KeyOptions = BmGetKeyOptions (&KeyOptionCount); - for (Index = 0; Index < KeyOptionCount; Index++) { - if ((KeyOptions[Index].KeyData.PackedValue == KeyOption.KeyData.PackedValue) && - (CompareMem ( - KeyOptions[Index].Keys, - KeyOption.Keys, - KeyOption.KeyData.Options.InputKeyCount * sizeof (EFI_INPUT_KEY) - ) == 0) - ) - { - UnicodeSPrint (KeyOptionName, sizeof (KeyOptionName), L"Key%04x", KeyOptions[Index].OptionNumber); - Status = gRT->SetVariable ( - KeyOptionName, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - 0, - NULL - ); - // - // Return the deleted key option in case needed by caller - // - if (DeletedOption != NULL) { - CopyMem (DeletedOption, &KeyOptions[Index], sizeof (EFI_BOOT_MANAGER_KEY_OPTION)); - } + if (KeyOptions != NULL) { + for (Index = 0; Index < KeyOptionCount; Index++) { + if ((KeyOptions[Index].KeyData.PackedValue == KeyOption.KeyData.PackedValue) && + (CompareMem ( + KeyOptions[Index].Keys, + KeyOption.Keys, + KeyOption.KeyData.Options.InputKeyCount * sizeof (EFI_INPUT_KEY) + ) == 0) + ) + { + UnicodeSPrint (KeyOptionName, sizeof (KeyOptionName), L"Key%04x", KeyOptions[Index].OptionNumber); + Status = gRT->SetVariable ( + KeyOptionName, + &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, + 0, + NULL + ); + // + // Return the deleted key option in case needed by caller + // + if (DeletedOption != NULL) { + CopyMem (DeletedOption, &KeyOptions[Index], sizeof (EFI_BOOT_MANAGER_KEY_OPTION)); + } - break; + break; + } } - } - BmFreeKeyOptions (KeyOptions, KeyOptionCount); + BmFreeKeyOptions (KeyOptions, KeyOptionCount); + } EfiReleaseLock (&mBmHotkeyLock); diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c index 93db0fc40d..50fd37d6f5 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c @@ -47,7 +47,13 @@ BmForEachVariable ( NameSize = sizeof (CHAR16); Name = AllocateZeroPool (NameSize); - ASSERT (Name != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Name == NULL) { + ASSERT (Name != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change while (TRUE) { NewNameSize = NameSize; Status = gRT->GetNextVariableName (&NewNameSize, Name, &Guid); @@ -226,7 +232,10 @@ structure. + Option->OptionalDataSize; Variable = AllocatePool (VariableSize); - ASSERT (Variable != NULL); + if (Variable == NULL) { + ASSERT (Variable != NULL); + return EFI_OUT_OF_RESOURCES; + } Ptr = Variable; WriteUnaligned32 ((UINT32 *)Ptr, Option->Attributes); @@ -311,6 +320,8 @@ structure. @param Position Position of the new load option to put in the ****Order variable. @retval EFI_SUCCESS The boot#### or driver#### have been successfully registered. + @retval EFI_NOT_FOUND The boot option order variable could not be found. + @retval EFI_OUT_OF_RESOURCES Insufficient memory resources to allocate a memory buffer. @retval EFI_ALREADY_STARTED The option number of Option is being used already. @retval EFI_STATUS Return the status of gRT->SetVariable (). @@ -346,7 +357,12 @@ BmAddOptionNumberToOrderVariable ( Position = MIN (Position, OptionOrderSize / sizeof (UINT16)); NewOptionOrder = AllocatePool (OptionOrderSize + sizeof (UINT16)); - ASSERT (NewOptionOrder != NULL); + if (NewOptionOrder == NULL) { + ASSERT (NewOptionOrder != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + if (OptionOrderSize != 0) { CopyMem (NewOptionOrder, OptionOrder, Position * sizeof (UINT16)); CopyMem (&NewOptionOrder[Position + 1], &OptionOrder[Position], OptionOrderSize - Position * sizeof (UINT16)); @@ -364,6 +380,7 @@ BmAddOptionNumberToOrderVariable ( FreePool (NewOptionOrder); } +Exit: if (OptionOrder != NULL) { FreePool (OptionOrder); } @@ -467,6 +484,9 @@ EfiBootManagerSortLoadOptionVariable ( UINT16 *OptionOrder; LoadOption = EfiBootManagerGetLoadOptions (&LoadOptionCount, OptionType); + if (LoadOption == NULL) { + return; + } // // Insertion sort algorithm @@ -482,7 +502,11 @@ EfiBootManagerSortLoadOptionVariable ( // Create new ****Order variable // OptionOrder = AllocatePool (LoadOptionCount * sizeof (UINT16)); - ASSERT (OptionOrder != NULL); + if (OptionOrder == NULL) { + ASSERT (OptionOrder != NULL); + return; + } + for (Index = 0; Index < LoadOptionCount; Index++) { OptionOrder[Index] = (UINT16)LoadOption[Index].OptionNumber; } @@ -1134,7 +1158,10 @@ EfiBootManagerGetLoadOptions ( *OptionCount = OptionOrderSize / sizeof (UINT16); Options = AllocatePool (*OptionCount * sizeof (EFI_BOOT_MANAGER_LOAD_OPTION)); - ASSERT (Options != NULL); + if (Options == NULL) { + ASSERT (Options != NULL); + return NULL; + } OptionIndex = 0; for (Index = 0; Index < *OptionCount; Index++) { @@ -1157,7 +1184,11 @@ EfiBootManagerGetLoadOptions ( if (OptionIndex < *OptionCount) { Options = ReallocatePool (*OptionCount * sizeof (EFI_BOOT_MANAGER_LOAD_OPTION), OptionIndex * sizeof (EFI_BOOT_MANAGER_LOAD_OPTION), Options); - ASSERT (Options != NULL); + if (Options == NULL) { + ASSERT (Options != NULL); + return NULL; + } + *OptionCount = OptionIndex; } } else if (LoadOptionType == LoadOptionTypePlatformRecovery) { diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c index 6d87776a0e..da544ef15d 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c @@ -57,7 +57,10 @@ BmDelPartMatchInstance ( } } - FreePool (Instance); + if (Instance != NULL) { + FreePool (Instance); + } + Instance = GetNextDevicePathInstance (&Multi, &InstanceSize); InstanceSize -= END_DEVICE_PATH_LENGTH; } diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c index 63a37ab59a..8316ba4aec 100644 --- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c +++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c @@ -8,6 +8,8 @@ #include "InternalHiiLib.h" +#include + #define GUID_CONFIG_STRING_TYPE 0x00 #define NAME_CONFIG_STRING_TYPE 0x01 #define PATH_CONFIG_STRING_TYPE 0x02 @@ -51,10 +53,11 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST EFI_HII_PACKAGE_HEADER mEndOfPakageList = { If HiiHandle could not be found in the HII database, then ASSERT. If Guid is NULL, then ASSERT. - @param Handle Hii handle - @param Guid Package list GUID + @param Handle Hii handle + @param Guid Package list GUID - @retval EFI_SUCCESS Successfully extract GUID from Hii database. + @retval EFI_SUCCESS Successfully extract GUID from Hii database. + @retval EFI_OUT_OF_RESOURCES Insufficient memory resources to perform a necessary memory allocation. **/ EFI_STATUS @@ -68,8 +71,11 @@ InternalHiiExtractGuidFromHiiHandle ( UINTN BufferSize; EFI_HII_PACKAGE_LIST_HEADER *HiiPackageList; - ASSERT (Guid != NULL); - ASSERT (Handle != NULL); + if ((Handle == NULL) || (Guid == NULL)) { + ASSERT (Guid != NULL); + ASSERT (Handle != NULL); + return EFI_INVALID_PARAMETER; + } // // Get HII PackageList @@ -82,7 +88,10 @@ InternalHiiExtractGuidFromHiiHandle ( if (Status == EFI_BUFFER_TOO_SMALL) { HiiPackageList = AllocatePool (BufferSize); - ASSERT (HiiPackageList != NULL); + if (HiiPackageList == NULL) { + ASSERT (HiiPackageList != NULL); + return EFI_OUT_OF_RESOURCES; + } Status = gHiiDatabase->ExportPackageLists (gHiiDatabase, Handle, &BufferSize, HiiPackageList); } @@ -1209,7 +1218,7 @@ ValidateQuestionFromVfr ( // Check IFR value is in block data, then Validate Value // PackageOffset = sizeof (EFI_HII_PACKAGE_LIST_HEADER); - while (PackageOffset < PackageListLength) { + while ((UINTN)PackageOffset < PackageListLength) { CopyMem (&PackageHeader, (UINT8 *)HiiPackageList + PackageOffset, sizeof (PackageHeader)); // @@ -1359,8 +1368,13 @@ ValidateQuestionFromVfr ( if (NameValueType) { QuestionName = HiiGetString (HiiHandle, IfrOneOf->Question.VarStoreInfo.VarName, NULL); - ASSERT (QuestionName != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (QuestionName == NULL) { + ASSERT (QuestionName != NULL); + return EFI_INVALID_PARAMETER; + } + // MU_CHANGE [END] - CodeQL change if (StrStr (RequestElement, QuestionName) == NULL) { // // This question is not in the current configuration string. Skip it. @@ -1455,7 +1469,13 @@ ValidateQuestionFromVfr ( if (NameValueType) { QuestionName = HiiGetString (HiiHandle, IfrNumeric->Question.VarStoreInfo.VarName, NULL); - ASSERT (QuestionName != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (QuestionName == NULL) { + ASSERT (QuestionName != NULL); + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE [END] - CodeQL change if (StrStr (RequestElement, QuestionName) == NULL) { // @@ -1647,7 +1667,13 @@ ValidateQuestionFromVfr ( if (NameValueType) { QuestionName = HiiGetString (HiiHandle, IfrCheckBox->Question.VarStoreInfo.VarName, NULL); - ASSERT (QuestionName != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (QuestionName == NULL) { + ASSERT (QuestionName != NULL); + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE [END] - CodeQL change if (StrStr (RequestElement, QuestionName) == NULL) { // @@ -1749,7 +1775,13 @@ ValidateQuestionFromVfr ( Width = (UINT16)(IfrString->MaxSize * sizeof (UINT16)); if (NameValueType) { QuestionName = HiiGetString (HiiHandle, IfrString->Question.VarStoreInfo.VarName, NULL); - ASSERT (QuestionName != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (QuestionName == NULL) { + ASSERT (QuestionName != NULL); + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE [END] - CodeQL change StringPtr = StrStr (RequestElement, QuestionName); if (StringPtr == NULL) { @@ -1929,6 +1961,8 @@ GetBlockDataInfo ( IFR_BLOCK_DATA *BlockArray; UINT8 *DataBuffer; + UINT16 Sum1, Sum2; // MU_CHANGE - CodeQL change + // // Initialize the local variables. // @@ -1952,10 +1986,14 @@ GetBlockDataInfo ( goto Done; } - InitializeListHead (&BlockArray->Entry); - StringPtr = StrStr (ConfigElement, L"&OFFSET="); - ASSERT (StringPtr != NULL); + if (StringPtr == NULL) { + ASSERT (StringPtr != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + InitializeListHead (&BlockArray->Entry); // // Parse each if exists @@ -2120,19 +2158,27 @@ GetBlockDataInfo ( while ((Link != &BlockArray->Entry) && (Link->ForwardLink != &BlockArray->Entry)) { BlockData = BASE_CR (Link, IFR_BLOCK_DATA, Entry); NewBlockData = BASE_CR (Link->ForwardLink, IFR_BLOCK_DATA, Entry); - if ((NewBlockData->Offset >= BlockData->Offset) && (NewBlockData->Offset <= (BlockData->Offset + BlockData->Width))) { - if ((NewBlockData->Offset + NewBlockData->Width) > (BlockData->Offset + BlockData->Width)) { - BlockData->Width = (UINT16)(NewBlockData->Offset + NewBlockData->Width - BlockData->Offset); + // MU_CHANGE [BEGIN] - CodeQL change + if ((!EFI_ERROR (SafeUint16Add (BlockData->Offset, BlockData->Width, &Sum1))) && + (!EFI_ERROR (SafeUint16Add (NewBlockData->Offset, NewBlockData->Width, &Sum2))) && + (NewBlockData->Offset >= BlockData->Offset) && + (NewBlockData->Offset <= Sum1) && + (Sum2 > Sum1)) + { + Sum1 = BlockData->Width; + if (!EFI_ERROR (SafeUint16Sub (Sum2, BlockData->Offset, &BlockData->Width))) { + RemoveEntryList (Link->ForwardLink); + FreePool (NewBlockData); + continue; + } else { + BlockData->Width = Sum1; } - - RemoveEntryList (Link->ForwardLink); - FreePool (NewBlockData); - continue; } Link = Link->ForwardLink; } + // MU_CHANGE [END] - CodeQL change *VarBuffer = DataBuffer; *CurrentBlockArray = BlockArray; return EFI_SUCCESS; @@ -2210,7 +2256,10 @@ InternalHiiValidateCurrentSetting ( // Skip header part. // StringPtr = StrStr (ConfigResp, L"PATH="); - ASSERT (StringPtr != NULL); + if (StringPtr == NULL) { + ASSERT (StringPtr != NULL); + return EFI_OUT_OF_RESOURCES; + } if (StrStr (StringPtr, L"&") != NULL) { NameValueType = TRUE; @@ -2273,7 +2322,10 @@ GetElementsFromRequest ( EFI_STRING TmpRequest; TmpRequest = StrStr (ConfigRequest, L"PATH="); - ASSERT (TmpRequest != NULL); + if (TmpRequest == NULL) { + ASSERT (TmpRequest != NULL); + return FALSE; + } if ((StrStr (TmpRequest, L"&OFFSET=") != NULL) || (StrStr (TmpRequest, L"&") != NULL)) { return TRUE; @@ -2896,6 +2948,13 @@ HiiGetBrowserData ( Size = (StrLen (mConfigHdrTemplate) + 1) * sizeof (CHAR16); Size = Size + (StrLen (ResultsData) + 1) * sizeof (CHAR16); ConfigResp = AllocateZeroPool (Size); + // MU_CHANGE [BEGIN] - CodeQL change + if (ConfigResp == NULL) { + FreePool (ResultsData); + return FALSE; + } + + // MU_CHANGE [END] - CodeQL change UnicodeSPrint (ConfigResp, Size, L"%s&%s", mConfigHdrTemplate, ResultsData); // @@ -2976,6 +3035,12 @@ HiiSetBrowserData ( // Size = (StrLen (mConfigHdrTemplate) + 32 + 1) * sizeof (CHAR16); ConfigRequest = AllocateZeroPool (Size); + // MU_CHANGE [BEGIN] - CodeQL change + if (ConfigRequest == NULL) { + return FALSE; + } + + // MU_CHANGE [END] - CodeQL change UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", mConfigHdrTemplate, (UINT64)BufferSize); } else { // @@ -2985,6 +3050,12 @@ HiiSetBrowserData ( Size = StrLen (mConfigHdrTemplate) * sizeof (CHAR16); Size = Size + (StrLen (RequestElement) + 1) * sizeof (CHAR16); ConfigRequest = AllocateZeroPool (Size); + // MU_CHANGE [BEGIN] - CodeQL change + if (ConfigRequest == NULL) { + return FALSE; + } + + // MU_CHANGE [END] - CodeQL change UnicodeSPrint (ConfigRequest, Size, L"%s%s", mConfigHdrTemplate, RequestElement); } diff --git a/MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf b/MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf index d432b439bc..9a0f5525d9 100644 --- a/MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf +++ b/MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf @@ -41,6 +41,7 @@ UefiLib UefiHiiServicesLib PrintLib + SafeIntLib # MU_CHANGE [Protocols] gEfiFormBrowser2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Library/UefiSortLib/UefiSortLib.c b/MdeModulePkg/Library/UefiSortLib/UefiSortLib.c index 0ba1244930..dc49747098 100644 --- a/MdeModulePkg/Library/UefiSortLib/UefiSortLib.c +++ b/MdeModulePkg/Library/UefiSortLib/UefiSortLib.c @@ -62,7 +62,13 @@ PerformQuickSort ( ASSERT (CompareFunction != NULL); Buffer = AllocateZeroPool (ElementSize); - ASSERT (Buffer != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Buffer == NULL) { + ASSERT (Buffer != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change QuickSort ( BufferToSort, diff --git a/MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiGenFromFv.c b/MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiGenFromFv.c index 562f5a02f6..5c05d70086 100644 --- a/MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiGenFromFv.c +++ b/MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiGenFromFv.c @@ -178,6 +178,8 @@ ParseFfs ( UINT8 NumberofMatchingVfrBin; UINTN *VfrBinBaseAddress; + VfrBinBaseAddress = NULL; // MS_CHANGE for vs2017 + Status = Fv2->ReadFile ( Fv2, DriverGuid, diff --git a/MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLibNullClass.c b/MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLibNullClass.c index 90cef6e85d..364d3ecaa7 100644 --- a/MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLibNullClass.c +++ b/MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLibNullClass.c @@ -429,6 +429,8 @@ LocateVarCheckPcdBin ( VAR_CHECK_PCD_VARIABLE_HEADER *VarCheckPcdBin; UINTN VarCheckPcdBinSize; + VarCheckPcdBin = NULL; // MS_CHANGE for vs2017 + // // Search the VarCheckPcdBin from the first RAW section of current FFS. // diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiSdt.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiSdt.c index bb258c9710..47900400af 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiSdt.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiSdt.c @@ -335,6 +335,13 @@ SdtRegisterNotify ( // CurrentNotifyList = AllocatePool (sizeof (EFI_ACPI_NOTIFY_LIST)); ASSERT (CurrentNotifyList != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentNotifyList == NULL) { + DEBUG ((DEBUG_ERROR, "%a Failed to allocate pool\n", __func__)); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Initialize the table contents @@ -484,6 +491,13 @@ SdtOpenSdtTable ( AmlHandle = AllocatePool (sizeof (*AmlHandle)); ASSERT (AmlHandle != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlHandle == NULL) { + return EFI_NOT_FOUND; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + AmlHandle->Signature = EFI_AML_ROOT_HANDLE_SIGNATURE; AmlHandle->Buffer = (VOID *)((UINTN)Table->Table + sizeof (EFI_ACPI_SDT_HEADER)); AmlHandle->Size = Table->Table->Length - sizeof (EFI_ACPI_SDT_HEADER); @@ -560,6 +574,12 @@ SdtOpenEx ( // AmlHandle = AllocatePool (sizeof (*AmlHandle)); ASSERT (AmlHandle != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlHandle == NULL) { + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference AmlHandle->Signature = EFI_AML_HANDLE_SIGNATURE; AmlHandle->Buffer = Buffer; @@ -928,6 +948,13 @@ SdtDuplicateHandle ( DstAmlHandle = AllocatePool (sizeof (*DstAmlHandle)); ASSERT (DstAmlHandle != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DstAmlHandle == NULL) { + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + CopyMem (DstAmlHandle, (VOID *)AmlHandle, sizeof (*DstAmlHandle)); return DstAmlHandle; @@ -967,6 +994,13 @@ SdtFindPathFromRoot ( // Duplicate RootHandle // *HandleOut = (EFI_ACPI_HANDLE)SdtDuplicateHandle (AmlHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (*HandleOut == NULL) { + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTable.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTable.c index f50068d0e0..af33a58caf 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTable.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTable.c @@ -44,7 +44,13 @@ InitializeAcpiTableDxe ( // Initialize our protocol // PrivateData = AllocateZeroPool (sizeof (EFI_ACPI_TABLE_INSTANCE)); - ASSERT (PrivateData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PrivateData == NULL) { + ASSERT (PrivateData); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference PrivateData->Signature = EFI_ACPI_TABLE_SIGNATURE; // diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c index 5f8d20a7e9..85e3bfac70 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableProtocol.c @@ -538,6 +538,12 @@ AddTableToList ( // CurrentTableList = AllocatePool (sizeof (EFI_ACPI_TABLE_LIST)); ASSERT (CurrentTableList); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentTableList == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Determine table type and size diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlNamespace.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlNamespace.c index 61c7273048..2ac6e01aad 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlNamespace.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlNamespace.c @@ -32,7 +32,7 @@ AmlConstructNodeList ( @param[in] Parent AML parent node list. @param[in] AmlByteEncoding AML Byte Encoding. - @return AML Node. + @return AML Node or NULL if insufficient resources to allocate a buffer // MU_CHANGE - CodeQL Change **/ EFI_AML_NODE_LIST * AmlCreateNode ( @@ -44,7 +44,13 @@ AmlCreateNode ( EFI_AML_NODE_LIST *AmlNodeList; AmlNodeList = AllocatePool (sizeof (*AmlNodeList)); - ASSERT (AmlNodeList != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlNodeList == NULL) { + ASSERT (AmlNodeList != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference AmlNodeList->Signature = EFI_AML_NODE_LIST_SIGNATURE; CopyMem (AmlNodeList->Name, NameSeg, AML_NAME_SEG_SIZE); @@ -108,6 +114,12 @@ AmlFindNodeInThis ( // Create new node with NULL buffer - it means namespace not be returned. // AmlNodeList = AmlCreateNode (NameSeg, AmlParentNodeList, NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlNodeList == NULL) { + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference InsertTailList (&AmlParentNodeList->Children, &AmlNodeList->Link); return AmlNodeList; @@ -538,6 +550,12 @@ AmlFindPath ( RootNameSeg[0] = AML_ROOT_CHAR; RootNameSeg[1] = 0; AmlRootNodeList = AmlCreateNode (RootNameSeg, NULL, AmlHandle->AmlByteEncoding); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlRootNodeList == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Status = AmlConstructNodeList ( AmlHandle, diff --git a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlString.c b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlString.c index 9f67770578..ecb4df17c3 100644 --- a/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlString.c +++ b/MdeModulePkg/Universal/Acpi/AcpiTableDxe/AmlString.c @@ -379,7 +379,7 @@ AmlUpperCaseCopyMem ( @param[in] AslPath ASL name. - @return AmlName + @return AmlName or NULL if insufficient resources to allocate a buffer // MU_CHANGE - CodeQL Change **/ UINT8 * AmlNameFromAslName ( @@ -401,7 +401,13 @@ AmlNameFromAslName ( } AmlPath = AllocatePool (TotalLength); - ASSERT (AmlPath != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AmlPath == NULL) { + ASSERT (AmlPath != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference AmlBuffer = AmlPath; Buffer = AslPath; diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c index 7b87d04d70..79535cf0c7 100644 --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c @@ -942,8 +942,13 @@ BdsEntry ( // Execute Driver Options // LoadOptions = EfiBootManagerGetLoadOptions (&LoadOptionCount, LoadOptionTypeDriver); - ProcessLoadOptions (LoadOptions, LoadOptionCount); - EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((LoadOptionCount != 0) && (LoadOptions != NULL)) { + ProcessLoadOptions (LoadOptions, LoadOptionCount); + EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Connect consoles @@ -1014,15 +1019,20 @@ BdsEntry ( mBdsLoadOptionName[LoadOptionType] )); LoadOptions = EfiBootManagerGetLoadOptions (&LoadOptionCount, LoadOptionType); - for (Index = 0; Index < LoadOptionCount; Index++) { - DEBUG (( - DEBUG_INFO, - " %s%04x: %s \t\t 0x%04x\n", - mBdsLoadOptionName[LoadOptionType], - LoadOptions[Index].OptionNumber, - LoadOptions[Index].Description, - LoadOptions[Index].Attributes - )); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((LoadOptionCount != 0) && (LoadOptions != NULL)) { + for (Index = 0; Index < LoadOptionCount; Index++) { + DEBUG (( + DEBUG_INFO, + " %s%04x: %s \t\t 0x%04x\n", + mBdsLoadOptionName[LoadOptionType], + LoadOptions[Index].OptionNumber, + LoadOptions[Index].Description, + LoadOptions[Index].Attributes + )); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); @@ -1078,8 +1088,13 @@ BdsEntry ( // Execute SysPrep#### // LoadOptions = EfiBootManagerGetLoadOptions (&LoadOptionCount, LoadOptionTypeSysPrep); - ProcessLoadOptions (LoadOptions, LoadOptionCount); - EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((LoadOptionCount != 0) && (LoadOptions != NULL)) { + ProcessLoadOptions (LoadOptions, LoadOptionCount); + EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + } + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference // // Execute Key#### @@ -1139,8 +1154,13 @@ BdsEntry ( // Retry to boot if any of the boot succeeds // LoadOptions = EfiBootManagerGetLoadOptions (&LoadOptionCount, LoadOptionTypeBoot); - BootSuccess = BootBootOptions (LoadOptions, LoadOptionCount, (BootManagerMenuStatus != EFI_NOT_FOUND) ? &BootManagerMenu : NULL); - EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((LoadOptionCount != 0) && (LoadOptions != NULL)) { + BootSuccess = BootBootOptions (LoadOptions, LoadOptionCount, (BootManagerMenuStatus != EFI_NOT_FOUND) ? &BootManagerMenu : NULL); + EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } while (BootSuccess || PcdGetBool (PcdSupportInfiniteBootRetries)); // MU_CHANGE add PcdSupportInfiniteBootRetries support } @@ -1151,8 +1171,13 @@ BdsEntry ( if (!BootSuccess) { if (PcdGetBool (PcdPlatformRecoverySupport)) { LoadOptions = EfiBootManagerGetLoadOptions (&LoadOptionCount, LoadOptionTypePlatformRecovery); - ProcessLoadOptions (LoadOptions, LoadOptionCount); - EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((LoadOptionCount != 0) && (LoadOptions != NULL)) { + ProcessLoadOptions (LoadOptions, LoadOptionCount); + EfiBootManagerFreeLoadOptions (LoadOptions, LoadOptionCount); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else if (PlatformDefaultBootOptionValid) { // MU_CHANGE TCBZ2523 - Bds should NEVER boot anything the platform has not specified. // diff --git a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c index 8e26a7d795..506426cd4a 100644 --- a/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c +++ b/MdeModulePkg/Universal/CapsulePei/UefiCapsule.c @@ -1277,7 +1277,7 @@ CreateState ( UINTN Size; EFI_PHYSICAL_ADDRESS NewBuffer; UINTN CapsuleNumber; - UINT32 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type EFI_PHYSICAL_ADDRESS BaseAddress; UINT64 Length; diff --git a/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c b/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c index 8fe946d2fa..fdf80da096 100644 --- a/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c +++ b/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c @@ -1088,10 +1088,10 @@ ConPlatformMatchDevicePaths ( // // If performing Delete operation, the NewDevicePath must not be NULL. // - if (Delete) { - if (NewDevicePath == NULL) { - return EFI_INVALID_PARAMETER; - } + // MU_CHANGE Start - CodeQL Change + if (Delete && (NewDevicePath == NULL)) { + return EFI_INVALID_PARAMETER; + // MU_CHANGE End - CodeQL Change } TempDevicePath1 = NULL; @@ -1170,6 +1170,8 @@ ConPlatformUpdateDeviceVariable ( EFI_DEVICE_PATH_PROTOCOL *VariableDevicePath; EFI_DEVICE_PATH_PROTOCOL *NewVariableDevicePath; + Status = EFI_SUCCESS; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + VariableDevicePath = NULL; NewVariableDevicePath = NULL; @@ -1179,7 +1181,7 @@ ConPlatformUpdateDeviceVariable ( // it is the caller's responsibility to free the memory before return. // VariableDevicePath = ConPlatformGetVariable (VariableName); - + // At this point, VariableDevicePath may be null. This is expected. // MU_CHANGE - CodeQL Change if (Operation != Delete) { // // Match specified DevicePath in Console Variable. diff --git a/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c b/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c index 9457d050d8..b20594d6a3 100644 --- a/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c +++ b/MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsole.c @@ -286,7 +286,13 @@ InitializeGraphicsConsoleTextMode ( // Reserve 2 modes for 80x25, 80x50 of graphics console. // NewModeBuffer = AllocateZeroPool (sizeof (GRAPHICS_CONSOLE_MODE_DATA) * (Count + 2)); - ASSERT (NewModeBuffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewModeBuffer == NULL) { + ASSERT (NewModeBuffer != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Mode 0 and mode 1 is for 80x25, 80x50 according to UEFI spec. @@ -466,7 +472,8 @@ GraphicsConsoleControllerDriverStart ( // MaxMode = Private->GraphicsOutput->Mode->MaxMode; - for (ModeIndex = 0; ModeIndex < MaxMode; ModeIndex++) { + for (ModeIndex = 0; (UINTN)ModeIndex < MaxMode; ModeIndex++) { + // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type Status = Private->GraphicsOutput->QueryMode ( Private->GraphicsOutput, ModeIndex, @@ -2097,7 +2104,13 @@ RegisterFontPackage ( PackageLength = sizeof (EFI_HII_SIMPLE_FONT_PACKAGE_HDR) + mNarrowFontSize + 4; Package = AllocateZeroPool (PackageLength); - ASSERT (Package != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Package == NULL) { + ASSERT (Package != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference WriteUnaligned32 ((UINT32 *)Package, PackageLength); SimplifiedFont = (EFI_HII_SIMPLE_FONT_PACKAGE_HDR *)(Package + 4); diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c index b581f43cb9..076edc7c34 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c @@ -1273,19 +1273,24 @@ TerminalRemoveConsoleDevVariable ( FreePool (OriginalVariable); if (FoundOne) { - VariableSize = GetDevicePathSize (NewVariable); - - Status = gRT->SetVariable ( - VariableName, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - VariableSize, - NewVariable - ); - // - // Shrinking variable with existing variable driver implementation shouldn't fail. - // - ASSERT_EFI_ERROR (Status); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewVariable != NULL) { + VariableSize = GetDevicePathSize (NewVariable); + + Status = gRT->SetVariable ( + VariableName, + &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + VariableSize, + NewVariable + ); + // + // Shrinking variable with existing variable driver implementation shouldn't fail. + // + ASSERT_EFI_ERROR (Status); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } if (NewVariable != NULL) { diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c index 531b3b45ea..d65889123a 100644 --- a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c +++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c @@ -359,7 +359,7 @@ PartitionInstallMbrChildHandles ( if (ExtMbrStartingLba == 0) { break; } - } while (ExtMbrStartingLba < ParentHdDev.PartitionSize); + } while ((UINT64)ExtMbrStartingLba < ParentHdDev.PartitionSize); // MU_CHANGE - CodeQL Change - comparison-with-wider-type } Done: diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.c index 60cf3c8c4a..f459600946 100644 --- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.c +++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.c @@ -473,82 +473,88 @@ UpdateMainForm ( // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StartOpCodeHandle != NULL) { + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + + if (EndOpCodeHandle == NULL) { + // + // Create Hii Extend Label OpCode as the start opcode + // + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = MAIN_LABEL_LIST_START; + + // + // Create Hii Extend Label OpCode as the end opcode + // + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = MAIN_LABEL_LIST_END; + + Index = 0; + BASE_LIST_FOR_EACH (Entry, &RegisteredRamDisks) { + PrivateData = RAM_DISK_PRIVATE_FROM_THIS (Entry); + PrivateData->CheckBoxId = (EFI_QUESTION_ID) + (MAIN_CHECKBOX_QUESTION_ID_START + Index); + // + // CheckBox is unchecked by default. + // + PrivateData->CheckBoxChecked = FALSE; + String = RamDiskStr; + + UnicodeSPrint ( + String, + sizeof (RamDiskStr), + L" RAM Disk %d: [0x%lx, 0x%lx]\n", + Index, + PrivateData->StartingAddr, + PrivateData->StartingAddr + PrivateData->Size - 1 + ); - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); + StringId = HiiSetString (ConfigPrivate->HiiHandle, 0, RamDiskStr, NULL); + ASSERT (StringId != 0); + + HiiCreateCheckBoxOpCode ( + StartOpCodeHandle, + PrivateData->CheckBoxId, + 0, + 0, + StringId, + STRING_TOKEN (STR_RAM_DISK_LIST_HELP), + EFI_IFR_FLAG_CALLBACK, + 0, + NULL + ); - // - // Create Hii Extend Label OpCode as the start opcode - // - StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = MAIN_LABEL_LIST_START; + Index++; + } - // - // Create Hii Extend Label OpCode as the end opcode - // - EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = MAIN_LABEL_LIST_END; - - Index = 0; - BASE_LIST_FOR_EACH (Entry, &RegisteredRamDisks) { - PrivateData = RAM_DISK_PRIVATE_FROM_THIS (Entry); - PrivateData->CheckBoxId = (EFI_QUESTION_ID) - (MAIN_CHECKBOX_QUESTION_ID_START + Index); - // - // CheckBox is unchecked by default. - // - PrivateData->CheckBoxChecked = FALSE; - String = RamDiskStr; - - UnicodeSPrint ( - String, - sizeof (RamDiskStr), - L" RAM Disk %d: [0x%lx, 0x%lx]\n", - Index, - PrivateData->StartingAddr, - PrivateData->StartingAddr + PrivateData->Size - 1 - ); - - StringId = HiiSetString (ConfigPrivate->HiiHandle, 0, RamDiskStr, NULL); - ASSERT (StringId != 0); - - HiiCreateCheckBoxOpCode ( - StartOpCodeHandle, - PrivateData->CheckBoxId, - 0, - 0, - StringId, - STRING_TOKEN (STR_RAM_DISK_LIST_HELP), - EFI_IFR_FLAG_CALLBACK, - 0, - NULL - ); - - Index++; - } + HiiUpdateForm ( + ConfigPrivate->HiiHandle, + &gRamDiskFormSetGuid, + MAIN_FORM_ID, + StartOpCodeHandle, + EndOpCodeHandle + ); + HiiFreeOpCodeHandle (EndOpCodeHandle); + } - HiiUpdateForm ( - ConfigPrivate->HiiHandle, - &gRamDiskFormSetGuid, - MAIN_FORM_ID, - StartOpCodeHandle, - EndOpCodeHandle - ); + HiiFreeOpCodeHandle (StartOpCodeHandle); + } - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } /** diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c index 780cf0a016..5ed358722f 100644 --- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c +++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c @@ -167,7 +167,14 @@ RamDiskPublishNfit ( ASSERT (Status == EFI_BUFFER_TOO_SMALL); do { MemoryMap = (EFI_MEMORY_DESCRIPTOR *)AllocatePool (MemoryMapSize); - ASSERT (MemoryMap != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (MemoryMap == NULL) { + ASSERT (MemoryMap != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + Status = gBS->GetMemoryMap ( &MemoryMapSize, MemoryMap, diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c index 86020de6e0..46fe869c4d 100644 --- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c @@ -1449,6 +1449,8 @@ InternalFindFile ( CHAR16 FoundFileName[UDF_FILENAME_LENGTH]; VOID *CompareFileEntry; + CompareFileEntry = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + // // Check if both Parent->FileIdentifierDesc and Icb are NULL. // diff --git a/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbCmdSymbol.c b/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbCmdSymbol.c index 1b30b917f1..3cb6af8c81 100644 --- a/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbCmdSymbol.c +++ b/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbCmdSymbol.c @@ -568,6 +568,8 @@ DebuggerUnloadSymbol ( UINTN Index; VOID *BufferPtr; + BufferPtr = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + // // Check the argument // @@ -703,6 +705,8 @@ DebuggerLoadCode ( CHAR16 *FileName; CHAR16 *MapFileName; + Buffer = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + // // Check the argument // @@ -800,6 +804,7 @@ DebuggerUnloadCode ( EFI_STATUS Status; VOID *BufferPtr; + BufferPtr = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable // // Check the argument // diff --git a/MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmp.c b/MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmp.c index 62b72378db..1b973ea362 100644 --- a/MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmp.c +++ b/MdeModulePkg/Universal/EsrtFmpDxe/EsrtFmp.c @@ -103,6 +103,12 @@ IsSystemFmp ( Guid = PcdGetPtr (PcdSystemFmpCapsuleImageTypeIdGuid); Count = PcdGetSize (PcdSystemFmpCapsuleImageTypeIdGuid) / sizeof (GUID); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Guid == NULL) { + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference for (Index = 0; Index < Count; Index++, Guid++) { if (CompareGuid (&FmpImageInfo->ImageTypeId, Guid)) { @@ -314,14 +320,14 @@ FmpGetFirmwareImageDescriptor ( ImageInfoSize = 0; Status = Fmp->GetImageInfo ( - Fmp, // FMP Pointer - &ImageInfoSize, // Buffer Size (in this case 0) - NULL, // NULL so we can get size - FmpImageInfoDescriptorVer, // DescriptorVersion - FmpImageInfoCount, // DescriptorCount - DescriptorSize, // DescriptorSize - &PackageVersion, // PackageVersion - &PackageVersionName // PackageVersionName + Fmp, // FMP Pointer + &ImageInfoSize, // Buffer Size (in this case 0) + NULL, // NULL so we can get size + FmpImageInfoDescriptorVer, // DescriptorVersion + FmpImageInfoCount, // DescriptorCount + DescriptorSize, // DescriptorSize + &PackageVersion, // PackageVersion + &PackageVersionName // PackageVersionName ); if (Status != EFI_BUFFER_TOO_SMALL) { DEBUG ((DEBUG_ERROR, "EsrtFmpDxe: Unexpected Failure in GetImageInfo. Status = %r\n", Status)); @@ -336,14 +342,14 @@ FmpGetFirmwareImageDescriptor ( PackageVersionName = NULL; Status = Fmp->GetImageInfo ( - Fmp, // FMP Pointer - &ImageInfoSize, // ImageInfoSize - FmpImageInfoBuf, // ImageInfo - FmpImageInfoDescriptorVer, // DescriptorVersion - FmpImageInfoCount, // DescriptorCount - DescriptorSize, // DescriptorSize - &PackageVersion, // PackageVersion - &PackageVersionName // PackageVersionName + Fmp, // FMP Pointer + &ImageInfoSize, // ImageInfoSize + FmpImageInfoBuf, // ImageInfo + FmpImageInfoDescriptorVer, // DescriptorVersion + FmpImageInfoCount, // DescriptorCount + DescriptorSize, // DescriptorSize + &PackageVersion, // PackageVersion + &PackageVersionName // PackageVersionName ); if (PackageVersionName != NULL) { FreePool (PackageVersionName); @@ -505,7 +511,7 @@ EsrtReadyToBootEventNotify ( EFI_STATUS Status; EFI_SYSTEM_RESOURCE_TABLE *Table; - PERF_CALLBACK_BEGIN (&gEfiEventReadyToBootGuid); // MU_CHANGE + PERF_CALLBACK_BEGIN (&gEfiEventReadyToBootGuid); // MU_CHANGE Table = CreateFmpBasedEsrt (); if (Table != NULL) { @@ -529,7 +535,7 @@ EsrtReadyToBootEventNotify ( // gBS->CloseEvent (Event); - PERF_CALLBACK_END (&gEfiEventReadyToBootGuid); // MU_CHANGE + PERF_CALLBACK_END (&gEfiEventReadyToBootGuid); // MU_CHANGE } /** diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FtwMisc.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FtwMisc.c index d442ccb52f..26c8f18edf 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FtwMisc.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FtwMisc.c @@ -856,7 +856,7 @@ FtwGetLastWriteRecord ( OUT EFI_FAULT_TOLERANT_WRITE_RECORD **FtwWriteRecord ) { - UINTN Index; + UINT64 Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type EFI_FAULT_TOLERANT_WRITE_RECORD *FtwRecord; *FtwWriteRecord = NULL; diff --git a/MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.c b/MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.c index 8c152dcbad..1db4359fad 100644 --- a/MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.c +++ b/MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.c @@ -102,7 +102,8 @@ FtwGetLastWriteRecord ( // // Try to find the last write record "that has not completed" // - for (Index = 0; Index < FtwWriteHeader->NumberOfWrites; Index += 1) { + for (Index = 0; (UINT64)Index < FtwWriteHeader->NumberOfWrites; Index += 1) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if (FtwRecord->DestinationComplete != FTW_VALID_STATE) { // // The last write record is found diff --git a/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystem.c b/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystem.c index 0252db19ad..60483aa20b 100644 --- a/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystem.c +++ b/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystem.c @@ -562,6 +562,13 @@ FvSimpleFileSystemOpen ( // NewFileNameLength = FileNameLength + 1 + 4 = (Number of non-null character) + (file extension) + (a null character) NewFileNameLength = FileNameLength + 1 + 4; FileNameWithExtension = AllocatePool (NewFileNameLength * 2); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FileNameWithExtension == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + StrCpyS (FileNameWithExtension, NewFileNameLength, FileName); StrCatS (FileNameWithExtension, NewFileNameLength, L".EFI"); diff --git a/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystemEntryPoint.c b/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystemEntryPoint.c index 3f96407dc7..9d566a3926 100644 --- a/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystemEntryPoint.c +++ b/MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystemEntryPoint.c @@ -450,7 +450,13 @@ FvSimpleFileSystemDriverStart ( // Create an instance // Instance = AllocateZeroPool (sizeof (FV_FILESYSTEM_INSTANCE)); - ASSERT (Instance != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Instance == NULL) { + ASSERT (Instance != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Instance->Root = NULL; Instance->FvProtocol = FvProtocol; diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index 6e791783a6..2e889bcabb 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -1757,7 +1757,13 @@ ConstructConfigHdr ( if (AsciiName != NULL) { NameSize = AsciiStrSize (AsciiName); Name = AllocateZeroPool (NameSize * sizeof (CHAR16)); - ASSERT (Name != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Name == NULL) { + ASSERT (Name != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference AsciiStrToUnicodeStrS (AsciiName, Name, NameSize); } else { Name = NULL; @@ -1917,7 +1923,13 @@ ConstructRequestElement ( // Allocate buffer for the entire // StringPtr = AllocateZeroPool (Length * sizeof (CHAR16)); - ASSERT (StringPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + ASSERT (StringPtr != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference if (Name != NULL) { // @@ -1975,6 +1987,12 @@ GetNameFromId ( GetEfiGlobalVariable2 (L"PlatformLang", (VOID **)&PlatformLanguage, NULL); SupportedLanguages = GetSupportedLanguages (DatabaseRecord->Handle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (SupportedLanguages == NULL) { + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Get the best matching language from SupportedLanguages @@ -2106,36 +2124,62 @@ ExtractConfigRequest ( Storage = FindStorageFromVarId (FormPackage, Header->VarStoreId); ASSERT (Storage != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage != NULL) { + if (((EFI_IFR_OP_HEADER *)Storage)->OpCode == EFI_IFR_VARSTORE_NAME_VALUE_OP) { + Name = GetNameFromId (DatabaseRecord, Header->VarStoreInfo.VarName); + } else { + Offset = Header->VarStoreInfo.VarOffset; + Width = GetWidth (OpCode); + } - if (((EFI_IFR_OP_HEADER *)Storage)->OpCode == EFI_IFR_VARSTORE_NAME_VALUE_OP) { - Name = GetNameFromId (DatabaseRecord, Header->VarStoreInfo.VarName); - } else { - Offset = Header->VarStoreInfo.VarOffset; - Width = GetWidth (OpCode); - } + RequestElement = ConstructRequestElement (Name, Offset, Width); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (RequestElement == NULL) { + return EFI_OUT_OF_RESOURCES; + } - RequestElement = ConstructRequestElement (Name, Offset, Width); - ConfigHdr = ConstructConfigHdr (Storage, DatabaseRecord->DriverHandle); - ASSERT (ConfigHdr != NULL); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - MaxLen = StrLen (ConfigHdr) + 1 + StrLen (RequestElement) + 1; - *ConfigRequest = AllocatePool (MaxLen * sizeof (CHAR16)); - if (*ConfigRequest == NULL) { - FreePool (ConfigHdr); - FreePool (RequestElement); - return EFI_OUT_OF_RESOURCES; - } + ConfigHdr = ConstructConfigHdr (Storage, DatabaseRecord->DriverHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigHdr == NULL) { + ASSERT (ConfigHdr != NULL); + FreePool (RequestElement); + return EFI_OUT_OF_RESOURCES; + } - StringPtr = *ConfigRequest; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - StrCpyS (StringPtr, MaxLen, ConfigHdr); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigHdr != NULL) { + MaxLen = StrLen (ConfigHdr) + 1 + StrLen (RequestElement) + 1; + *ConfigRequest = AllocatePool (MaxLen * sizeof (CHAR16)); + if (*ConfigRequest == NULL) { + FreePool (ConfigHdr); + FreePool (RequestElement); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + StringPtr = *ConfigRequest; - StrCatS (StringPtr, MaxLen, L"&"); + StrCpyS (StringPtr, MaxLen, ConfigHdr); - StrCatS (StringPtr, MaxLen, RequestElement); + StrCatS (StringPtr, MaxLen, L"&"); + + StrCatS (StringPtr, MaxLen, RequestElement); + + FreePool (ConfigHdr); + } - FreePool (ConfigHdr); - FreePool (RequestElement); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + FreePool (RequestElement); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return EFI_SUCCESS; } @@ -2211,45 +2255,60 @@ ExtractConfigResp ( Storage = FindStorageFromVarId (FormPackage, Header->VarStoreId); ASSERT (Storage != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage != NULL) { + if (((EFI_IFR_OP_HEADER *)Storage)->OpCode == EFI_IFR_VARSTORE_NAME_VALUE_OP) { + Name = GetNameFromId (DatabaseRecord, Header->VarStoreInfo.VarName); + } else { + Offset = Header->VarStoreInfo.VarOffset; + Width = GetWidth (OpCode); + } - if (((EFI_IFR_OP_HEADER *)Storage)->OpCode == EFI_IFR_VARSTORE_NAME_VALUE_OP) { - Name = GetNameFromId (DatabaseRecord, Header->VarStoreInfo.VarName); - } else { - Offset = Header->VarStoreInfo.VarOffset; - Width = GetWidth (OpCode); - } + RequestElement = ConstructRequestElement (Name, Offset, Width); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (RequestElement == NULL) { + return EFI_OUT_OF_RESOURCES; + } - RequestElement = ConstructRequestElement (Name, Offset, Width); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + ConfigHdr = ConstructConfigHdr (Storage, DatabaseRecord->DriverHandle); + ASSERT (ConfigHdr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigHdr != NULL) { + MaxLen = StrLen (ConfigHdr) + 1 + StrLen (RequestElement) + 1 + StrLen (L"VALUE=") + StrLen (ValueElement) + 1; + *ConfigResp = AllocatePool (MaxLen * sizeof (CHAR16)); + if (*ConfigResp == NULL) { + FreePool (ConfigHdr); + FreePool (RequestElement); + return EFI_OUT_OF_RESOURCES; + } - ConfigHdr = ConstructConfigHdr (Storage, DatabaseRecord->DriverHandle); - ASSERT (ConfigHdr != NULL); + StringPtr = *ConfigResp; - MaxLen = StrLen (ConfigHdr) + 1 + StrLen (RequestElement) + 1 + StrLen (L"VALUE=") + StrLen (ValueElement) + 1; - *ConfigResp = AllocatePool (MaxLen * sizeof (CHAR16)); - if (*ConfigResp == NULL) { - FreePool (ConfigHdr); - FreePool (RequestElement); - return EFI_OUT_OF_RESOURCES; - } + StrCpyS (StringPtr, MaxLen, ConfigHdr); - StringPtr = *ConfigResp; + StrCatS (StringPtr, MaxLen, L"&"); - StrCpyS (StringPtr, MaxLen, ConfigHdr); + StrCatS (StringPtr, MaxLen, RequestElement); - StrCatS (StringPtr, MaxLen, L"&"); + StrCatS (StringPtr, MaxLen, L"&"); - StrCatS (StringPtr, MaxLen, RequestElement); + StrCatS (StringPtr, MaxLen, L"VALUE="); - StrCatS (StringPtr, MaxLen, L"&"); + StrCatS (StringPtr, MaxLen, ValueElement); - StrCatS (StringPtr, MaxLen, L"VALUE="); + FreePool (ConfigHdr); + } - StrCatS (StringPtr, MaxLen, ValueElement); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - FreePool (ConfigHdr); - FreePool (RequestElement); + FreePool (RequestElement); - return EFI_SUCCESS; + return EFI_SUCCESS; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } } @@ -2298,21 +2357,26 @@ ExtractValueFromDriver ( // StringPtr = StrStr (Result, L"&VALUE="); ASSERT (StringPtr != NULL); - StringEnd = StrStr (StringPtr + 1, L"&"); - if (StringEnd != NULL) { - *StringEnd = L'\0'; - } + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr != NULL) { + StringEnd = StrStr (StringPtr + 1, L"&"); + if (StringEnd != NULL) { + *StringEnd = L'\0'; + } - *ValueElement = AllocateCopyPool (StrSize (StringPtr), StringPtr); - if (*ValueElement == NULL) { - return EFI_OUT_OF_RESOURCES; - } + *ValueElement = AllocateCopyPool (StrSize (StringPtr), StringPtr); + if (*ValueElement == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + if (StringEnd != NULL) { + *StringEnd = L'&'; + } - if (StringEnd != NULL) { - *StringEnd = L'&'; + FreePool (Result); } - FreePool (Result); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c index 5ae6189a28..ebb93487f2 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "HiiDatabase.h" +#include // MU_CHANGE - CodeQL Change extern HII_DATABASE_PRIVATE_DATA mPrivate; /** @@ -248,8 +249,13 @@ GenerateSubStr ( // Length = StrLen (String) + BufferLen * 2 + 1 + 1; Str = AllocateZeroPool (Length * sizeof (CHAR16)); - ASSERT (Str != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Str == NULL) { + ASSERT (Str != NULL); + return; + } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrCpyS (Str, Length, String); StringHeader = Str + StrLen (String); @@ -625,6 +631,7 @@ CompareBlockElementDefault ( UINTN TotalSize; BOOLEAN FoundOffset; + Status = EFI_SUCCESS; // MU_CHANGE - CodeQL Change AppendString = NULL; TempBuffer = NULL; // @@ -632,12 +639,25 @@ CompareBlockElementDefault ( // AltConfigHdrPtr = StrStr (DefaultAltCfgResp, AltConfigHdr); ASSERT (AltConfigHdrPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AltConfigHdrPtr == NULL) { + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + BlockPtr = StrStr (AltConfigHdrPtr, L"&OFFSET="); // // Make StringPtr point to the AltConfigHdr in ConfigAltResp. // StringPtr = StrStr (*ConfigAltResp, AltConfigHdr); - ASSERT (StringPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + ASSERT (StringPtr != NULL); + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference while (BlockPtr != NULL) { // @@ -683,6 +703,13 @@ CompareBlockElementDefault ( // if (AppendString == NULL) { AppendString = (EFI_STRING)AllocateZeroPool (AppendSize + sizeof (CHAR16)); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AppendString == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrnCatS (AppendString, AppendSize / sizeof (CHAR16) + 1, BlockPtrStart, AppendSize / sizeof (CHAR16)); } else { TotalSize = StrSize (AppendString) + AppendSize + sizeof (CHAR16); @@ -771,6 +798,7 @@ CompareNameElementDefault ( UINTN AppendSize; UINTN TotalSize; + Status = EFI_SUCCESS; // MU_CHANGE - CodeQL Change AppendString = NULL; NvConfigExist = NULL; // @@ -778,14 +806,37 @@ CompareNameElementDefault ( // NvConfigPtr = StrStr (DefaultAltCfgResp, AltConfigHdr); ASSERT (NvConfigPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NvConfigPtr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + NvConfigPtr = StrStr (NvConfigPtr + StrLen (AltConfigHdr), L"&"); // // Make StringPtr point to the first with AltConfigHdr in ConfigAltResp. // StringPtr = StrStr (*ConfigAltResp, AltConfigHdr); ASSERT (StringPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + StringPtr = StrStr (StringPtr + StrLen (AltConfigHdr), L"&"); ASSERT (StringPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference while (NvConfigPtr != NULL) { // @@ -794,7 +845,14 @@ CompareNameElementDefault ( // NvConfigStart = NvConfigPtr; NvConfigValuePtr = StrStr (NvConfigPtr + 1, L"="); - ASSERT (NvConfigValuePtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NvConfigValuePtr == NULL) { + ASSERT (NvConfigValuePtr != NULL); + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + TempChar = *NvConfigValuePtr; *NvConfigValuePtr = L'\0'; // @@ -819,6 +877,13 @@ CompareNameElementDefault ( // if (AppendString == NULL) { AppendString = (EFI_STRING)AllocateZeroPool (AppendSize + sizeof (CHAR16)); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AppendString == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrnCatS (AppendString, AppendSize / sizeof (CHAR16) + 1, NvConfigStart, AppendSize / sizeof (CHAR16)); } else { TotalSize = StrSize (AppendString) + AppendSize + sizeof (CHAR16); @@ -924,6 +989,14 @@ CompareAndMergeDefaultString ( // AltConfigHdrPtr = StrStr (DefaultAltCfgResp, AltConfigHdr); ASSERT (AltConfigHdrPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (AltConfigHdrPtr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + AltConfigHdrPtrNext = StrStr (AltConfigHdrPtr + 1, L"&GUID"); if (AltConfigHdrPtrNext != NULL) { TempChar = *AltConfigHdrPtrNext; @@ -935,6 +1008,14 @@ CompareAndMergeDefaultString ( // StringPtr = StrStr (*AltCfgResp, AltConfigHdr); ASSERT (StringPtr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Exit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + StringPtrNext = StrStr (StringPtr + 1, L"&GUID"); if (StringPtrNext != NULL) { TempCharA = *StringPtrNext; @@ -1224,7 +1305,13 @@ InsertDefaultValue ( // Insert new default value data in tail. // DefaultValueArray = AllocateZeroPool (sizeof (IFR_DEFAULT_DATA)); - ASSERT (DefaultValueArray != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DefaultValueArray == NULL) { + ASSERT (DefaultValueArray != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (DefaultValueArray, DefaultValueData, sizeof (IFR_DEFAULT_DATA)); InsertTailList (Link, &DefaultValueArray->Entry); } @@ -1802,11 +1889,15 @@ GetElementsFromRequest ( TmpRequest = StrStr (ConfigRequest, L"PATH="); ASSERT (TmpRequest != NULL); - - if ((StrStr (TmpRequest, L"&OFFSET=") != NULL) || (StrStr (TmpRequest, L"&") != NULL)) { - return TRUE; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (TmpRequest != NULL) { + if ((StrStr (TmpRequest, L"&OFFSET=") != NULL) || (StrStr (TmpRequest, L"&") != NULL)) { + return TRUE; + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + return FALSE; } @@ -3244,6 +3335,8 @@ GetBlockElement ( IFR_BLOCK_DATA *NextBlockData; UINTN Length; + UINT16 Sum1, Sum2; // MU_CHANGE Start - CodeQL Change + TmpBuffer = NULL; // @@ -3365,14 +3458,23 @@ GetBlockElement ( while ((Link != &RequestBlockArray->Entry) && (Link->ForwardLink != &RequestBlockArray->Entry)) { BlockData = BASE_CR (Link, IFR_BLOCK_DATA, Entry); NextBlockData = BASE_CR (Link->ForwardLink, IFR_BLOCK_DATA, Entry); - if ((NextBlockData->Offset >= BlockData->Offset) && (NextBlockData->Offset <= (BlockData->Offset + BlockData->Width))) { - if ((NextBlockData->Offset + NextBlockData->Width) > (BlockData->Offset + BlockData->Width)) { - BlockData->Width = (UINT16)(NextBlockData->Offset + NextBlockData->Width - BlockData->Offset); + // MU_CHANGE Start - CodeQL Change + if ((!EFI_ERROR (SafeUint16Add (BlockData->Offset, BlockData->Width, &Sum1))) && + (!EFI_ERROR (SafeUint16Add (NextBlockData->Offset, NextBlockData->Width, &Sum2))) && + (NextBlockData->Offset >= BlockData->Offset) && + (NextBlockData->Offset <= Sum1) && + (Sum2 > Sum1)) + { + Sum1 = BlockData->Width; + if (!EFI_ERROR (SafeUint16Sub (Sum2, BlockData->Offset, &BlockData->Width))) { + RemoveEntryList (Link->ForwardLink); + FreePool (NextBlockData); + continue; + } else { + BlockData->Width = Sum1; } - RemoveEntryList (Link->ForwardLink); - FreePool (NextBlockData); - continue; + // MU_CHANGE End - CodeQL Change } Link = Link->ForwardLink; @@ -3903,6 +4005,8 @@ UpdateBlockDataArray ( IFR_BLOCK_DATA *BlockData; IFR_BLOCK_DATA *NextBlockData; + UINT16 Sum1, Sum2; // MU_CHANGE - CodeQL Change + // // 1. Update default value in BitVar block data. // Sine some block datas are used as BitVarStore, then the default value recored in the block @@ -3924,10 +4028,19 @@ UpdateBlockDataArray ( for (TempLink = Link->ForwardLink; TempLink != BlockLink; TempLink = TempLink->ForwardLink) { NextBlockData = BASE_CR (TempLink, IFR_BLOCK_DATA, Entry); - if (!NextBlockData->IsBitVar || (NextBlockData->Offset >= BlockData->Offset + BlockData->Width) || (BlockData->Offset >= NextBlockData->Offset + NextBlockData->Width)) { + // MU_CHANGE Start - CodeQL Change + if (EFI_ERROR (SafeUint16Add (BlockData->Offset, BlockData->Width, &Sum1)) || + EFI_ERROR (SafeUint16Add (NextBlockData->Offset, NextBlockData->Width, &Sum2))) + { + continue; + } + + if (!NextBlockData->IsBitVar || (NextBlockData->Offset >= Sum1) || (BlockData->Offset >= Sum2)) { continue; } + // MU_CHANGE End - CodeQL Change + // // Find two blocks are used as bit VarStore and have overlap region, so need to merge default value of these two blocks. // @@ -4525,7 +4638,14 @@ GetConfigRespFromEfiVarStore ( } VarStore = AllocateZeroPool (BufferSize); - ASSERT (VarStore != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (VarStore == NULL) { + ASSERT (VarStore != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Status = gRT->GetVariable (VarStoreName, &EfiVarStoreInfo->Guid, NULL, &BufferSize, VarStore); if (EFI_ERROR (Status)) { goto Done; @@ -4604,7 +4724,14 @@ RouteConfigRespForEfiVarStore ( BlockSize = BufferSize; VarStore = AllocateZeroPool (BufferSize); - ASSERT (VarStore != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (VarStore == NULL) { + ASSERT (VarStore != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Status = gRT->GetVariable (VarStoreName, &EfiVarStoreInfo->Guid, NULL, &BufferSize, VarStore); if (EFI_ERROR (Status)) { goto Done; @@ -5069,8 +5196,16 @@ HiiConfigRoutingExtractConfig ( // Merge the AltCfgResp in AccessResultsBackup to AccessResults // if ((AccessResultsBackup != NULL) && (StrStr (AccessResultsBackup, L"&ALTCFG=") != NULL)) { - ConigStringSize = StrSize (AccessResults); - ConfigStringPtr = StrStr (AccessResultsBackup, L"&GUID="); + ConigStringSize = StrSize (AccessResults); + ConfigStringPtr = StrStr (AccessResultsBackup, L"&GUID="); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigStringPtr == NULL) { + Status = EFI_NOT_FOUND; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + ConigStringSizeNewsize = StrSize (ConfigStringPtr) + ConigStringSize + sizeof (CHAR16); AccessResults = (EFI_STRING)ReallocatePool ( ConigStringSize, @@ -5469,6 +5604,7 @@ HiiConfigRoutingRouteConfig ( Database = NULL; AccessProgress = NULL; EfiVarStoreInfo = NULL; + DevicePath = NULL; /// MU_CHANGE - CodeQL Change IsEfiVarstore = FALSE; // diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c index 0b09c24d52..68bd2825e7 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c @@ -666,7 +666,15 @@ FindQuestionDefaultSetting ( } if (Link == &gVarStorageList) { - DataBuffer = (UINT8 *)PcdGetPtr (PcdNvStoreDefaultValueBuffer); + DataBuffer = (UINT8 *)PcdGetPtr (PcdNvStoreDefaultValueBuffer); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DataBuffer == NULL) { + ASSERT (DataBuffer != NULL); + return EFI_NOT_FOUND; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + gNvDefaultStoreSize = ((PCD_NV_STORE_DEFAULT_BUFFER_HEADER *)DataBuffer)->Length; // // The first section data includes NV storage default setting. @@ -675,29 +683,14 @@ FindQuestionDefaultSetting ( NvStoreBuffer = (VARIABLE_STORE_HEADER *)((UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize); VariableStorage = AllocatePool (NvStoreBuffer->Size); ASSERT (VariableStorage != NULL); - CopyMem (VariableStorage, NvStoreBuffer, NvStoreBuffer->Size); - - // - // Find the matched SkuId and DefaultId in the first section - // - IsFound = FALSE; - DefaultInfo = &(DataHeader->DefaultInfo[0]); - BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; - while ((UINT8 *)DefaultInfo < BufferEnd) { - if ((DefaultInfo->DefaultId == DefaultId) && (DefaultInfo->SkuId == gSkuId)) { - IsFound = TRUE; - break; - } + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (VariableStorage != NULL) { + CopyMem (VariableStorage, NvStoreBuffer, NvStoreBuffer->Size); - DefaultInfo++; - } - - // - // Find the matched SkuId and DefaultId in the remaining section - // - Index = sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER) + ((DataHeader->DataSize + 7) & (~7)); - DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); - while (!IsFound && Index < gNvDefaultStoreSize && DataHeader->DataSize != 0xFFFF) { + // + // Find the matched SkuId and DefaultId in the first section + // + IsFound = FALSE; DefaultInfo = &(DataHeader->DefaultInfo[0]); BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; while ((UINT8 *)DefaultInfo < BufferEnd) { @@ -709,37 +702,57 @@ FindQuestionDefaultSetting ( DefaultInfo++; } - if (IsFound) { - DeltaData = (PCD_DATA_DELTA *)BufferEnd; - BufferEnd = (UINT8 *)DataHeader + DataHeader->DataSize; - while ((UINT8 *)DeltaData < BufferEnd) { - *((UINT8 *)VariableStorage + DeltaData->Offset) = (UINT8)DeltaData->Value; - DeltaData++; + // + // Find the matched SkuId and DefaultId in the remaining section + // + Index = sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER) + ((DataHeader->DataSize + 7) & (~7)); + DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); + while (!IsFound && Index < gNvDefaultStoreSize && DataHeader->DataSize != 0xFFFF) { + DefaultInfo = &(DataHeader->DefaultInfo[0]); + BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; + while ((UINT8 *)DefaultInfo < BufferEnd) { + if ((DefaultInfo->DefaultId == DefaultId) && (DefaultInfo->SkuId == gSkuId)) { + IsFound = TRUE; + break; + } + + DefaultInfo++; } - break; + if (IsFound) { + DeltaData = (PCD_DATA_DELTA *)BufferEnd; + BufferEnd = (UINT8 *)DataHeader + DataHeader->DataSize; + while ((UINT8 *)DeltaData < BufferEnd) { + *((UINT8 *)VariableStorage + DeltaData->Offset) = (UINT8)DeltaData->Value; + DeltaData++; + } + + break; + } + + Index = (Index + DataHeader->DataSize + 7) & (~7); + DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); } - Index = (Index + DataHeader->DataSize + 7) & (~7); - DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); - } + // + // Cache the found result in VarStorageList + // + if (!IsFound) { + FreePool (VariableStorage); + VariableStorage = NULL; + } - // - // Cache the found result in VarStorageList - // - if (!IsFound) { - FreePool (VariableStorage); - VariableStorage = NULL; - } + Entry = AllocatePool (sizeof (VARSTORAGE_DEFAULT_DATA)); + if (Entry != NULL) { + Entry->DefaultId = DefaultId; + Entry->VariableStorage = VariableStorage; + InsertTailList (&gVarStorageList, &Entry->Entry); + } else if (VariableStorage != NULL) { + FreePool (VariableStorage); + VariableStorage = NULL; + } - Entry = AllocatePool (sizeof (VARSTORAGE_DEFAULT_DATA)); - if (Entry != NULL) { - Entry->DefaultId = DefaultId; - Entry->VariableStorage = VariableStorage; - InsertTailList (&gVarStorageList, &Entry->Entry); - } else if (VariableStorage != NULL) { - FreePool (VariableStorage); - VariableStorage = NULL; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } } diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c index a2ae907a59..d6a882302e 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c @@ -412,7 +412,8 @@ GlyphToBlt ( // The glyph's upper left hand corner pixel is the most significant bit of the // first bitmap byte. // - for (Ypos = 0; Ypos < Cell->Height && (((UINT32)Ypos + YposOffset) < RowHeight); Ypos++) { + for (Ypos = 0; Ypos < Cell->Height && ((UINTN)((UINT32)Ypos + YposOffset) < RowHeight); Ypos++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type OffsetY = BITMAP_LEN_1_BIT (Cell->Width, Ypos); // @@ -420,7 +421,8 @@ GlyphToBlt ( // for (Xpos = 0; Xpos < Cell->Width / 8; Xpos++) { Data = *(GlyphBuffer + OffsetY + Xpos); - for (Index = 0; Index < 8 && (((UINT32)Xpos * 8 + Index + Cell->OffsetX) < RowWidth); Index++) { + for (Index = 0; Index < 8 && ((UINTN)((UINT32)Xpos * 8 + Index + Cell->OffsetX) < RowWidth); Index++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if ((Data & (1 << (8 - Index - 1))) != 0) { BltBuffer[Ypos * ImageWidth + Xpos * 8 + Index] = Foreground; } else { @@ -436,7 +438,8 @@ GlyphToBlt ( // There are some padding bits in this byte. Ignore them. // Data = *(GlyphBuffer + OffsetY + Xpos); - for (Index = 0; Index < Cell->Width % 8 && (((UINT32)Xpos * 8 + Index + Cell->OffsetX) < RowWidth); Index++) { + for (Index = 0; Index < (UINT16)(Cell->Width % 8) && ((UINTN)((UINT32)Xpos * 8 + Index + Cell->OffsetX) < RowWidth); Index++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if ((Data & (1 << (8 - Index - 1))) != 0) { BltBuffer[Ypos * ImageWidth + Xpos * 8 + Index] = Foreground; } else { @@ -1739,11 +1742,34 @@ HiiStringToImage ( StrLength = StrLen (String); GlyphBuf = (UINT8 **)AllocateZeroPool (StrLength * sizeof (UINT8 *)); - ASSERT (GlyphBuf != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (GlyphBuf == NULL) { + ASSERT (GlyphBuf != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + Cell = (EFI_HII_GLYPH_INFO *)AllocateZeroPool (StrLength * sizeof (EFI_HII_GLYPH_INFO)); - ASSERT (Cell != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Cell == NULL) { + ASSERT (Cell != NULL); + FreePool (GlyphBuf); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + Attributes = (UINT8 *)AllocateZeroPool (StrLength * sizeof (UINT8)); - ASSERT (Attributes != NULL); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + if (Attributes == NULL) { + ASSERT (Attributes != NULL); + FreePool (GlyphBuf); + FreePool (Cell); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference FontInfo = NULL; RowInfo = NULL; @@ -2138,6 +2164,11 @@ HiiStringToImage ( goto Exit; } + // Fill in the current background + // MS_CHANGE_185410 + SetMem32 (BltBuffer, RowInfo[RowIndex].LineWidth * RowInfo[RowIndex].LineHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), Bkgnd); + // END + // // Initialize the background color. // diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf index 2f9c45c5a8..4f6ae013d1 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf @@ -55,6 +55,7 @@ UefiRuntimeServicesTableLib PrintLib PerformanceLib # MU_CHANGE + SafeIntLib # MU_CHANGE - CodeQL Change [Protocols] gEfiDevicePathProtocolGuid ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c index 3b6f76aed9..569a36538f 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c @@ -300,7 +300,8 @@ Output1bitPixel ( // Padding bits in this byte should be ignored. // Byte = *(Data + OffsetY + Xpos); - for (Index = 0; Index < Image->Width % 8; Index++) { + for (Index = 0; (UINT16)Index < (UINT16)(Image->Width % 8); Index++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if ((Byte & (1 << (8 - Index - 1))) != 0) { CopyMem (&BitMapPtr[Ypos * Image->Width + Xpos * 8 + Index], &PaletteValue[1], sizeof (*BitMapPtr)); } else { diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/String.c b/MdeModulePkg/Universal/HiiDatabaseDxe/String.c index e3fceed7c4..49276a2acd 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/String.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/String.c @@ -77,7 +77,13 @@ ReferFontInfoLocally ( // EFI_FONT_INFO uniquely in whole hii database. // LocalFont = (HII_FONT_INFO *)AllocateZeroPool (sizeof (HII_FONT_INFO)); - ASSERT (LocalFont != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (LocalFont == NULL) { + ASSERT (LocalFont != NULL); + return TRUE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference LocalFont->Signature = HII_FONT_INFO_SIGNATURE; LocalFont->FontId = FontId; @@ -2083,13 +2089,27 @@ HiiCompareLanguage ( // StrLen = AsciiStrSize (Language1); Lan1 = AllocateZeroPool (StrLen); - ASSERT (Lan1 != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Lan1 == NULL) { + ASSERT (Lan1 != NULL); + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + AsciiStrCpyS (Lan1, StrLen / sizeof (CHAR8), Language1); AsciiHiiToLower (Lan1); StrLen = AsciiStrSize (Language2); Lan2 = AllocateZeroPool (StrLen); - ASSERT (Lan2 != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Lan2 == NULL) { + ASSERT (Lan2 != NULL); + FreePool (Lan1); + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference AsciiStrCpyS (Lan2, StrLen / sizeof (CHAR8), Language2); AsciiHiiToLower (Lan2); diff --git a/MdeModulePkg/Universal/PCD/Dxe/Pcd.c b/MdeModulePkg/Universal/PCD/Dxe/Pcd.c index 855ba3cceb..7d29f1061d 100644 --- a/MdeModulePkg/Universal/PCD/Dxe/Pcd.c +++ b/MdeModulePkg/Universal/PCD/Dxe/Pcd.c @@ -284,7 +284,7 @@ DxePcdSetSku ( ) { SKU_ID *SkuIdTable; - UINTN Index; + UINT64 Index; // MU_CHANGE Start - CodeQL Change - comparison-with-wider-type EFI_STATUS Status; DEBUG ((DEBUG_INFO, "PcdDxe - SkuId 0x%lx is to be set.\n", (SKU_ID)SkuId)); @@ -1245,7 +1245,13 @@ GetDistinctTokenSpace ( BOOLEAN Match; DistinctTokenSpace = AllocateZeroPool (*ExMapTableSize * sizeof (EFI_GUID *)); - ASSERT (DistinctTokenSpace != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DistinctTokenSpace == NULL) { + ASSERT (DistinctTokenSpace != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference TsIdx = 0; OldGuidIndex = ExMapTable[0].ExGuidIndex; @@ -1329,6 +1335,14 @@ DxePcdGetNextTokenSpace ( (DYNAMICEX_MAPPING *)((UINT8 *)mPcdDatabase.PeiDb + mPcdDatabase.PeiDb->ExMapTableOffset), (EFI_GUID *)((UINT8 *)mPcdDatabase.PeiDb + mPcdDatabase.PeiDb->GuidTableOffset) ); + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PeiTokenSpaceTable == NULL) { + return EFI_NOT_FOUND; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + CopyMem (TmpTokenSpaceBuffer, PeiTokenSpaceTable, sizeof (EFI_GUID *) * PeiTokenSpaceTableSize); TmpTokenSpaceBufferCount = PeiTokenSpaceTableSize; FreePool (PeiTokenSpaceTable); @@ -1341,6 +1355,12 @@ DxePcdGetNextTokenSpace ( (DYNAMICEX_MAPPING *)((UINT8 *)mPcdDatabase.DxeDb + mPcdDatabase.DxeDb->ExMapTableOffset), (EFI_GUID *)((UINT8 *)mPcdDatabase.DxeDb + mPcdDatabase.DxeDb->GuidTableOffset) ); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DxeTokenSpaceTable == NULL) { + return EFI_NOT_FOUND; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Make sure EFI_GUID in DxeTokenSpaceTable does not exist in PeiTokenSpaceTable diff --git a/MdeModulePkg/Universal/PCD/Dxe/Service.c b/MdeModulePkg/Universal/PCD/Dxe/Service.c index cff5668230..c71598e2d8 100644 --- a/MdeModulePkg/Universal/PCD/Dxe/Service.c +++ b/MdeModulePkg/Universal/PCD/Dxe/Service.c @@ -170,7 +170,13 @@ GetPcdName ( // NameSize = AsciiStrSize (TokenSpaceName) + AsciiStrSize (PcdName); Name = AllocateZeroPool (NameSize); - ASSERT (Name != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Name == NULL) { + ASSERT (Name != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Catenate TokenSpaceCName and PcdCName with a '.' to form the full PCD name. // @@ -563,9 +569,13 @@ DxeRegisterCallBackWorker ( FnTableEntry = AllocatePool (sizeof (CALLBACK_FN_ENTRY)); ASSERT (FnTableEntry != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FnTableEntry != NULL) { + FnTableEntry->CallbackFn = CallBackFunction; + InsertTailList (ListHead, &FnTableEntry->Node); + } - FnTableEntry->CallbackFn = CallBackFunction; - InsertTailList (ListHead, &FnTableEntry->Node); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return EFI_SUCCESS; } @@ -999,20 +1009,23 @@ GetHiiVariable ( // if (Status == EFI_BUFFER_TOO_SMALL) { Buffer = (UINT8 *)AllocatePool (Size); - ASSERT (Buffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Buffer != NULL) { + Status = gRT->GetVariable ( + VariableName, + VariableGuid, + NULL, + &Size, + Buffer + ); + + ASSERT (Status == EFI_SUCCESS); + *VariableData = Buffer; + *VariableSize = Size; + } - Status = gRT->GetVariable ( - VariableName, - VariableGuid, - NULL, - &Size, - Buffer - ); - - ASSERT (Status == EFI_SUCCESS); - *VariableData = Buffer; - *VariableSize = Size; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { // // Use Default Data only when variable is not found. @@ -1507,32 +1520,37 @@ SetHiiVariable ( Buffer = AllocatePool (SetSize); ASSERT (Buffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Buffer != NULL) { + Status = gRT->GetVariable ( + VariableName, + VariableGuid, + &Attribute, + &Size, + Buffer + ); - Status = gRT->GetVariable ( - VariableName, - VariableGuid, - &Attribute, - &Size, - Buffer - ); + ASSERT_EFI_ERROR (Status); - ASSERT_EFI_ERROR (Status); + CopyMem ((UINT8 *)Buffer + Offset, Data, DataSize); - CopyMem ((UINT8 *)Buffer + Offset, Data, DataSize); + if (SetAttributes == 0) { + SetAttributes = Attribute; + } - if (SetAttributes == 0) { - SetAttributes = Attribute; + Status = gRT->SetVariable ( + VariableName, + VariableGuid, + SetAttributes, + SetSize, + Buffer + ); + + FreePool (Buffer); } - Status = gRT->SetVariable ( - VariableName, - VariableGuid, - SetAttributes, - SetSize, - Buffer - ); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - FreePool (Buffer); return Status; } else if (Status == EFI_NOT_FOUND) { // @@ -1544,7 +1562,13 @@ SetHiiVariable ( // GetVariableSizeAndDataFromHiiPcd (VariableGuid, VariableName, &Size, NULL); Buffer = AllocateZeroPool (Size); - ASSERT (Buffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Buffer == NULL) { + ASSERT (Buffer != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference GetVariableSizeAndDataFromHiiPcd (VariableGuid, VariableName, &Size, Buffer); // diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.c b/MdeModulePkg/Universal/PCD/Pei/Pcd.c index 25640f558d..6b71bffc2b 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Pcd.c +++ b/MdeModulePkg/Universal/PCD/Pei/Pcd.c @@ -164,35 +164,28 @@ PcdSetNvStoreDefaultIdCallBack ( if (PeiPcdGetSizeEx (&gEfiMdeModulePkgTokenSpaceGuid, PcdToken (PcdNvStoreDefaultValueBuffer)) > sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER)) { DataBuffer = (UINT8 *)PeiPcdGetPtrEx (&gEfiMdeModulePkgTokenSpaceGuid, PcdToken (PcdNvStoreDefaultValueBuffer)); - FullSize = ((PCD_NV_STORE_DEFAULT_BUFFER_HEADER *)DataBuffer)->Length; - DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER)); - // - // The first section data includes NV storage default setting. - // - NvStoreBuffer = (VARIABLE_STORE_HEADER *)((UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize); - VarStoreHobData = (UINT8 *)BuildGuidHob (&NvStoreBuffer->Signature, NvStoreBuffer->Size); - ASSERT (VarStoreHobData != NULL); - CopyMem (VarStoreHobData, NvStoreBuffer, NvStoreBuffer->Size); - // - // Find the matched SkuId and DefaultId in the first section - // - DefaultInfo = &(DataHeader->DefaultInfo[0]); - BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; - while ((UINT8 *)DefaultInfo < BufferEnd) { - if ((DefaultInfo->DefaultId == DefaultId) && (DefaultInfo->SkuId == SkuId)) { - IsFound = TRUE; - break; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DataBuffer != NULL) { + FullSize = ((PCD_NV_STORE_DEFAULT_BUFFER_HEADER *)DataBuffer)->Length; + DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER)); + // + // The first section data includes NV storage default setting. + // + NvStoreBuffer = (VARIABLE_STORE_HEADER *)((UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize); + VarStoreHobData = (UINT8 *)BuildGuidHob (&NvStoreBuffer->Signature, NvStoreBuffer->Size); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (VarStoreHobData == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed build NV Store guid hob.\n", __func__)); + ASSERT (VarStoreHobData != NULL); + return; } - DefaultInfo++; - } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - // - // Find the matched SkuId and DefaultId in the remaining section - // - Index = sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER) + ((DataHeader->DataSize + 7) & (~7)); - DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); - while (!IsFound && Index < FullSize && DataHeader->DataSize != 0xFFFFFFFF) { + CopyMem (VarStoreHobData, NvStoreBuffer, NvStoreBuffer->Size); + // + // Find the matched SkuId and DefaultId in the first section + // DefaultInfo = &(DataHeader->DefaultInfo[0]); BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; while ((UINT8 *)DefaultInfo < BufferEnd) { @@ -204,19 +197,39 @@ PcdSetNvStoreDefaultIdCallBack ( DefaultInfo++; } - if (IsFound) { - DeltaData = (PCD_DATA_DELTA *)BufferEnd; - BufferEnd = (UINT8 *)DataHeader + DataHeader->DataSize; - while ((UINT8 *)DeltaData < BufferEnd) { - *(VarStoreHobData + DeltaData->Offset) = (UINT8)DeltaData->Value; - DeltaData++; + // + // Find the matched SkuId and DefaultId in the remaining section + // + Index = sizeof (PCD_NV_STORE_DEFAULT_BUFFER_HEADER) + ((DataHeader->DataSize + 7) & (~7)); + DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); + while (!IsFound && Index < FullSize && DataHeader->DataSize != 0xFFFFFFFF) { + DefaultInfo = &(DataHeader->DefaultInfo[0]); + BufferEnd = (UINT8 *)DataHeader + sizeof (DataHeader->DataSize) + DataHeader->HeaderSize; + while ((UINT8 *)DefaultInfo < BufferEnd) { + if ((DefaultInfo->DefaultId == DefaultId) && (DefaultInfo->SkuId == SkuId)) { + IsFound = TRUE; + break; + } + + DefaultInfo++; } - break; + if (IsFound) { + DeltaData = (PCD_DATA_DELTA *)BufferEnd; + BufferEnd = (UINT8 *)DataHeader + DataHeader->DataSize; + while ((UINT8 *)DeltaData < BufferEnd) { + *(VarStoreHobData + DeltaData->Offset) = (UINT8)DeltaData->Value; + DeltaData++; + } + + break; + } + + Index = (Index + DataHeader->DataSize + 7) & (~7); + DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); } - Index = (Index + DataHeader->DataSize + 7) & (~7); - DataHeader = (PCD_DEFAULT_DATA *)(DataBuffer + Index); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } } @@ -309,15 +322,24 @@ EndOfPeiSignalPpiNotifyCallback ( // // Find PEI PcdDb and Build second PcdDB GuidHob // - // MU_CHANGE Begin - // Status = PeiServicesFfsFindSectionData (EFI_SECTION_RAW, FileHandle, &PcdDb); - // ASSERT_EFI_ERROR (Status); PcdDb = (PEI_PCD_DATABASE *)PcdDatabaseLoaderLoad (FileHandle); ASSERT (PcdDb != NULL); - // MU_CHANGE End - Length = PeiPcdDb->LengthForAllSkus; - Database = BuildGuidHob (&gPcdDataBaseHobGuid, Length); - CopyMem (Database, PcdDb, Length); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PcdDb != NULL) { + Length = PeiPcdDb->LengthForAllSkus; + Database = BuildGuidHob (&gPcdDataBaseHobGuid, Length); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build PCD guid hob.\n", __func__)); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + CopyMem (Database, PcdDb, Length); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return EFI_SUCCESS; } @@ -574,7 +596,8 @@ PeiPcdSetSku ( } SkuIdTable = (SKU_ID *)((UINT8 *)PeiPcdDb + PeiPcdDb->SkuIdTableOffset); - for (Index = 0; Index < SkuIdTable[0]; Index++) { + for (Index = 0; (UINT64)Index < SkuIdTable[0]; Index++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if (SkuId == SkuIdTable[Index + 1]) { DEBUG ((DEBUG_INFO, "PcdPei - SkuId is found in SkuId table.\n")); break; diff --git a/MdeModulePkg/Universal/PCD/Pei/Service.c b/MdeModulePkg/Universal/PCD/Pei/Service.c index 12d052cde1..91492311b0 100644 --- a/MdeModulePkg/Universal/PCD/Pei/Service.c +++ b/MdeModulePkg/Universal/PCD/Pei/Service.c @@ -402,15 +402,20 @@ LocateExPcdBinary ( // ASSERT_EFI_ERROR (Status); PcdDb = (PEI_PCD_DATABASE *)PcdDatabaseLoaderLoad (FileHandle); ASSERT (PcdDb != NULL); - // MU_CHANGE end + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PcdDb != NULL) { + // MU_CHANGE end - // - // Check the first bytes (Header Signature Guid) and build version. - // - if (!CompareGuid (PcdDb, &gPcdDataBaseSignatureGuid) || - (((PEI_PCD_DATABASE *)PcdDb)->BuildVersion != PCD_SERVICE_PEIM_VERSION)) - { - ASSERT (FALSE); + // + // Check the first bytes (Header Signature Guid) and build version. + // + if (!CompareGuid (PcdDb, &gPcdDataBaseSignatureGuid) || + (((PEI_PCD_DATABASE *)PcdDb)->BuildVersion != PCD_SERVICE_PEIM_VERSION)) + { + ASSERT (FALSE); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } return PcdDb; @@ -428,6 +433,7 @@ BuildPcdDatabase ( IN EFI_PEI_FILE_HANDLE FileHandle ) { + VOID *Hob; // MU_CHANGE - CodeQL Change PEI_PCD_DATABASE *Database; PEI_PCD_DATABASE *PeiPcdDbBinary; VOID *CallbackFnTable; @@ -438,9 +444,31 @@ BuildPcdDatabase ( // PeiPcdDbBinary = LocateExPcdBinary (FileHandle); - ASSERT (PeiPcdDbBinary != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PeiPcdDbBinary == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed To locate the Pcd Db binary.\n", __func__)); + ASSERT (PeiPcdDbBinary != NULL); + return NULL; + } - Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + + // MU_CHANGE Start - CodeQL change + // Check to see if the Hob already exists because we can error out of this function when + // creating the CallbackFnTable Hob and call into this function again. + Hob = GetFirstGuidHob (&gPcdDataBaseHobGuid); + if (Hob == NULL) { + Database = BuildGuidHob (&gPcdDataBaseHobGuid, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); + } else { + Database = (PEI_PCD_DATABASE *)GET_GUID_HOB_DATA (Hob); + } + + if (Database == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the PCD Database guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE End - CodeQL change ZeroMem (Database, PeiPcdDbBinary->Length + PeiPcdDbBinary->UninitDataBaseSize); @@ -453,6 +481,14 @@ BuildPcdDatabase ( CallbackFnTable = BuildGuidHob (&gEfiCallerIdGuid, SizeOfCallbackFnTable); + // MU_CHANGE Start - CodeQL change + if (CallbackFnTable == NULL) { + DEBUG ((DEBUG_ERROR, "[%a] - Failed to build the CallbackFnTable guid hob.\n", __func__)); + return NULL; + } + + // MU_CHANGE End - CodeQL change + ZeroMem (CallbackFnTable, SizeOfCallbackFnTable); return Database; diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c index 3aa7660324..7f2a4019f1 100644 --- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c +++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c @@ -1220,9 +1220,24 @@ PlatOverMngrExtractConfig ( // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator // ConfigRequestHdr = HiiConstructConfigHdr (&gPlatformOverridesManagerGuid, mVariableName, Private->DriverHandle); - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); - ConfigRequest = AllocateZeroPool (Size); - ASSERT (ConfigRequest != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigRequestHdr == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigRequest == NULL) { + ASSERT (ConfigRequest != NULL); + FreePool (ConfigRequestHdr); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + AllocatedRequest = TRUE; BufferSize = sizeof (PLAT_OVER_MNGR_DATA); UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); @@ -1422,6 +1437,13 @@ PlatOverMngrCallback ( } } else if (Action == EFI_BROWSER_ACTION_CHANGED) { if ((KeyValue >= KEY_VALUE_DRIVER_OFFSET) && (KeyValue < KEY_VALUE_DRIVER_OFFSET + mDriverImageHandleCount)) { + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Value == NULL) { + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + mDriSelection[KeyValue - KEY_VALUE_DRIVER_OFFSET] = Value->b; } else { switch (KeyValue) { diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c index 9a6050d322..845c0b47fd 100644 --- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c +++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c @@ -360,9 +360,15 @@ UpdateFvFileDevicePath ( // Build the shell device path // NewDevicePath = DevicePathFromHandle (FoundFvHandle); - EfiInitializeFwVolDevicepathNode (&FvFileNode, FileGuid); - NewDevicePath = AppendDevicePathNode (NewDevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&FvFileNode); - *DevicePath = NewDevicePath; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewDevicePath != NULL) { + EfiInitializeFwVolDevicepathNode (&FvFileNode, FileGuid); + NewDevicePath = AppendDevicePathNode (NewDevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&FvFileNode); + *DevicePath = NewDevicePath; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c b/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c index 326a6e6884..24e6561818 100644 --- a/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c +++ b/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c @@ -81,7 +81,7 @@ OnigurumaMatch ( INT32 OnigResult; OnigErrorInfo ErrorInfo; OnigUChar ErrorMessage[ONIG_MAX_ERROR_MESSAGE_LEN]; - UINT32 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type OnigUChar *Start; EFI_STATUS Status; diff --git a/MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterCommon.c b/MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterCommon.c index 286378e1d7..56080a9ede 100644 --- a/MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterCommon.c +++ b/MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterCommon.c @@ -67,6 +67,12 @@ Register ( CallbackEntry = (MM_RSC_HANDLER_CALLBACK_ENTRY *)AllocatePool (sizeof (MM_RSC_HANDLER_CALLBACK_ENTRY)); ASSERT (CallbackEntry != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CallbackEntry == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CallbackEntry->Signature = MM_RSC_HANDLER_CALLBACK_ENTRY_SIGNATURE; CallbackEntry->RscHandlerCallback = Callback; diff --git a/MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.c b/MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.c index 8a11643ace..fed9d127f9 100644 --- a/MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.c +++ b/MdeModulePkg/Universal/SectionExtractionPei/SectionExtractionPei.c @@ -251,14 +251,20 @@ SectionExtractionPeiEntry ( if (ExtractHandlerNumber > 0) { GuidPpi = (EFI_PEI_PPI_DESCRIPTOR *)AllocatePool (ExtractHandlerNumber * sizeof (EFI_PEI_PPI_DESCRIPTOR)); ASSERT (GuidPpi != NULL); - while (ExtractHandlerNumber-- > 0) { - GuidPpi->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; - GuidPpi->Ppi = (VOID *)&mCustomGuidedSectionExtractionPpi; - GuidPpi->Guid = &ExtractHandlerGuidTable[ExtractHandlerNumber]; - Status = PeiServicesInstallPpi (GuidPpi++); - ASSERT_EFI_ERROR (Status); + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (GuidPpi != NULL) { + while (ExtractHandlerNumber-- > 0) { + GuidPpi->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + GuidPpi->Ppi = (VOID *)&mCustomGuidedSectionExtractionPpi; + GuidPpi->Guid = &ExtractHandlerGuidTable[ExtractHandlerNumber]; + Status = PeiServicesInstallPpi (GuidPpi++); + ASSERT_EFI_ERROR (Status); + } } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c index d21930b31a..378f6ec916 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c @@ -1173,10 +1173,25 @@ IfrToString ( } else { SrcBuf = GetBufferForValue (&Value); SrcLen = GetLengthForValue (&Value); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((SrcBuf == NULL) || (SrcLen == 0)) { + ASSERT (SrcBuf != NULL); + ASSERT (SrcLen != 0); + return EFI_NOT_FOUND; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } TmpBuf = AllocateZeroPool (SrcLen + 3); - ASSERT (TmpBuf != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (TmpBuf == NULL) { + ASSERT (TmpBuf != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE [END] - CodeQL change + if (Format == EFI_IFR_STRING_ASCII) { CopyMem (TmpBuf, SrcBuf, SrcLen); PrintFormat = L"%a"; @@ -1286,7 +1301,8 @@ IfrToUint ( Evaluate opcode EFI_IFR_CATENATE. @param FormSet Formset which contains this opcode. - @param Result Evaluation result for this opcode. + @param Result Evaluation result for this opcode. Result + will be NULL on a failure. // MU_CHANGE - CodeQL Change @retval EFI_SUCCESS Opcode evaluation success. @retval Other Opcode evaluation failed. @@ -1350,6 +1366,14 @@ IfrCatenate ( MaxLen = (StrSize (String[1]) + Size) / sizeof (CHAR16); StringPtr = AllocatePool (MaxLen * sizeof (CHAR16)); ASSERT (StringPtr != NULL); + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringPtr == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + StrCpyS (StringPtr, MaxLen, String[1]); StrCatS (StringPtr, MaxLen, String[0]); @@ -1365,10 +1389,25 @@ IfrCatenate ( ASSERT (Result->Buffer != NULL); TmpBuf = GetBufferForValue (&Value[0]); - ASSERT (TmpBuf != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (TmpBuf == NULL) { + ASSERT (TmpBuf != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + CopyMem (Result->Buffer, TmpBuf, Length0); TmpBuf = GetBufferForValue (&Value[1]); - ASSERT (TmpBuf != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (TmpBuf == NULL) { + ASSERT (TmpBuf != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&Result->Buffer[Length0], TmpBuf, Length1); } @@ -1393,6 +1432,13 @@ IfrCatenate ( FreePool (StringPtr); } + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EFI_ERROR (Status) && (Result != NULL)) { + FreePool (Result); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + return Status; } @@ -1830,6 +1876,12 @@ IfrMid ( } else { BufferLen = GetLengthForValue (&Value[2]); Buffer = GetBufferForValue (&Value[2]); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Result->Type = EFI_IFR_TYPE_BUFFER; if ((Length == 0) || (Base >= BufferLen)) { @@ -2257,6 +2309,12 @@ CompareHiiValue ( Buf1Len = GetLengthForValue (Value1); Buf2 = GetBufferForValue (Value2); Buf2Len = GetLengthForValue (Value2); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if ((Buf1 == NULL) || (Buf2 == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Len = Buf1Len > Buf2Len ? Buf2Len : Buf1Len; *Result = CompareMem (Buf1, Buf2, Len); @@ -2458,7 +2516,14 @@ GetQuestionValueFromForm ( // Get the formset data include this question. // FormSet = AllocateZeroPool (sizeof (FORM_BROWSER_FORMSET)); - ASSERT (FormSet != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FormSet == NULL) { + ASSERT (FormSet != NULL); + GetTheVal = FALSE; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Status = InitializeFormSet (HiiHandle, FormSetGuid, FormSet); if (EFI_ERROR (Status)) { GetTheVal = FALSE; @@ -2544,7 +2609,7 @@ EvaluateExpression ( EXPRESSION_OPCODE *OpCode; FORM_BROWSER_STATEMENT *Question; FORM_BROWSER_STATEMENT *Question2; - UINT16 Index; + UINTN Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type EFI_HII_VALUE Data1; EFI_HII_VALUE Data2; EFI_HII_VALUE Data3; @@ -2649,7 +2714,8 @@ EvaluateExpression ( } Value->Value.b = FALSE; - for (Index = 0; Index < OpCode->ListLength; Index++) { + for (Index = 0; Index < (UINTN)OpCode->ListLength; Index++) { + // MU_CHANGE - CodeQL Change - comparison-with-wider-type if (Question->HiiValue.Value.u16 == OpCode->ValueList[Index]) { Value->Value.b = TRUE; break; @@ -3012,8 +3078,8 @@ EvaluateExpression ( // Value->Value.string = NewString (gEmptyString, FormSet->HiiHandle); } else { - Index = (UINT16)Value->Value.u64; - Value->Value.string = Index; + Index = (UINTN)Value->Value.u64; // MU_CHANGE - CodeQL Change - comparison-with-wider-type + Value->Value.string = (UINT16)Index; // MU_CHANGE - CodeQL Change - comparison-with-wider-type FreePool (StrPtr); } @@ -3169,7 +3235,14 @@ EvaluateExpression ( case EFI_HII_VARSTORE_NAME_VALUE: if (OpCode->ValueType != EFI_IFR_TYPE_STRING) { NameValue = AllocateZeroPool ((OpCode->ValueWidth * 2 + 1) * sizeof (CHAR16)); - ASSERT (NameValue != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NameValue == NULL) { + ASSERT (NameValue != NULL); + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Convert Buffer to Hex String // diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c index ed8f9965be..ecccdbad55 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c @@ -180,14 +180,41 @@ CreateQuestion ( // Insert to Name/Value varstore list // NameValueNode = AllocateZeroPool (sizeof (NAME_VALUE_NODE)); - ASSERT (NameValueNode != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NameValueNode == NULL) { + ASSERT (NameValueNode != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + NameValueNode->Signature = NAME_VALUE_NODE_SIGNATURE; NameValueNode->Name = AllocateCopyPool (StrSize (Statement->VariableName), Statement->VariableName); - ASSERT (NameValueNode->Name != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NameValueNode->Name == NULL) { + ASSERT (NameValueNode->Name != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + NameValueNode->Value = AllocateZeroPool (0x10); - ASSERT (NameValueNode->Value != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NameValueNode->Value == NULL) { + ASSERT (NameValueNode->Value != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + NameValueNode->EditValue = AllocateZeroPool (0x10); - ASSERT (NameValueNode->EditValue != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NameValueNode->EditValue == NULL) { + ASSERT (NameValueNode->EditValue != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference InsertTailList (&Statement->Storage->NameValueListHead, &NameValueNode->Link); } @@ -195,6 +222,28 @@ CreateQuestion ( } return Statement; + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference +ErrorExit: + if (NameValueNode != NULL) { + if (NameValueNode->Name != NULL) { + FreePool (NameValueNode->Name); + } + + if (NameValueNode->Value != NULL) { + FreePool (NameValueNode->Value); + } + + if (NameValueNode->EditValue != NULL) { + FreePool (NameValueNode->EditValue); + } + + FreePool (NameValueNode); + } + + return NULL; + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } /** @@ -215,7 +264,13 @@ CreateExpression ( FORM_EXPRESSION *Expression; Expression = AllocateZeroPool (sizeof (FORM_EXPRESSION)); - ASSERT (Expression != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Expression == NULL) { + ASSERT (Expression != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Expression->Signature = FORM_EXPRESSION_SIGNATURE; InitializeListHead (&Expression->OpCodeListHead); Expression->OpCode = (EFI_IFR_OP_HEADER *)OpCode; @@ -392,8 +447,9 @@ CreateStorage ( EFI_GUID *StorageGuid; CHAR8 *StorageName; - UnicodeString = NULL; - StorageName = NULL; + UnicodeString = NULL; + StorageName = NULL; + BrowserStorage = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable switch (StorageType) { case EFI_HII_VARSTORE_BUFFER: StorageGuid = (EFI_GUID *)(CHAR8 *)&((EFI_IFR_VARSTORE *)OpCodeData)->Guid; @@ -416,21 +472,39 @@ CreateStorage ( ASSERT (StorageName != NULL); UnicodeString = AllocateZeroPool (AsciiStrSize (StorageName) * 2); - ASSERT (UnicodeString != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (UnicodeString == NULL) { + ASSERT (UnicodeString != NULL); + return NULL; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference for (Index = 0; StorageName[Index] != 0; Index++) { UnicodeString[Index] = (CHAR16)StorageName[Index]; } } Storage = AllocateZeroPool (sizeof (FORMSET_STORAGE)); - ASSERT (Storage != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage == NULL) { + ASSERT (Storage != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Storage->Signature = FORMSET_STORAGE_SIGNATURE; InsertTailList (&FormSet->StorageListHead, &Storage->Link); BrowserStorage = FindStorageInList (StorageType, StorageGuid, UnicodeString, FormSet->HiiHandle); if (BrowserStorage == NULL) { BrowserStorage = AllocateZeroPool (sizeof (BROWSER_STORAGE)); - ASSERT (BrowserStorage != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (BrowserStorage == NULL) { + ASSERT (BrowserStorage != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference BrowserStorage->Signature = BROWSER_STORAGE_SIGNATURE; InsertTailList (&gBrowserStorageList, &BrowserStorage->Link); @@ -449,9 +523,37 @@ CreateStorage ( Storage->BrowserStorage = BrowserStorage; InitializeConfigHdr (FormSet, Storage); Storage->ConfigRequest = AllocateCopyPool (StrSize (Storage->ConfigHdr), Storage->ConfigHdr); - Storage->SpareStrLen = 0; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage->ConfigRequest == NULL) { + ASSERT (Storage->ConfigRequest != NULL); + goto ErrorExit; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + Storage->SpareStrLen = 0; return Storage; + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference +ErrorExit: + if (UnicodeString != NULL) { + FreePool (UnicodeString); + } + + if (BrowserStorage != NULL) { + FreePool (BrowserStorage); + } + + if (Storage != NULL) { + if (Storage->ConfigRequest != NULL) { + FreePool (Storage->ConfigRequest); + } + + FreePool (Storage); + } + + return NULL; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } /** @@ -663,7 +765,13 @@ InitializeRequestElement ( if (!Find) { ConfigInfo = AllocateZeroPool (sizeof (FORM_BROWSER_CONFIG_REQUEST)); - ASSERT (ConfigInfo != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigInfo == NULL) { + ASSERT (ConfigInfo != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference ConfigInfo->Signature = FORM_BROWSER_CONFIG_REQUEST_SIGNATURE; ConfigInfo->ConfigRequest = AllocateCopyPool (StrSize (FormsetStorage->ConfigHdr), FormsetStorage->ConfigHdr); ASSERT (ConfigInfo->ConfigRequest != NULL); @@ -1551,6 +1659,14 @@ ParseOpCodes ( // if ((CurrentExpression == NULL) && (MapScopeDepth > 0)) { CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + ASSERT (CurrentExpression != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + ASSERT (MapExpressionList != NULL); InsertTailList (MapExpressionList, &CurrentExpression->Link); if (Scope == 0) { @@ -1636,7 +1752,13 @@ ParseOpCodes ( // Create a new Form for this FormSet // CurrentForm = AllocateZeroPool (sizeof (FORM_BROWSER_FORM)); - ASSERT (CurrentForm != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentForm == NULL) { + ASSERT (CurrentForm != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentForm->Signature = FORM_BROWSER_FORM_SIGNATURE; InitializeListHead (&CurrentForm->ExpressionListHead); InitializeListHead (&CurrentForm->StatementListHead); @@ -1655,7 +1777,14 @@ ParseOpCodes ( CurrentForm->SuppressExpression = (FORM_EXPRESSION_LIST *)AllocatePool ( (UINTN)(sizeof (FORM_EXPRESSION_LIST) + ((ConditionalExprCount -1) * sizeof (FORM_EXPRESSION *))) ); - ASSERT (CurrentForm->SuppressExpression != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentForm->SuppressExpression == NULL) { + ASSERT (CurrentForm->SuppressExpression != NULL); + FreePool (CurrentForm); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentForm->SuppressExpression->Count = (UINTN)ConditionalExprCount; CurrentForm->SuppressExpression->Signature = FORM_EXPRESSION_LIST_SIGNATURE; CopyMem (CurrentForm->SuppressExpression->Expression, GetConditionalExpressionList (ExpressForm), (UINTN)(sizeof (FORM_EXPRESSION *) * ConditionalExprCount)); @@ -1679,7 +1808,13 @@ ParseOpCodes ( // Create a new Form for this FormSet // CurrentForm = AllocateZeroPool (sizeof (FORM_BROWSER_FORM)); - ASSERT (CurrentForm != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentForm == NULL) { + ASSERT (CurrentForm != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentForm->Signature = FORM_BROWSER_FORM_SIGNATURE; InitializeListHead (&CurrentForm->ExpressionListHead); InitializeListHead (&CurrentForm->StatementListHead); @@ -1725,7 +1860,14 @@ ParseOpCodes ( CurrentForm->SuppressExpression = (FORM_EXPRESSION_LIST *)AllocatePool ( (UINTN)(sizeof (FORM_EXPRESSION_LIST) + ((ConditionalExprCount -1) * sizeof (FORM_EXPRESSION *))) ); - ASSERT (CurrentForm->SuppressExpression != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentForm->SuppressExpression == NULL) { + ASSERT (CurrentForm->SuppressExpression != NULL); + FreePool (CurrentForm); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentForm->SuppressExpression->Count = (UINTN)ConditionalExprCount; CurrentForm->SuppressExpression->Signature = FORM_EXPRESSION_LIST_SIGNATURE; CopyMem (CurrentForm->SuppressExpression->Expression, GetConditionalExpressionList (ExpressForm), (UINTN)(sizeof (FORM_EXPRESSION *) * ConditionalExprCount)); @@ -1752,6 +1894,12 @@ ParseOpCodes ( // Create a buffer Storage for this FormSet // Storage = CreateStorage (FormSet, EFI_HII_VARSTORE_BUFFER, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&Storage->VarStoreId, &((EFI_IFR_VARSTORE *)OpCodeData)->VarStoreId, sizeof (EFI_VARSTORE_ID)); break; @@ -1760,6 +1908,12 @@ ParseOpCodes ( // Create a name/value Storage for this FormSet // Storage = CreateStorage (FormSet, EFI_HII_VARSTORE_NAME_VALUE, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&Storage->VarStoreId, &((EFI_IFR_VARSTORE_NAME_VALUE *)OpCodeData)->VarStoreId, sizeof (EFI_VARSTORE_ID)); break; @@ -1779,6 +1933,12 @@ ParseOpCodes ( Storage = CreateStorage (FormSet, EFI_HII_VARSTORE_EFI_VARIABLE_BUFFER, OpCodeData); } + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Storage == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&Storage->VarStoreId, &((EFI_IFR_VARSTORE_EFI *)OpCodeData)->VarStoreId, sizeof (EFI_VARSTORE_ID)); break; @@ -1788,7 +1948,13 @@ ParseOpCodes ( case EFI_IFR_DEFAULTSTORE_OP: HaveInserted = FALSE; DefaultStore = AllocateZeroPool (sizeof (FORMSET_DEFAULTSTORE)); - ASSERT (DefaultStore != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DefaultStore == NULL) { + ASSERT (DefaultStore != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference DefaultStore->Signature = FORMSET_DEFAULTSTORE_SIGNATURE; CopyMem (&DefaultStore->DefaultId, &((EFI_IFR_DEFAULTSTORE *)OpCodeData)->DefaultId, sizeof (UINT16)); @@ -1821,23 +1987,40 @@ ParseOpCodes ( case EFI_IFR_SUBTITLE_OP: CurrentStatement = CreateStatement (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_SUBTITLE *)OpCodeData)->Flags; + CurrentStatement->FakeQuestionId = mUsedQuestionId++; + } - CurrentStatement->Flags = ((EFI_IFR_SUBTITLE *)OpCodeData)->Flags; - CurrentStatement->FakeQuestionId = mUsedQuestionId++; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference break; case EFI_IFR_TEXT_OP: CurrentStatement = CreateStatement (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->FakeQuestionId = mUsedQuestionId++; - CopyMem (&CurrentStatement->TextTwo, &((EFI_IFR_TEXT *)OpCodeData)->TextTwo, sizeof (EFI_STRING_ID)); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->FakeQuestionId = mUsedQuestionId++; + CopyMem (&CurrentStatement->TextTwo, &((EFI_IFR_TEXT *)OpCodeData)->TextTwo, sizeof (EFI_STRING_ID)); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; case EFI_IFR_RESET_BUTTON_OP: CurrentStatement = CreateStatement (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->FakeQuestionId = mUsedQuestionId++; - CopyMem (&CurrentStatement->DefaultId, &((EFI_IFR_RESET_BUTTON *)OpCodeData)->DefaultId, sizeof (EFI_DEFAULT_ID)); + + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->FakeQuestionId = mUsedQuestionId++; + CopyMem (&CurrentStatement->DefaultId, &((EFI_IFR_RESET_BUTTON *)OpCodeData)->DefaultId, sizeof (EFI_DEFAULT_ID)); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; // @@ -1846,42 +2029,55 @@ ParseOpCodes ( case EFI_IFR_ACTION_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_ACTION; - if (OpCodeLength == sizeof (EFI_IFR_ACTION_1)) { - // - // No QuestionConfig present, so no configuration string will be processed - // - CurrentStatement->QuestionConfig = 0; - } else { - CopyMem (&CurrentStatement->QuestionConfig, &((EFI_IFR_ACTION *)OpCodeData)->QuestionConfig, sizeof (EFI_STRING_ID)); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_ACTION; + + if (OpCodeLength == sizeof (EFI_IFR_ACTION_1)) { + // + // No QuestionConfig present, so no configuration string will be processed + // + CurrentStatement->QuestionConfig = 0; + } else { + CopyMem (&CurrentStatement->QuestionConfig, &((EFI_IFR_ACTION *)OpCodeData)->QuestionConfig, sizeof (EFI_STRING_ID)); + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; case EFI_IFR_REF_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - Value = &CurrentStatement->HiiValue; - Value->Type = EFI_IFR_TYPE_REF; - if (OpCodeLength >= sizeof (EFI_IFR_REF)) { - CopyMem (&Value->Value.ref.FormId, &((EFI_IFR_REF *)OpCodeData)->FormId, sizeof (EFI_FORM_ID)); - if (OpCodeLength >= sizeof (EFI_IFR_REF2)) { - CopyMem (&Value->Value.ref.QuestionId, &((EFI_IFR_REF2 *)OpCodeData)->QuestionId, sizeof (EFI_QUESTION_ID)); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + Value = &CurrentStatement->HiiValue; + Value->Type = EFI_IFR_TYPE_REF; + if (OpCodeLength >= sizeof (EFI_IFR_REF)) { + CopyMem (&Value->Value.ref.FormId, &((EFI_IFR_REF *)OpCodeData)->FormId, sizeof (EFI_FORM_ID)); + + if (OpCodeLength >= sizeof (EFI_IFR_REF2)) { + CopyMem (&Value->Value.ref.QuestionId, &((EFI_IFR_REF2 *)OpCodeData)->QuestionId, sizeof (EFI_QUESTION_ID)); - if (OpCodeLength >= sizeof (EFI_IFR_REF3)) { - CopyMem (&Value->Value.ref.FormSetGuid, &((EFI_IFR_REF3 *)OpCodeData)->FormSetId, sizeof (EFI_GUID)); + if (OpCodeLength >= sizeof (EFI_IFR_REF3)) { + CopyMem (&Value->Value.ref.FormSetGuid, &((EFI_IFR_REF3 *)OpCodeData)->FormSetId, sizeof (EFI_GUID)); - if (OpCodeLength >= sizeof (EFI_IFR_REF4)) { - CopyMem (&Value->Value.ref.DevicePath, &((EFI_IFR_REF4 *)OpCodeData)->DevicePath, sizeof (EFI_STRING_ID)); + if (OpCodeLength >= sizeof (EFI_IFR_REF4)) { + CopyMem (&Value->Value.ref.DevicePath, &((EFI_IFR_REF4 *)OpCodeData)->DevicePath, sizeof (EFI_STRING_ID)); + } } } } + + CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_REF); + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); } - CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_REF); - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; case EFI_IFR_ONE_OF_OP: @@ -1889,103 +2085,108 @@ ParseOpCodes ( CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->Flags = ((EFI_IFR_ONE_OF *)OpCodeData)->Flags; - Value = &CurrentStatement->HiiValue; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_ONE_OF *)OpCodeData)->Flags; + Value = &CurrentStatement->HiiValue; - if (QuestionReferBitField) { - // - // Get the bit var store info (bit/byte offset, bit/byte offset) - // - CurrentStatement->QuestionReferToBitField = TRUE; - CurrentStatement->BitStorageWidth = CurrentStatement->Flags & EDKII_IFR_NUMERIC_SIZE_BIT; - CurrentStatement->BitVarOffset = CurrentStatement->VarStoreInfo.VarOffset; - CurrentStatement->VarStoreInfo.VarOffset = CurrentStatement->BitVarOffset / 8; - TotalBits = CurrentStatement->BitVarOffset % 8 + CurrentStatement->BitStorageWidth; - CurrentStatement->StorageWidth = (TotalBits % 8 == 0 ? TotalBits / 8 : TotalBits / 8 + 1); + if (QuestionReferBitField) { + // + // Get the bit var store info (bit/byte offset, bit/byte offset) + // + CurrentStatement->QuestionReferToBitField = TRUE; + CurrentStatement->BitStorageWidth = CurrentStatement->Flags & EDKII_IFR_NUMERIC_SIZE_BIT; + CurrentStatement->BitVarOffset = CurrentStatement->VarStoreInfo.VarOffset; + CurrentStatement->VarStoreInfo.VarOffset = CurrentStatement->BitVarOffset / 8; + TotalBits = CurrentStatement->BitVarOffset % 8 + CurrentStatement->BitStorageWidth; + CurrentStatement->StorageWidth = (TotalBits % 8 == 0 ? TotalBits / 8 : TotalBits / 8 + 1); - // - // Get the Minimum/Maximum/Step value(Note: bit field type has been stored as UINT32 type) - // - CurrentStatement->Minimum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue; - CurrentStatement->Maximum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue; - CurrentStatement->Step = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step; + // + // Get the Minimum/Maximum/Step value(Note: bit field type has been stored as UINT32 type) + // + CurrentStatement->Minimum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue; + CurrentStatement->Maximum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue; + CurrentStatement->Step = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step; - // - // Update the Flag and type of Minimum/Maximum/Step according to the actual width of bit field, - // in order to make Browser handle these question with bit varstore correctly. - // - ((EFI_IFR_NUMERIC *)OpCodeData)->Flags &= EDKII_IFR_DISPLAY_BIT; - ((EFI_IFR_NUMERIC *)OpCodeData)->Flags >>= 2; - switch (CurrentStatement->StorageWidth) { - case 1: - ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_8; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MinValue = (UINT8)CurrentStatement->Minimum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MaxValue = (UINT8)CurrentStatement->Maximum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.Step = (UINT8)CurrentStatement->Step; - Value->Type = EFI_IFR_TYPE_NUM_SIZE_8; - break; - case 2: - ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_16; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MinValue = (UINT16)CurrentStatement->Minimum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MaxValue = (UINT16)CurrentStatement->Maximum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.Step = (UINT16)CurrentStatement->Step; - Value->Type = EFI_IFR_TYPE_NUM_SIZE_16; - break; - case 3: - case 4: - ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_32; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue = (UINT32)CurrentStatement->Minimum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue = (UINT32)CurrentStatement->Maximum; - ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step = (UINT32)CurrentStatement->Step; - Value->Type = EFI_IFR_TYPE_NUM_SIZE_32; - break; - default: - break; + // + // Update the Flag and type of Minimum/Maximum/Step according to the actual width of bit field, + // in order to make Browser handle these question with bit varstore correctly. + // + ((EFI_IFR_NUMERIC *)OpCodeData)->Flags &= EDKII_IFR_DISPLAY_BIT; + ((EFI_IFR_NUMERIC *)OpCodeData)->Flags >>= 2; + switch (CurrentStatement->StorageWidth) { + case 1: + ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_8; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MinValue = (UINT8)CurrentStatement->Minimum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MaxValue = (UINT8)CurrentStatement->Maximum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.Step = (UINT8)CurrentStatement->Step; + Value->Type = EFI_IFR_TYPE_NUM_SIZE_8; + break; + case 2: + ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_16; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MinValue = (UINT16)CurrentStatement->Minimum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MaxValue = (UINT16)CurrentStatement->Maximum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.Step = (UINT16)CurrentStatement->Step; + Value->Type = EFI_IFR_TYPE_NUM_SIZE_16; + break; + case 3: + case 4: + ((EFI_IFR_NUMERIC *)OpCodeData)->Flags |= EFI_IFR_TYPE_NUM_SIZE_32; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue = (UINT32)CurrentStatement->Minimum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue = (UINT32)CurrentStatement->Maximum; + ((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step = (UINT32)CurrentStatement->Step; + Value->Type = EFI_IFR_TYPE_NUM_SIZE_32; + break; + default: + break; + } + } else { + switch (CurrentStatement->Flags & EFI_IFR_NUMERIC_SIZE) { + case EFI_IFR_NUMERIC_SIZE_1: + CurrentStatement->Minimum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MinValue; + CurrentStatement->Maximum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MaxValue; + CurrentStatement->Step = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.Step; + CurrentStatement->StorageWidth = (UINT16)sizeof (UINT8); + Value->Type = EFI_IFR_TYPE_NUM_SIZE_8; + break; + + case EFI_IFR_NUMERIC_SIZE_2: + CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MinValue, sizeof (UINT16)); + CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MaxValue, sizeof (UINT16)); + CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.Step, sizeof (UINT16)); + CurrentStatement->StorageWidth = (UINT16)sizeof (UINT16); + Value->Type = EFI_IFR_TYPE_NUM_SIZE_16; + break; + + case EFI_IFR_NUMERIC_SIZE_4: + CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue, sizeof (UINT32)); + CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue, sizeof (UINT32)); + CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step, sizeof (UINT32)); + CurrentStatement->StorageWidth = (UINT16)sizeof (UINT32); + Value->Type = EFI_IFR_TYPE_NUM_SIZE_32; + break; + + case EFI_IFR_NUMERIC_SIZE_8: + CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.MinValue, sizeof (UINT64)); + CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.MaxValue, sizeof (UINT64)); + CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.Step, sizeof (UINT64)); + CurrentStatement->StorageWidth = (UINT16)sizeof (UINT64); + Value->Type = EFI_IFR_TYPE_NUM_SIZE_64; + break; + + default: + break; + } } - } else { - switch (CurrentStatement->Flags & EFI_IFR_NUMERIC_SIZE) { - case EFI_IFR_NUMERIC_SIZE_1: - CurrentStatement->Minimum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MinValue; - CurrentStatement->Maximum = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.MaxValue; - CurrentStatement->Step = ((EFI_IFR_NUMERIC *)OpCodeData)->data.u8.Step; - CurrentStatement->StorageWidth = (UINT16)sizeof (UINT8); - Value->Type = EFI_IFR_TYPE_NUM_SIZE_8; - break; - case EFI_IFR_NUMERIC_SIZE_2: - CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MinValue, sizeof (UINT16)); - CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.MaxValue, sizeof (UINT16)); - CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u16.Step, sizeof (UINT16)); - CurrentStatement->StorageWidth = (UINT16)sizeof (UINT16); - Value->Type = EFI_IFR_TYPE_NUM_SIZE_16; - break; - - case EFI_IFR_NUMERIC_SIZE_4: - CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MinValue, sizeof (UINT32)); - CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.MaxValue, sizeof (UINT32)); - CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u32.Step, sizeof (UINT32)); - CurrentStatement->StorageWidth = (UINT16)sizeof (UINT32); - Value->Type = EFI_IFR_TYPE_NUM_SIZE_32; - break; - - case EFI_IFR_NUMERIC_SIZE_8: - CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.MinValue, sizeof (UINT64)); - CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.MaxValue, sizeof (UINT64)); - CopyMem (&CurrentStatement->Step, &((EFI_IFR_NUMERIC *)OpCodeData)->data.u64.Step, sizeof (UINT64)); - CurrentStatement->StorageWidth = (UINT16)sizeof (UINT64); - Value->Type = EFI_IFR_TYPE_NUM_SIZE_64; - break; + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); - default: - break; + if ((Operand == EFI_IFR_ONE_OF_OP) && (Scope != 0)) { + SuppressForOption = TRUE; } } - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); - - if ((Operand == EFI_IFR_ONE_OF_OP) && (Scope != 0)) { - SuppressForOption = TRUE; - } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference break; @@ -1993,121 +2194,155 @@ ParseOpCodes ( CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->Flags = ((EFI_IFR_ORDERED_LIST *)OpCodeData)->Flags; - CurrentStatement->MaxContainers = ((EFI_IFR_ORDERED_LIST *)OpCodeData)->MaxContainers; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_ORDERED_LIST *)OpCodeData)->Flags; + CurrentStatement->MaxContainers = ((EFI_IFR_ORDERED_LIST *)OpCodeData)->MaxContainers; - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BUFFER; - CurrentStatement->BufferValue = NULL; + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BUFFER; + CurrentStatement->BufferValue = NULL; - if (Scope != 0) { - SuppressForOption = TRUE; + if (Scope != 0) { + SuppressForOption = TRUE; + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; case EFI_IFR_CHECKBOX_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->Flags = ((EFI_IFR_CHECKBOX *)OpCodeData)->Flags; - CurrentStatement->StorageWidth = (UINT16)sizeof (BOOLEAN); - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BOOLEAN; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_CHECKBOX *)OpCodeData)->Flags; + CurrentStatement->StorageWidth = (UINT16)sizeof (BOOLEAN); + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BOOLEAN; - if (QuestionReferBitField) { - // - // Get the bit var store info (bit/byte offset, bit/byte offset) - // - CurrentStatement->QuestionReferToBitField = TRUE; - CurrentStatement->BitStorageWidth = 1; - CurrentStatement->BitVarOffset = CurrentStatement->VarStoreInfo.VarOffset; - CurrentStatement->VarStoreInfo.VarOffset = CurrentStatement->BitVarOffset / 8; - TotalBits = CurrentStatement->BitVarOffset % 8 + CurrentStatement->BitStorageWidth; - CurrentStatement->StorageWidth = (TotalBits % 8 == 0 ? TotalBits / 8 : TotalBits / 8 + 1); + if (QuestionReferBitField) { + // + // Get the bit var store info (bit/byte offset, bit/byte offset) + // + CurrentStatement->QuestionReferToBitField = TRUE; + CurrentStatement->BitStorageWidth = 1; + CurrentStatement->BitVarOffset = CurrentStatement->VarStoreInfo.VarOffset; + CurrentStatement->VarStoreInfo.VarOffset = CurrentStatement->BitVarOffset / 8; + TotalBits = CurrentStatement->BitVarOffset % 8 + CurrentStatement->BitStorageWidth; + CurrentStatement->StorageWidth = (TotalBits % 8 == 0 ? TotalBits / 8 : TotalBits / 8 + 1); + } + + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); } - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference break; case EFI_IFR_STRING_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - // - // MinSize is the minimum number of characters that can be accepted for this opcode, - // MaxSize is the maximum number of characters that can be accepted for this opcode. - // The characters are stored as Unicode, so the storage width should multiply 2. - // - CurrentStatement->Minimum = ((EFI_IFR_STRING *)OpCodeData)->MinSize; - CurrentStatement->Maximum = ((EFI_IFR_STRING *)OpCodeData)->MaxSize; - CurrentStatement->StorageWidth = (UINT16)((UINTN)CurrentStatement->Maximum * sizeof (CHAR16)); - CurrentStatement->Flags = ((EFI_IFR_STRING *)OpCodeData)->Flags; - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_STRING; - CurrentStatement->BufferValue = AllocateZeroPool (CurrentStatement->StorageWidth + sizeof (CHAR16)); - CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + // + // MinSize is the minimum number of characters that can be accepted for this opcode, + // MaxSize is the maximum number of characters that can be accepted for this opcode. + // The characters are stored as Unicode, so the storage width should multiply 2. + // + CurrentStatement->Minimum = ((EFI_IFR_STRING *)OpCodeData)->MinSize; + CurrentStatement->Maximum = ((EFI_IFR_STRING *)OpCodeData)->MaxSize; + CurrentStatement->StorageWidth = (UINT16)((UINTN)CurrentStatement->Maximum * sizeof (CHAR16)); + CurrentStatement->Flags = ((EFI_IFR_STRING *)OpCodeData)->Flags; + + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_STRING; + CurrentStatement->BufferValue = AllocateZeroPool (CurrentStatement->StorageWidth + sizeof (CHAR16)); + CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle); + + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); break; case EFI_IFR_PASSWORD_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - // - // MinSize is the minimum number of characters that can be accepted for this opcode, - // MaxSize is the maximum number of characters that can be accepted for this opcode. - // The characters are stored as Unicode, so the storage width should multiply 2. - // - CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_PASSWORD *)OpCodeData)->MinSize, sizeof (UINT16)); - CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_PASSWORD *)OpCodeData)->MaxSize, sizeof (UINT16)); - CurrentStatement->StorageWidth = (UINT16)((UINTN)CurrentStatement->Maximum * sizeof (CHAR16)); - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_STRING; - CurrentStatement->BufferValue = AllocateZeroPool ((CurrentStatement->StorageWidth + sizeof (CHAR16))); - CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + // + // MinSize is the minimum number of characters that can be accepted for this opcode, + // MaxSize is the maximum number of characters that can be accepted for this opcode. + // The characters are stored as Unicode, so the storage width should multiply 2. + // + CopyMem (&CurrentStatement->Minimum, &((EFI_IFR_PASSWORD *)OpCodeData)->MinSize, sizeof (UINT16)); + CopyMem (&CurrentStatement->Maximum, &((EFI_IFR_PASSWORD *)OpCodeData)->MaxSize, sizeof (UINT16)); + CurrentStatement->StorageWidth = (UINT16)((UINTN)CurrentStatement->Maximum * sizeof (CHAR16)); + + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_STRING; + CurrentStatement->BufferValue = AllocateZeroPool ((CurrentStatement->StorageWidth + sizeof (CHAR16))); + CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle); + + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); break; case EFI_IFR_DATE_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->Flags = ((EFI_IFR_DATE *)OpCodeData)->Flags; - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_DATE; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_DATE *)OpCodeData)->Flags; + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_DATE; - if ((CurrentStatement->Flags & EFI_QF_DATE_STORAGE) == QF_DATE_STORAGE_NORMAL) { - CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_DATE); + if ((CurrentStatement->Flags & EFI_QF_DATE_STORAGE) == QF_DATE_STORAGE_NORMAL) { + CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_DATE); - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); - } else { - // - // Don't assign storage for RTC type of date/time - // - CurrentStatement->Storage = NULL; - CurrentStatement->StorageWidth = 0; + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + } else { + // + // Don't assign storage for RTC type of date/time + // + CurrentStatement->Storage = NULL; + CurrentStatement->StorageWidth = 0; + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; case EFI_IFR_TIME_OP: CurrentStatement = CreateQuestion (OpCodeData, FormSet, CurrentForm); ASSERT (CurrentStatement != NULL); - CurrentStatement->Flags = ((EFI_IFR_TIME *)OpCodeData)->Flags; - CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_TIME; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentStatement != NULL) { + CurrentStatement->Flags = ((EFI_IFR_TIME *)OpCodeData)->Flags; + CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_TIME; - if ((CurrentStatement->Flags & QF_TIME_STORAGE) == QF_TIME_STORAGE_NORMAL) { - CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_TIME); + if ((CurrentStatement->Flags & QF_TIME_STORAGE) == QF_TIME_STORAGE_NORMAL) { + CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_TIME); - InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); - } else { - // - // Don't assign storage for RTC type of date/time - // - CurrentStatement->Storage = NULL; - CurrentStatement->StorageWidth = 0; + InitializeRequestElement (FormSet, CurrentStatement, CurrentForm); + } else { + // + // Don't assign storage for RTC type of date/time + // + CurrentStatement->Storage = NULL; + CurrentStatement->StorageWidth = 0; + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + break; // @@ -2120,7 +2355,13 @@ ParseOpCodes ( // A Question may have more than one Default value which have different default types. // CurrentDefault = AllocateZeroPool (sizeof (QUESTION_DEFAULT)); - ASSERT (CurrentDefault != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentDefault == NULL) { + ASSERT (CurrentDefault != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentDefault->Signature = QUESTION_DEFAULT_SIGNATURE; CurrentDefault->Value.Type = ((EFI_IFR_DEFAULT *)OpCodeData)->Type; @@ -2128,7 +2369,14 @@ ParseOpCodes ( if (CurrentDefault->Value.Type == EFI_IFR_TYPE_BUFFER) { CurrentDefault->Value.BufferLen = (UINT16)(OpCodeLength - OFFSET_OF (EFI_IFR_DEFAULT, Value)); CurrentDefault->Value.Buffer = AllocateCopyPool (CurrentDefault->Value.BufferLen, &((EFI_IFR_DEFAULT *)OpCodeData)->Value); - ASSERT (CurrentDefault->Value.Buffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentDefault->Value.Buffer == NULL) { + ASSERT (CurrentDefault->Value.Buffer != NULL); + FreePool (CurrentDefault); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { CopyMem (&CurrentDefault->Value.Value, &((EFI_IFR_DEFAULT *)OpCodeData)->Value, OpCodeLength - OFFSET_OF (EFI_IFR_DEFAULT, Value)); ExtendValueToU64 (&CurrentDefault->Value); @@ -2155,7 +2403,13 @@ ParseOpCodes ( // It's keep the default value for ordered list opcode. // CurrentDefault = AllocateZeroPool (sizeof (QUESTION_DEFAULT)); - ASSERT (CurrentDefault != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentDefault == NULL) { + ASSERT (CurrentDefault != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentDefault->Signature = QUESTION_DEFAULT_SIGNATURE; CurrentDefault->Value.Type = EFI_IFR_TYPE_BUFFER; @@ -2167,7 +2421,14 @@ ParseOpCodes ( CurrentDefault->Value.BufferLen = (UINT16)(OpCodeLength - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value)); CurrentDefault->Value.Buffer = AllocateCopyPool (CurrentDefault->Value.BufferLen, &((EFI_IFR_ONE_OF_OPTION *)OpCodeData)->Value); - ASSERT (CurrentDefault->Value.Buffer != NULL); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + if (CurrentDefault->Value.Buffer == NULL) { + ASSERT (CurrentDefault->Value.Buffer != NULL); + FreePool (CurrentDefault); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Insert to Default Value list of current Question @@ -2181,7 +2442,19 @@ ParseOpCodes ( // It create a selection for use in current Question. // CurrentOption = AllocateZeroPool (sizeof (QUESTION_OPTION)); - ASSERT (CurrentOption != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentOption == NULL) { + ASSERT (CurrentOption != NULL); + if (CurrentDefault != NULL) { + FreePool (CurrentDefault->Value.Buffer); + RemoveEntryList (&CurrentDefault->Link); + FreePool (CurrentDefault); + } + + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE E d - CodeQL Change - unguardednullreturndereference CurrentOption->Signature = QUESTION_OPTION_SIGNATURE; CurrentOption->OpCode = (EFI_IFR_ONE_OF_OPTION *)OpCodeData; @@ -2199,7 +2472,20 @@ ParseOpCodes ( CurrentOption->SuppressExpression = (FORM_EXPRESSION_LIST *)AllocatePool ( (UINTN)(sizeof (FORM_EXPRESSION_LIST) + ((ConditionalExprCount -1) * sizeof (FORM_EXPRESSION *))) ); - ASSERT (CurrentOption->SuppressExpression != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentOption->SuppressExpression == NULL) { + ASSERT (CurrentOption->SuppressExpression != NULL); + FreePool (CurrentOption); + if (CurrentDefault != NULL) { + FreePool (CurrentDefault->Value.Buffer); + RemoveEntryList (&CurrentDefault->Link); + FreePool (CurrentDefault); + } + + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentOption->SuppressExpression->Count = (UINTN)ConditionalExprCount; CurrentOption->SuppressExpression->Signature = FORM_EXPRESSION_LIST_SIGNATURE; CopyMem (CurrentOption->SuppressExpression->Expression, GetConditionalExpressionList (ExpressOption), (UINTN)(sizeof (FORM_EXPRESSION *) * ConditionalExprCount)); @@ -2260,6 +2546,12 @@ ParseOpCodes ( // Create an Expression node // CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&CurrentExpression->Error, &((EFI_IFR_INCONSISTENT_IF *)OpCodeData)->Error, sizeof (EFI_STRING_ID)); if (Operand == EFI_IFR_NO_SUBMIT_IF_OP) { @@ -2285,6 +2577,12 @@ ParseOpCodes ( // Create an Expression node // CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CopyMem (&CurrentExpression->Error, &((EFI_IFR_WARNING_IF *)OpCodeData)->Warning, sizeof (EFI_STRING_ID)); CurrentExpression->TimeOut = ((EFI_IFR_WARNING_IF *)OpCodeData)->TimeOut; CurrentExpression->Type = EFI_HII_EXPRESSION_WARNING_IF; @@ -2304,7 +2602,13 @@ ParseOpCodes ( // // Question and Option will appear in scope of this OpCode // - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_SUPPRESS_IF; if (CurrentForm == NULL) { @@ -2335,7 +2639,13 @@ ParseOpCodes ( // // Questions will appear in scope of this OpCode // - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_GRAY_OUT_IF; InsertTailList (&CurrentForm->ExpressionListHead, &CurrentExpression->Link); PushConditionalExpression (CurrentExpression, ExpressStatement); @@ -2356,7 +2666,13 @@ ParseOpCodes ( // evaluated at initialization and it will not be queued // CurrentExpression = AllocateZeroPool (sizeof (FORM_EXPRESSION)); - ASSERT (CurrentExpression != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + ASSERT (CurrentExpression != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Signature = FORM_EXPRESSION_SIGNATURE; CurrentExpression->Type = EFI_HII_EXPRESSION_DISABLE_IF; InitializeListHead (&CurrentExpression->OpCodeListHead); @@ -2385,7 +2701,13 @@ ParseOpCodes ( // Expression // case EFI_IFR_VALUE_OP: - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_VALUE; InsertTailList (&CurrentForm->ExpressionListHead, &CurrentExpression->Link); @@ -2418,7 +2740,13 @@ ParseOpCodes ( break; case EFI_IFR_RULE_OP: - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_RULE; CurrentExpression->RuleId = ((EFI_IFR_RULE *)OpCodeData)->RuleId; @@ -2435,7 +2763,13 @@ ParseOpCodes ( break; case EFI_IFR_READ_OP: - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_READ; InsertTailList (&CurrentForm->ExpressionListHead, &CurrentExpression->Link); @@ -2458,7 +2792,13 @@ ParseOpCodes ( break; case EFI_IFR_WRITE_OP: - CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + CurrentExpression = CreateExpression (CurrentForm, OpCodeData); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentExpression == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference CurrentExpression->Type = EFI_HII_EXPRESSION_WRITE; InsertTailList (&CurrentForm->ExpressionListHead, &CurrentExpression->Link); diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c b/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c index de7e79e8ab..49e885faeb 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c @@ -252,7 +252,13 @@ CreateRefreshEventForStatement ( ASSERT_EFI_ERROR (Status); EventNode = AllocateZeroPool (sizeof (FORM_BROWSER_REFRESH_EVENT_NODE)); - ASSERT (EventNode != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EventNode == NULL) { + ASSERT (EventNode != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference EventNode->RefreshEvent = RefreshEvent; InsertTailList (&mRefreshEventList, &EventNode->Link); } @@ -286,7 +292,13 @@ CreateRefreshEventForForm ( ASSERT_EFI_ERROR (Status); EventNode = AllocateZeroPool (sizeof (FORM_BROWSER_REFRESH_EVENT_NODE)); - ASSERT (EventNode != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EventNode == NULL) { + ASSERT (EventNode != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference EventNode->RefreshEvent = RefreshEvent; InsertTailList (&mRefreshEventList, &EventNode->Link); } @@ -337,7 +349,13 @@ InitializeDisplayStatement ( } DisplayOption = AllocateZeroPool (sizeof (DISPLAY_QUESTION_OPTION)); - ASSERT (DisplayOption != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DisplayOption == NULL) { + ASSERT (DisplayOption != NULL); + continue; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference DisplayOption->ImageId = Option->ImageId; DisplayOption->Signature = DISPLAY_QUESTION_OPTION_SIGNATURE; @@ -410,7 +428,12 @@ InitializeDisplayStatement ( if (Statement->ParentStatement != NULL) { ParentStatement = GetDisplayStatement (Statement->ParentStatement->OpCode); ASSERT (ParentStatement != NULL); - InsertTailList (&ParentStatement->NestStatementList, &DisplayStatement->DisplayLink); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ParentStatement != NULL) { + InsertTailList (&ParentStatement->NestStatementList, &DisplayStatement->DisplayLink); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { InsertTailList (&gDisplayFormData.StatementListHead, &DisplayStatement->DisplayLink); } @@ -555,7 +578,13 @@ AddStatementToDisplayForm ( Link = GetNextNode (&gCurrentSelection->FormSet->StatementListOSF, Link); DisplayStatement = AllocateZeroPool (sizeof (FORM_DISPLAY_ENGINE_STATEMENT)); - ASSERT (DisplayStatement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DisplayStatement == NULL) { + ASSERT (DisplayStatement != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference DisplayStatement->Signature = FORM_DISPLAY_ENGINE_STATEMENT_SIGNATURE; DisplayStatement->Version = FORM_DISPLAY_ENGINE_STATEMENT_VERSION_1; DisplayStatement->OpCode = Statement->OpCode; @@ -570,7 +599,13 @@ AddStatementToDisplayForm ( // treat formset as statement outside the form,get its opcode. // DisplayStatement = AllocateZeroPool (sizeof (FORM_DISPLAY_ENGINE_STATEMENT)); - ASSERT (DisplayStatement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DisplayStatement == NULL) { + ASSERT (DisplayStatement != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference DisplayStatement->Signature = FORM_DISPLAY_ENGINE_STATEMENT_SIGNATURE; DisplayStatement->Version = FORM_DISPLAY_ENGINE_STATEMENT_VERSION_1; @@ -605,7 +640,13 @@ AddStatementToDisplayForm ( } DisplayStatement = AllocateZeroPool (sizeof (FORM_DISPLAY_ENGINE_STATEMENT)); - ASSERT (DisplayStatement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (DisplayStatement == NULL) { + ASSERT (DisplayStatement != NULL); + continue; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Initialize this statement and add it to the display form. @@ -641,7 +682,13 @@ AddStatementToDisplayForm ( ASSERT_EFI_ERROR (Status); EventNode = AllocateZeroPool (sizeof (FORM_BROWSER_REFRESH_EVENT_NODE)); - ASSERT (EventNode != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EventNode == NULL) { + ASSERT (EventNode != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference EventNode->RefreshEvent = RefreshIntervalEvent; InsertTailList (&mRefreshEventList, &EventNode->Link); } @@ -1099,7 +1146,12 @@ GetFormsetGuidFromHiiHandle ( HiiPackageList = AllocatePool (BufferSize); ASSERT (HiiPackageList != NULL); - Status = mHiiDatabase->ExportPackageLists (mHiiDatabase, HiiHandle, &BufferSize, HiiPackageList); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HiiPackageList != NULL) { + Status = mHiiDatabase->ExportPackageLists (mHiiDatabase, HiiHandle, &BufferSize, HiiPackageList); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } if (EFI_ERROR (Status) || (HiiPackageList == NULL)) { @@ -1255,21 +1307,26 @@ FormSetGuidToHiiHandle ( HiiHandles = HiiGetHiiHandles (NULL); ASSERT (HiiHandles != NULL); - // - // Search for formset of each class type - // - for (Index = 0; HiiHandles[Index] != NULL; Index++) { - if (GetFormsetGuidFromHiiHandle (HiiHandles[Index], ComparingGuid)) { - HiiHandle = HiiHandles[Index]; - break; - } + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HiiHandles != NULL) { + // + // Search for formset of each class type + // + for (Index = 0; HiiHandles[Index] != NULL; Index++) { + if (GetFormsetGuidFromHiiHandle (HiiHandles[Index], ComparingGuid)) { + HiiHandle = HiiHandles[Index]; + break; + } - if (HiiHandle != NULL) { - break; + if (HiiHandle != NULL) { + break; + } } + + FreePool (HiiHandles); } - FreePool (HiiHandles); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return HiiHandle; } @@ -1584,20 +1641,25 @@ ProcessUserInput ( Statement = GetBrowserStatement (UserInput->SelectedStatement); ASSERT (Statement != NULL); - // - // This question is the current user select one,record it and later - // show it as the highlight question. - // - gCurrentSelection->CurrentMenu->QuestionId = Statement->QuestionId; - // - // For statement like text, actio, it not has question id. - // So use FakeQuestionId to save the question. - // - if (gCurrentSelection->CurrentMenu->QuestionId == 0) { - mCurFakeQestId = Statement->FakeQuestionId; - } else { - mCurFakeQestId = 0; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Statement != NULL) { + // + // This question is the current user select one,record it and later + // show it as the highlight question. + // + gCurrentSelection->CurrentMenu->QuestionId = Statement->QuestionId; + // + // For statement like text, actio, it not has question id. + // So use FakeQuestionId to save the question. + // + if (gCurrentSelection->CurrentMenu->QuestionId == 0) { + mCurFakeQestId = Statement->FakeQuestionId; + } else { + mCurFakeQestId = 0; + } } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } // @@ -1715,7 +1777,13 @@ DisplayForm ( gCurrentSelection->FormId, gCurrentSelection->QuestionId ); - ASSERT (CurrentMenu != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (CurrentMenu == NULL) { + ASSERT (CurrentMenu != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } // @@ -2085,15 +2153,20 @@ ProcessCallBackFunction ( NewString = GetToken (Statement->HiiValue.Value.string, FormSet->HiiHandle); ASSERT (NewString != NULL); - ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth); - if (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth) { - ZeroMem (Statement->BufferValue, Statement->StorageWidth); - CopyMem (Statement->BufferValue, NewString, StrSize (NewString)); - } else { - CopyMem (Statement->BufferValue, NewString, Statement->StorageWidth); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewString != NULL) { + ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth); + if (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth) { + ZeroMem (Statement->BufferValue, Statement->StorageWidth); + CopyMem (Statement->BufferValue, NewString, StrSize (NewString)); + } else { + CopyMem (Statement->BufferValue, NewString, Statement->StorageWidth); + } + + FreePool (NewString); } - FreePool (NewString); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } // @@ -2348,15 +2421,20 @@ ProcessRetrieveForQuestion ( NewString = GetToken (Statement->HiiValue.Value.string, FormSet->HiiHandle); ASSERT (NewString != NULL); - ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth); - if (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth) { - ZeroMem (Statement->BufferValue, Statement->StorageWidth); - CopyMem (Statement->BufferValue, NewString, StrSize (NewString)); - } else { - CopyMem (Statement->BufferValue, NewString, Statement->StorageWidth); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewString != NULL) { + ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth); + if (StrLen (NewString) * sizeof (CHAR16) <= Statement->StorageWidth) { + ZeroMem (Statement->BufferValue, Statement->StorageWidth); + CopyMem (Statement->BufferValue, NewString, StrSize (NewString)); + } else { + CopyMem (Statement->BufferValue, NewString, Statement->StorageWidth); + } + + FreePool (NewString); } - FreePool (NewString); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } return Status; diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c index 2f7b11b1aa..23a741b714 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c @@ -306,7 +306,13 @@ UiCopyMenuList ( Link = GetNextNode (CurrentMenuListHead, Link); NewMenuEntry = AllocateZeroPool (sizeof (FORM_ENTRY_INFO)); - ASSERT (NewMenuEntry != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewMenuEntry == NULL) { + ASSERT (NewMenuEntry != NULL); + return; + } + + /// MU_CHANGE End - CodeQL Change - unguardednullreturndereference NewMenuEntry->Signature = FORM_ENTRY_INFO_SIGNATURE; NewMenuEntry->HiiHandle = MenuList->HiiHandle; CopyMem (&NewMenuEntry->FormSetGuid, &MenuList->FormSetGuid, sizeof (EFI_GUID)); @@ -340,48 +346,57 @@ LoadAllHiiFormset ( // HiiHandles = HiiGetHiiHandles (NULL); ASSERT (HiiHandles != NULL); - - // - // Search for formset of each class type - // - for (Index = 0; HiiHandles[Index] != NULL; Index++) { + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HiiHandles != NULL) { // - // Check HiiHandles[Index] does exist in global maintain list. + // Search for formset of each class type // - if (GetFormSetFromHiiHandle (HiiHandles[Index]) != NULL) { - continue; - } + for (Index = 0; HiiHandles[Index] != NULL; Index++) { + // + // Check HiiHandles[Index] does exist in global maintain list. + // + if (GetFormSetFromHiiHandle (HiiHandles[Index]) != NULL) { + continue; + } - // - // Initilize FormSet Setting - // - LocalFormSet = AllocateZeroPool (sizeof (FORM_BROWSER_FORMSET)); - ASSERT (LocalFormSet != NULL); - mSystemLevelFormSet = LocalFormSet; + // + // Initilize FormSet Setting + // + LocalFormSet = AllocateZeroPool (sizeof (FORM_BROWSER_FORMSET)); + ASSERT (LocalFormSet != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (LocalFormSet != NULL ) { + mSystemLevelFormSet = LocalFormSet; + + ZeroMem (&ZeroGuid, sizeof (ZeroGuid)); + Status = InitializeFormSet (HiiHandles[Index], &ZeroGuid, LocalFormSet); + if (EFI_ERROR (Status) || IsListEmpty (&LocalFormSet->FormListHead)) { + DestroyFormSet (LocalFormSet); + continue; + } - ZeroMem (&ZeroGuid, sizeof (ZeroGuid)); - Status = InitializeFormSet (HiiHandles[Index], &ZeroGuid, LocalFormSet); - if (EFI_ERROR (Status) || IsListEmpty (&LocalFormSet->FormListHead)) { - DestroyFormSet (LocalFormSet); - continue; - } + InitializeCurrentSetting (LocalFormSet); - InitializeCurrentSetting (LocalFormSet); + // + // Initilize Questions' Value + // + Status = LoadFormSetConfig (NULL, LocalFormSet); + if (EFI_ERROR (Status)) { + DestroyFormSet (LocalFormSet); + continue; + } + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + } // - // Initilize Questions' Value + // Free resources, and restore gOldFormSet and gClassOfVfr // - Status = LoadFormSetConfig (NULL, LocalFormSet); - if (EFI_ERROR (Status)) { - DestroyFormSet (LocalFormSet); - continue; - } + FreePool (HiiHandles); } - // - // Free resources, and restore gOldFormSet and gClassOfVfr - // - FreePool (HiiHandles); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference mSystemLevelFormSet = OldFormset; } @@ -410,7 +425,13 @@ PopupErrorMessage ( if (OpCode != NULL) { Statement = AllocateZeroPool (sizeof (FORM_DISPLAY_ENGINE_STATEMENT)); - ASSERT (Statement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Statement == NULL) { + ASSERT (Statement != NULL); + return BROWSER_ACTION_NONE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Statement->OpCode = OpCode; gDisplayFormData.HighLightedStatement = Statement; } @@ -505,7 +526,14 @@ SendForm ( for (Index = 0; Index < HandleCount; Index++) { Selection = AllocateZeroPool (sizeof (UI_MENU_SELECTION)); - ASSERT (Selection != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Selection == NULL) { + ASSERT (Selection != NULL); + Status = EFI_OUT_OF_RESOURCES; + break; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Selection->Handle = Handles[Index]; if (FormSetGuid != NULL) { @@ -517,8 +545,14 @@ SendForm ( do { FormSet = AllocateZeroPool (sizeof (FORM_BROWSER_FORMSET)); - ASSERT (FormSet != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FormSet == NULL) { + ASSERT (FormSet != NULL); + Status = EFI_OUT_OF_RESOURCES; + break; + } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Validate the HiiHandle // if validate failed, find the first validate parent HiiHandle. @@ -654,18 +688,24 @@ ProcessStorage ( // StrPtr = StrStr (ConfigResp, L"PATH"); ASSERT (StrPtr != NULL); - StrPtr = StrStr (StrPtr, L"&"); - StrPtr += 1; - BufferSize = StrSize (StrPtr); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StrPtr != NULL) { + StrPtr = StrStr (StrPtr, L"&"); + StrPtr += 1; + BufferSize = StrSize (StrPtr); - // - // Copy the data if the input buffer is bigger enough. - // - if (*ResultsDataSize >= BufferSize) { - StrCpyS (*ResultsData, *ResultsDataSize / sizeof (CHAR16), StrPtr); + // + // Copy the data if the input buffer is bigger enough. + // + if (*ResultsDataSize >= BufferSize) { + StrCpyS (*ResultsData, *ResultsDataSize / sizeof (CHAR16), StrPtr); + } + + *ResultsDataSize = BufferSize; } - *ResultsDataSize = BufferSize; + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + FreePool (ConfigResp); } else { // @@ -677,8 +717,13 @@ ProcessStorage ( BufferSize = (TmpSize + StrLen (BrowserStorage->ConfigHdr) + 2) * sizeof (CHAR16); MaxLen = BufferSize / sizeof (CHAR16); ConfigResp = AllocateZeroPool (BufferSize); - ASSERT (ConfigResp != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigResp == NULL) { + ASSERT (ConfigResp != NULL); + return EFI_OUT_OF_RESOURCES; + } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrCpyS (ConfigResp, MaxLen, BrowserStorage->ConfigHdr); StrCatS (ConfigResp, MaxLen, L"&"); StrCatS (ConfigResp, MaxLen, *ResultsData); @@ -1088,8 +1133,13 @@ NewStringCat ( MaxLen = (StrSize (*Dest) + StrSize (Src) - 1) / sizeof (CHAR16); NewString = AllocateZeroPool (MaxLen * sizeof (CHAR16)); - ASSERT (NewString != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewString == NULL) { + ASSERT (NewString != NULL); + return; + } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrCpyS (NewString, MaxLen, *Dest); StrCatS (NewString, MaxLen, Src); @@ -1823,7 +1873,13 @@ GetQuestionValue ( // Allocate buffer include '\0' MaxLen = Length + 1; ConfigRequest = AllocateZeroPool (MaxLen * sizeof (CHAR16)); - ASSERT (ConfigRequest != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigRequest == NULL) { + ASSERT (ConfigRequest != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrCpyS (ConfigRequest, MaxLen, FormsetStorage->ConfigHdr); if (IsBufferStorage) { @@ -2089,7 +2145,13 @@ SetQuestionValue ( Value = NULL; BufferLen = ((StrLen ((CHAR16 *)Src) * 4) + 1) * sizeof (CHAR16); Value = AllocateZeroPool (BufferLen); - ASSERT (Value != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Value == NULL) { + ASSERT (Value != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Convert Unicode String to Config String, e.g. "ABCD" => "0041004200430044" // @@ -2108,7 +2170,13 @@ SetQuestionValue ( } else { BufferLen = StorageWidth * 2 + 1; Value = AllocateZeroPool (BufferLen * sizeof (CHAR16)); - ASSERT (Value != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Value == NULL) { + ASSERT (Value != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // Convert Buffer to Hex String // @@ -2153,7 +2221,13 @@ SetQuestionValue ( ASSERT (FormsetStorage != NULL); MaxLen = StrLen (FormsetStorage->ConfigHdr) + Length + 1; ConfigResp = AllocateZeroPool (MaxLen * sizeof (CHAR16)); - ASSERT (ConfigResp != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigResp == NULL) { + ASSERT (ConfigResp != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference StrCpyS (ConfigResp, MaxLen, FormsetStorage->ConfigHdr); if (IsBufferStorage) { @@ -2725,15 +2799,19 @@ ValidateHiiHandle ( HiiHandles = HiiGetHiiHandles (NULL); ASSERT (HiiHandles != NULL); - - for (Index = 0; HiiHandles[Index] != NULL; Index++) { - if (HiiHandles[Index] == HiiHandle) { - Find = TRUE; - break; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HiiHandles != NULL) { + for (Index = 0; HiiHandles[Index] != NULL; Index++) { + if (HiiHandles[Index] == HiiHandle) { + Find = TRUE; + break; + } } + + FreePool (HiiHandles); } - FreePool (HiiHandles); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return Find; } @@ -2909,7 +2987,13 @@ FindQuestionFromProgress ( // For Name/Value type, Skip the ConfigHdr part. // EndStr = StrStr (Progress, L"PATH="); - ASSERT (EndStr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr == NULL) { + ASSERT (EndStr != NULL); + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference while (*EndStr != '&') { EndStr++; } @@ -2920,7 +3004,13 @@ FindQuestionFromProgress ( // For Buffer type, Skip the ConfigHdr part. // EndStr = StrStr (Progress, L"&OFFSET="); - ASSERT (EndStr != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr == NULL) { + ASSERT (EndStr != NULL); + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference *EndStr = '\0'; } @@ -2937,7 +3027,12 @@ FindQuestionFromProgress ( // EndStr = StrStr (Progress, L"="); ASSERT (EndStr != NULL); - *EndStr = '\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr != NULL) { + *EndStr = '\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { // // For Buffer type, the data is "OFFSET=0x####&WIDTH=0x####&VALUE=0x####", @@ -2945,7 +3040,12 @@ FindQuestionFromProgress ( // EndStr = StrStr (Progress, L"&VALUE="); ASSERT (EndStr != NULL); - *EndStr = '\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr != NULL) { + *EndStr = '\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } // @@ -3060,15 +3160,26 @@ GetSyncRestoreConfigRequest ( // EndStr = StrStr (Progress, L"="); ASSERT (EndStr != NULL); - *EndStr = L'\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr != NULL) { + *EndStr = L'\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + // // Find the ConfigHdr in ConfigRequest. // ConfigHdrEndStr = StrStr (ConfigRequest, L"PATH="); ASSERT (ConfigHdrEndStr != NULL); - while (*ConfigHdrEndStr != L'&') { - ConfigHdrEndStr++; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigHdrEndStr != NULL) { + while (*ConfigHdrEndStr != L'&') { + ConfigHdrEndStr++; + } } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { // // For Buffer type, the data is "OFFSET=0x####&WIDTH=0x####&VALUE=0x####", @@ -3076,7 +3187,13 @@ GetSyncRestoreConfigRequest ( // EndStr = StrStr (Progress, L"&VALUE="); ASSERT (EndStr != NULL); - *EndStr = L'\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (EndStr != NULL) { + *EndStr = L'\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + // // Find the ConfigHdr in ConfigRequest. // @@ -3088,22 +3205,38 @@ GetSyncRestoreConfigRequest ( // ElementStr = StrStr (ConfigRequest, Progress); ASSERT (ElementStr != NULL); - // - // To get the RestoreConfigRequest. - // - RestoreEleSize = StrSize (ElementStr); - TotalSize = (ConfigHdrEndStr - ConfigRequest) * sizeof (CHAR16) + RestoreEleSize + sizeof (CHAR16); - *RestoreConfigRequest = AllocateZeroPool (TotalSize); - ASSERT (*RestoreConfigRequest != NULL); - StrnCpyS (*RestoreConfigRequest, TotalSize / sizeof (CHAR16), ConfigRequest, ConfigHdrEndStr - ConfigRequest); - StrCatS (*RestoreConfigRequest, TotalSize / sizeof (CHAR16), ElementStr); - // - // To get the SyncConfigRequest. - // - SyncSize = StrSize (ConfigRequest) - RestoreEleSize + sizeof (CHAR16); - *SyncConfigRequest = AllocateZeroPool (SyncSize); - ASSERT (*SyncConfigRequest != NULL); - StrnCpyS (*SyncConfigRequest, SyncSize / sizeof (CHAR16), ConfigRequest, SyncSize / sizeof (CHAR16) - 1); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ElementStr != NULL) { + // + // To get the RestoreConfigRequest. + // + RestoreEleSize = StrSize (ElementStr); + TotalSize = (ConfigHdrEndStr - ConfigRequest) * sizeof (CHAR16) + RestoreEleSize + sizeof (CHAR16); + *RestoreConfigRequest = AllocateZeroPool (TotalSize); + ASSERT (*RestoreConfigRequest != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (*RestoreConfigRequest != NULL) { + StrnCpyS (*RestoreConfigRequest, TotalSize / sizeof (CHAR16), ConfigRequest, ConfigHdrEndStr - ConfigRequest); + StrCatS (*RestoreConfigRequest, TotalSize / sizeof (CHAR16), ElementStr); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + + // + // To get the SyncConfigRequest. + // + SyncSize = StrSize (ConfigRequest) - RestoreEleSize + sizeof (CHAR16); + *SyncConfigRequest = AllocateZeroPool (SyncSize); + ASSERT (*SyncConfigRequest != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (*SyncConfigRequest != NULL) { + StrnCpyS (*SyncConfigRequest, SyncSize / sizeof (CHAR16), ConfigRequest, SyncSize / sizeof (CHAR16) - 1); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference // // restore the Progress string to the original format. @@ -3134,22 +3267,33 @@ ConfirmSaveFail ( CHAR16 *StringBuffer; UINT32 RetVal; + RetVal = BROWSER_ACTION_UNREGISTER; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + FormTitle = GetToken (TitleId, HiiHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FormTitle != NULL) { + StringBuffer = AllocateZeroPool (256 * sizeof (CHAR16)); + ASSERT (StringBuffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringBuffer != NULL) { + UnicodeSPrint ( + StringBuffer, + 24 * sizeof (CHAR16) + StrSize (FormTitle), + L"Submit Fail For Form: %s.", + FormTitle + ); - StringBuffer = AllocateZeroPool (256 * sizeof (CHAR16)); - ASSERT (StringBuffer != NULL); + RetVal = PopupErrorMessage (BROWSER_SUBMIT_FAIL, NULL, NULL, StringBuffer); - UnicodeSPrint ( - StringBuffer, - 24 * sizeof (CHAR16) + StrSize (FormTitle), - L"Submit Fail For Form: %s.", - FormTitle - ); + FreePool (StringBuffer); + } - RetVal = PopupErrorMessage (BROWSER_SUBMIT_FAIL, NULL, NULL, StringBuffer); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - FreePool (StringBuffer); - FreePool (FormTitle); + FreePool (FormTitle); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return RetVal; } @@ -3173,22 +3317,33 @@ ConfirmNoSubmitFail ( CHAR16 *StringBuffer; UINT32 RetVal; + RetVal = BROWSER_ACTION_UNREGISTER; // MU_CHANGE Start - CodeQL Change - conditionallyuninitializedvariable + FormTitle = GetToken (TitleId, HiiHandle); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (FormTitle != NULL) { + StringBuffer = AllocateZeroPool (256 * sizeof (CHAR16)); + ASSERT (StringBuffer != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (StringBuffer != NULL) { + UnicodeSPrint ( + StringBuffer, + 24 * sizeof (CHAR16) + StrSize (FormTitle), + L"NO_SUBMIT_IF error For Form: %s.", + FormTitle + ); - StringBuffer = AllocateZeroPool (256 * sizeof (CHAR16)); - ASSERT (StringBuffer != NULL); + RetVal = PopupErrorMessage (BROWSER_SUBMIT_FAIL_NO_SUBMIT_IF, NULL, NULL, StringBuffer); - UnicodeSPrint ( - StringBuffer, - 24 * sizeof (CHAR16) + StrSize (FormTitle), - L"NO_SUBMIT_IF error For Form: %s.", - FormTitle - ); + FreePool (StringBuffer); + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference - RetVal = PopupErrorMessage (BROWSER_SUBMIT_FAIL_NO_SUBMIT_IF, NULL, NULL, StringBuffer); + FreePool (FormTitle); + } - FreePool (StringBuffer); - FreePool (FormTitle); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference return RetVal; } @@ -4302,16 +4457,20 @@ GetQuestionDefault ( if (HiiValue->Type == EFI_IFR_TYPE_STRING) { NewString = GetToken (Question->HiiValue.Value.string, FormSet->HiiHandle); ASSERT (NewString != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NewString != NULL) { + ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Question->StorageWidth); + if (StrLen (NewString) * sizeof (CHAR16) <= Question->StorageWidth) { + ZeroMem (Question->BufferValue, Question->StorageWidth); + CopyMem (Question->BufferValue, NewString, StrSize (NewString)); + } else { + CopyMem (Question->BufferValue, NewString, Question->StorageWidth); + } - ASSERT (StrLen (NewString) * sizeof (CHAR16) <= Question->StorageWidth); - if (StrLen (NewString) * sizeof (CHAR16) <= Question->StorageWidth) { - ZeroMem (Question->BufferValue, Question->StorageWidth); - CopyMem (Question->BufferValue, NewString, StrSize (NewString)); - } else { - CopyMem (Question->BufferValue, NewString, Question->StorageWidth); + FreePool (NewString); } - FreePool (NewString); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } return Status; @@ -5285,7 +5444,13 @@ RemoveConfigRequest ( // if (Storage->BrowserStorage->Type == EFI_HII_VARSTORE_NAME_VALUE) { RequestElement = StrStr (ConfigRequest, L"PATH"); - ASSERT (RequestElement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (RequestElement == NULL) { + ASSERT (RequestElement != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference RequestElement = StrStr (RequestElement, SearchKey); } else { RequestElement = StrStr (ConfigRequest, SearchKey); @@ -5493,7 +5658,13 @@ ConfigRequestAdjust ( // if (Storage->Type == EFI_HII_VARSTORE_NAME_VALUE) { RequestElement = StrStr (ConfigRequest, L"PATH"); - ASSERT (RequestElement != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (RequestElement == NULL) { + ASSERT (RequestElement != NULL); + return FALSE; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference RequestElement = StrStr (RequestElement, SearchKey); } else { RequestElement = StrStr (ConfigRequest, SearchKey); @@ -5515,19 +5686,29 @@ ConfigRequestAdjust ( ASSERT (NextRequestElement != NULL); } - // - // Replace "&" with '\0'. - // - *NextRequestElement = L'\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NextRequestElement != NULL) { + // + // Replace "&" with '\0'. + // + *NextRequestElement = L'\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } else { if (RespString && (Storage->Type == EFI_HII_VARSTORE_EFI_VARIABLE_BUFFER)) { NextElementBakup = NextRequestElement; NextRequestElement = StrStr (RequestElement, ValueKey); ASSERT (NextRequestElement != NULL); - // - // Replace "&" with '\0'. - // - *NextRequestElement = L'\0'; + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (NextRequestElement != NULL) { + // + // Replace "&" with '\0'. + // + *NextRequestElement = L'\0'; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } } @@ -5622,7 +5803,13 @@ LoadStorage ( // StrLen = StrSize (Storage->ConfigHdr) + 20 * sizeof (CHAR16); ConfigRequest = AllocateZeroPool (StrLen); - ASSERT (ConfigRequest != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (ConfigRequest == NULL) { + ASSERT (ConfigRequest != NULL); + return; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference UnicodeSPrint ( ConfigRequest, StrLen, @@ -5883,7 +6070,13 @@ GetIfrBinaryData ( Status = mHiiDatabase->ExportPackageLists (mHiiDatabase, Handle, &BufferSize, HiiPackageList); if (Status == EFI_BUFFER_TOO_SMALL) { HiiPackageList = AllocatePool (BufferSize); - ASSERT (HiiPackageList != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HiiPackageList == NULL) { + ASSERT (HiiPackageList != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference Status = mHiiDatabase->ExportPackageLists (mHiiDatabase, Handle, &BufferSize, HiiPackageList); } @@ -6082,51 +6275,55 @@ SaveBrowserContext ( Context = AllocatePool (sizeof (BROWSER_CONTEXT)); ASSERT (Context != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (Context != NULL) { + Context->Signature = BROWSER_CONTEXT_SIGNATURE; - Context->Signature = BROWSER_CONTEXT_SIGNATURE; + // + // Save FormBrowser context + // + Context->Selection = gCurrentSelection; + Context->ResetRequired = gResetRequiredFormLevel; + Context->FlagReconnect = gFlagReconnect; + Context->CallbackReconnect = gCallbackReconnect; + Context->ExitRequired = gExitRequired; + Context->HiiHandle = mCurrentHiiHandle; + Context->FormId = mCurrentFormId; + CopyGuid (&Context->FormSetGuid, &mCurrentFormSetGuid); + Context->SystemLevelFormSet = mSystemLevelFormSet; + Context->CurFakeQestId = mCurFakeQestId; + Context->HiiPackageListUpdated = mHiiPackageListUpdated; + Context->FinishRetrieveCall = mFinishRetrieveCall; - // - // Save FormBrowser context - // - Context->Selection = gCurrentSelection; - Context->ResetRequired = gResetRequiredFormLevel; - Context->FlagReconnect = gFlagReconnect; - Context->CallbackReconnect = gCallbackReconnect; - Context->ExitRequired = gExitRequired; - Context->HiiHandle = mCurrentHiiHandle; - Context->FormId = mCurrentFormId; - CopyGuid (&Context->FormSetGuid, &mCurrentFormSetGuid); - Context->SystemLevelFormSet = mSystemLevelFormSet; - Context->CurFakeQestId = mCurFakeQestId; - Context->HiiPackageListUpdated = mHiiPackageListUpdated; - Context->FinishRetrieveCall = mFinishRetrieveCall; + // + // Save the menu history data. + // + InitializeListHead (&Context->FormHistoryList); + while (!IsListEmpty (&mPrivateData.FormBrowserEx2.FormViewHistoryHead)) { + MenuList = FORM_ENTRY_INFO_FROM_LINK (mPrivateData.FormBrowserEx2.FormViewHistoryHead.ForwardLink); + RemoveEntryList (&MenuList->Link); - // - // Save the menu history data. - // - InitializeListHead (&Context->FormHistoryList); - while (!IsListEmpty (&mPrivateData.FormBrowserEx2.FormViewHistoryHead)) { - MenuList = FORM_ENTRY_INFO_FROM_LINK (mPrivateData.FormBrowserEx2.FormViewHistoryHead.ForwardLink); - RemoveEntryList (&MenuList->Link); + InsertTailList (&Context->FormHistoryList, &MenuList->Link); + } - InsertTailList (&Context->FormHistoryList, &MenuList->Link); - } + // + // Save formset list. + // + InitializeListHead (&Context->FormSetList); + while (!IsListEmpty (&gBrowserFormSetList)) { + FormSet = FORM_BROWSER_FORMSET_FROM_LINK (gBrowserFormSetList.ForwardLink); + RemoveEntryList (&FormSet->Link); - // - // Save formset list. - // - InitializeListHead (&Context->FormSetList); - while (!IsListEmpty (&gBrowserFormSetList)) { - FormSet = FORM_BROWSER_FORMSET_FROM_LINK (gBrowserFormSetList.ForwardLink); - RemoveEntryList (&FormSet->Link); + InsertTailList (&Context->FormSetList, &FormSet->Link); + } - InsertTailList (&Context->FormSetList, &FormSet->Link); + // + // Insert to FormBrowser context list + // + InsertHeadList (&gBrowserContextList, &Context->Link); } - // - // Insert to FormBrowser context list - // - InsertHeadList (&gBrowserContextList, &Context->Link); + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference } /** @@ -6305,7 +6502,8 @@ PasswordCheck ( Question = GetBrowserStatement (Statement); ASSERT (Question != NULL); - if ((Question->QuestionFlags & EFI_IFR_FLAG_CALLBACK) == EFI_IFR_FLAG_CALLBACK) { + if ((Question != NULL) && ((Question->QuestionFlags & EFI_IFR_FLAG_CALLBACK) == EFI_IFR_FLAG_CALLBACK)) { + // MU_CHANGE - CodeQL Change - unguardednullreturndereference if (ConfigAccess == NULL) { return EFI_UNSUPPORTED; } @@ -6487,7 +6685,13 @@ RegisterHotKey ( // Create new Key, and add it into List. // HotKey = AllocateZeroPool (sizeof (BROWSER_HOT_KEY)); - ASSERT (HotKey != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (HotKey == NULL) { + ASSERT (HotKey != NULL); + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference HotKey->Signature = BROWSER_HOT_KEY_SIGNATURE; HotKey->KeyData = AllocateCopyPool (sizeof (EFI_INPUT_KEY), KeyData); InsertTailList (&gBrowserHotKeyList, &HotKey->Link); diff --git a/MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.c b/MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.c index 663cfff965..b8d68fdaab 100644 --- a/MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.c +++ b/MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.c @@ -58,6 +58,13 @@ SmmCommunicationBufferEntryPoint ( // PiSmmCommunicationRegionTable = AllocateReservedPool (sizeof (EDKII_PI_SMM_COMMUNICATION_REGION_TABLE) + DescriptorSize); ASSERT (PiSmmCommunicationRegionTable != NULL); + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (PiSmmCommunicationRegionTable == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + ZeroMem (PiSmmCommunicationRegionTable, sizeof (EDKII_PI_SMM_COMMUNICATION_REGION_TABLE) + DescriptorSize); PiSmmCommunicationRegionTable->Version = EDKII_PI_SMM_COMMUNICATION_REGION_TABLE_VERSION; diff --git a/MdeModulePkg/Universal/Variable/Pei/Variable.c b/MdeModulePkg/Universal/Variable/Pei/Variable.c index 26a4c73b45..6c369b88a2 100644 --- a/MdeModulePkg/Universal/Variable/Pei/Variable.c +++ b/MdeModulePkg/Universal/Variable/Pei/Variable.c @@ -1135,7 +1135,8 @@ PeiGetNextVariableName ( VariableHeader = NULL; Status = FindVariable (VariableName, VariableGuid, &Variable, &StoreInfo); - if ((Variable.CurrPtr == NULL) || (Status != EFI_SUCCESS)) { + if ((Status != EFI_SUCCESS) || (Variable.CurrPtr == NULL)) { + // MU_CHANGE - CodeQL Change - unguardednullreturndereference return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index c222905663..4748b2278a 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -1629,41 +1629,45 @@ AutoUpdateLangVariable ( // Get the corresponding ISO639 language tag according to RFC4646 language tag. // BestLang = GetLangFromSupportedLangCodes (mVariableModuleGlobal->LangCodes, Index, TRUE); - - // - // Check the variable space for both Lang and PlatformLang variable. - // - VariableEntry[0].VariableSize = ISO_639_2_ENTRY_SIZE + 1; - VariableEntry[0].Guid = &gEfiGlobalVariableGuid; - VariableEntry[0].Name = EFI_LANG_VARIABLE_NAME; - - VariableEntry[1].VariableSize = AsciiStrSize (BestPlatformLang); - VariableEntry[1].Guid = &gEfiGlobalVariableGuid; - VariableEntry[1].Name = EFI_PLATFORM_LANG_VARIABLE_NAME; - if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_RT, &VariableEntry[0], &VariableEntry[1], NULL)) { - // - // No enough variable space to set both Lang and PlatformLang successfully. - // - Status = EFI_OUT_OF_RESOURCES; - } else { + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (BestLang != NULL) { // - // Successfully convert PlatformLang to Lang, and set the BestLang value into Lang variable simultaneously. + // Check the variable space for both Lang and PlatformLang variable. // - FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); - - Status = UpdateVariable ( - EFI_LANG_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - BestLang, - ISO_639_2_ENTRY_SIZE + 1, - Attributes, - 0, - 0, - &Variable, - NULL - ); + VariableEntry[0].VariableSize = ISO_639_2_ENTRY_SIZE + 1; + VariableEntry[0].Guid = &gEfiGlobalVariableGuid; + VariableEntry[0].Name = EFI_LANG_VARIABLE_NAME; + + VariableEntry[1].VariableSize = AsciiStrSize (BestPlatformLang); + VariableEntry[1].Guid = &gEfiGlobalVariableGuid; + VariableEntry[1].Name = EFI_PLATFORM_LANG_VARIABLE_NAME; + if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_RT, &VariableEntry[0], &VariableEntry[1], NULL)) { + // + // No enough variable space to set both Lang and PlatformLang successfully. + // + Status = EFI_OUT_OF_RESOURCES; + } else { + // + // Successfully convert PlatformLang to Lang, and set the BestLang value into Lang variable simultaneously. + // + FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + + Status = UpdateVariable ( + EFI_LANG_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + BestLang, + ISO_639_2_ENTRY_SIZE + 1, + Attributes, + 0, + 0, + &Variable, + NULL + ); + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + DEBUG ((DEBUG_INFO, "Variable Driver Auto Update PlatformLang, PlatformLang:%a, Lang:%a Status: %r\n", BestPlatformLang, BestLang, Status)); } } @@ -1686,41 +1690,45 @@ AutoUpdateLangVariable ( // Get the corresponding RFC4646 language tag according to ISO639 language tag. // BestPlatformLang = GetLangFromSupportedLangCodes (mVariableModuleGlobal->PlatformLangCodes, Index, FALSE); - - // - // Check the variable space for both PlatformLang and Lang variable. - // - VariableEntry[0].VariableSize = AsciiStrSize (BestPlatformLang); - VariableEntry[0].Guid = &gEfiGlobalVariableGuid; - VariableEntry[0].Name = EFI_PLATFORM_LANG_VARIABLE_NAME; - - VariableEntry[1].VariableSize = ISO_639_2_ENTRY_SIZE + 1; - VariableEntry[1].Guid = &gEfiGlobalVariableGuid; - VariableEntry[1].Name = EFI_LANG_VARIABLE_NAME; - if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_RT, &VariableEntry[0], &VariableEntry[1], NULL)) { - // - // No enough variable space to set both PlatformLang and Lang successfully. - // - Status = EFI_OUT_OF_RESOURCES; - } else { + // MU_CHANGE Start - CodeQL Change - unguardednullreturndereference + if (BestPlatformLang != NULL) { // - // Successfully convert Lang to PlatformLang, and set the BestPlatformLang value into PlatformLang variable simultaneously. + // Check the variable space for both PlatformLang and Lang variable. // - FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); - - Status = UpdateVariable ( - EFI_PLATFORM_LANG_VARIABLE_NAME, - &gEfiGlobalVariableGuid, - BestPlatformLang, - AsciiStrSize (BestPlatformLang), - Attributes, - 0, - 0, - &Variable, - NULL - ); + VariableEntry[0].VariableSize = AsciiStrSize (BestPlatformLang); + VariableEntry[0].Guid = &gEfiGlobalVariableGuid; + VariableEntry[0].Name = EFI_PLATFORM_LANG_VARIABLE_NAME; + + VariableEntry[1].VariableSize = ISO_639_2_ENTRY_SIZE + 1; + VariableEntry[1].Guid = &gEfiGlobalVariableGuid; + VariableEntry[1].Name = EFI_LANG_VARIABLE_NAME; + if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_RT, &VariableEntry[0], &VariableEntry[1], NULL)) { + // + // No enough variable space to set both PlatformLang and Lang successfully. + // + Status = EFI_OUT_OF_RESOURCES; + } else { + // + // Successfully convert Lang to PlatformLang, and set the BestPlatformLang value into PlatformLang variable simultaneously. + // + FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + + Status = UpdateVariable ( + EFI_PLATFORM_LANG_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + BestPlatformLang, + AsciiStrSize (BestPlatformLang), + Attributes, + 0, + 0, + &Variable, + NULL + ); + } } + // MU_CHANGE End - CodeQL Change - unguardednullreturndereference + DEBUG ((DEBUG_INFO, "Variable Driver Auto Update Lang, Lang:%a, PlatformLang:%a Status: %r\n", BestLang, BestPlatformLang, Status)); } } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c index d2bb29ae33..b609e2a9bc 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c @@ -478,6 +478,8 @@ InternalProtocolGetVariablePolicyInfo ( UINTN BufferSize; UINTN VariableNameSize; + PolicyHeader = NULL; // MU_CHANGE - CodeQL Change - conditionallyuninitializedvariable + if ((VariableName == NULL) || (VendorGuid == NULL) || (VariablePolicy == NULL)) { return EFI_INVALID_PARAMETER; } @@ -610,8 +612,13 @@ InternalProtocolGetVariablePolicyInfo ( Done: ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + // MU_CHANGE Start - CodeQL Change + if (EFI_ERROR (Status)) { + return Status; + } - return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; + return (PolicyHeader != NULL) ? PolicyHeader->Result : EFI_SUCCESS; + // MU_CHANGE End - CodeQL Change } /**