File shim-VLogError-Avoid-Null-pointer-dereferences.... of Package shim-susesigned.16785

Overview Repositories Revisions Requests Users Attributes Meta

File shim-VLogError-Avoid-Null-pointer-dereferences.patch of Package shim-susesigned.16785

From 20e731f423a438f53738de73af9ef3d67c4cba2f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 12 Feb 2019 18:04:49 -0500
Subject: [PATCH] VLogError(): Avoid NULL pointer dereferences in (V)Sprint
 calls

VLogError() calculates the size of format strings by using calls to
SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
of "0" is special-cased to mean "there is no limit". So, we end up
writing our string to address 0x0. This was discovered because it
causes a crash on ARM where, unlike x86, it does not necessarily
have memory mapped at 0x0.

Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
handles the size calculation and allocation for us.

Signed-off-by: Peter Jones <pjones@redhat.com>
Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
[dannf: commit message ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
 errlog.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/errlog.c b/errlog.c
index 18be482..eebb266 100644
--- a/errlog.c
+++ b/errlog.c
@@ -14,29 +14,20 @@ EFI_STATUS
 VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
 {
 	va_list args2;
-	UINTN size = 0, size2;
 	CHAR16 **newerrs;
 
-	size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
-	va_copy(args2, args);
-	size2 = VSPrint(NULL, 0, fmt, args2);
-	va_end(args2);
-
 	newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
 				       (nerrs + 3) * sizeof(*errs));
 	if (!newerrs)
 		return EFI_OUT_OF_RESOURCES;
 
-	newerrs[nerrs] = AllocatePool(size*2+2);
+	newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
 	if (!newerrs[nerrs])
 		return EFI_OUT_OF_RESOURCES;
-	newerrs[nerrs+1] = AllocatePool(size2*2+2);
+	va_copy(args2, args);
+	newerrs[nerrs+1] = VPoolPrint(fmt, args2);
 	if (!newerrs[nerrs+1])
 		return EFI_OUT_OF_RESOURCES;
-
-	SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
-	va_copy(args2, args);
-	VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
 	va_end(args2);
 
 	nerrs += 2;
-- 
2.28.0

Places

File shim-VLogError-Avoid-Null-pointer-dereferences.patch of Package shim-susesigned.16785

Places