Re: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

Thu, 07 Sep 2023 18:00:12 -0700 

Hi Liming,
I'm running the CodeQL CLI (https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli) locally against the code with some new queries. 


The queries in the codeql/cpp-queries pack listed here are relatively 
easy to experiment with https://codeql.github.com/codeql-query-help/cpp/.



The particular query related to this patch was 
https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/.


Thanks,
Michael

On 9/7/2023 8:40 PM, gaoliming wrote:

Michael:
  How do you detect those issues? Do you use the tool or do code review?

  For this change,  Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>


-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
Kubacki
发送时间: 2023年9月7日 1:41
收件人: devel@edk2.groups.io
抄送: Zhichao Gao <zhichao....@intel.com>; Michael D Kinney
<michael.d.kin...@intel.com>
主题: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib:
Check array index before access

From: Michael Kubacki <michael.kuba...@microsoft.com>

Moves the range check for the index into the array before attempting
any accesses using the array index.

Cc: Zhichao Gao <zhichao....@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
---
  ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
index 7c80bba46581..5cb92c485b47 100644
--- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
+++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
@@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (

        ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
(STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);

-      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
(Index < PREFIXMAXLEN)) {
+      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
(Ip->Addr[Index + 1] == 0)) {
          Index = Index + 2;
          if (Index > PREFIXMAXLEN - 2) {
            break;
--
2.42.0.windows.2



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108336):
https://edk2.groups.io/g/devel/message/108336
Mute This Topic: https://groups.io/mt/101198333/4905953
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[gaolim...@byosoft.com.cn]
-=-=-=-=-=-=







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108432): https://edk2.groups.io/g/devel/message/108432
Mute This Topic: https://groups.io/mt/101228328/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
























					Reply via email to