Re: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound
Yes. I will add those information. Thanks! > -Original Message- > From: Zeng, Star > Sent: Wednesday, October 17, 2018 4:45 PM > To: Gao, Liming ; edk2-devel@lists.01.org > Cc: Zeng, Star > Subject: RE: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker > to avoid array out of bound > > Liming, > > They are reported by some static analysis tool, right? > I think you add some information about it in the commit log. You can do that > when pushing the patch. > > Thanks, > Star > -Original Message- > From: Zeng, Star > Sent: Wednesday, October 17, 2018 4:43 PM > To: Gao, Liming ; edk2-devel@lists.01.org > Cc: Zeng, Star > Subject: RE: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker > to avoid array out of bound > > Reviewed-by: Star Zeng > > > Thanks, > Star > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Liming > Gao > Sent: Tuesday, October 16, 2018 3:27 PM > To: edk2-devel@lists.01.org > Subject: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to > avoid array out of bound > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Liming Gao > --- > MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c | 13 > - > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c > b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c > index fd42b3b..f3b3cb8 100644 > --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c > +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c > @@ -858,6 +858,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const > HuffmanCode* table, >uint32_t code; >uint32_t nbits; >code = ReadSymbol(table, br); > + ASSERT (code < BROTLI_NUM_BLOCK_LEN_SYMBOLS); >nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ >return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); } > @@ -910,6 +911,7 @@ static BROTLI_NOINLINE void > InverseMoveToFrontTransform( >uint32_t upper_bound = state->mtf_upper_bound; >uint32_t* mtf = >mtf[1]; /* Make mtf[-1] addressable. */ >uint8_t* mtf_u8 = (uint8_t*)mtf; > + uint8_t* mtf_u8t = mtf_u8 - 1; >/* Load endian-aware constant. */ >const uint8_t b0123[4] = {0, 1, 2, 3}; >uint32_t pattern; > @@ -928,13 +930,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( >for (i = 0; i < v_len; ++i) { > int index = v[i]; > uint8_t value = mtf_u8[index]; > -upper_bound |= v[i]; > +upper_bound |= (uint32_t) v[i]; > v[i] = value; > -mtf_u8[-1] = value; > -do { > +mtf_u8t[0] = value; > +while (index >= 0) { > + mtf_u8t[index + 1] = mtf_u8t[index]; >index--; > - mtf_u8[index + 1] = mtf_u8[index]; > -} while (index >= 0); > +} >} >/* Remember amount of elements to be reinitialized. */ >state->mtf_upper_bound = upper_bound >> 2; @@ -1566,6 +1568,7 @@ static > BROTLI_INLINE BROTLI_BOOL > ReadCommandInternal( >BrotliBitReaderState memento; >if (!safe) { > cmd_code = ReadSymbol(s->htree_command, br); > +ASSERT (cmd_code < BROTLI_NUM_COMMAND_SYMBOLS); >} else { > BrotliBitReaderSaveState(br, ); > if (!SafeReadSymbol(s->htree_command, br, _code)) { > -- > 2.10.0.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound
Liming, They are reported by some static analysis tool, right? I think you add some information about it in the commit log. You can do that when pushing the patch. Thanks, Star -Original Message- From: Zeng, Star Sent: Wednesday, October 17, 2018 4:43 PM To: Gao, Liming ; edk2-devel@lists.01.org Cc: Zeng, Star Subject: RE: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound Reviewed-by: Star Zeng Thanks, Star -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Liming Gao Sent: Tuesday, October 16, 2018 3:27 PM To: edk2-devel@lists.01.org Subject: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao --- MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c index fd42b3b..f3b3cb8 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c @@ -858,6 +858,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table, uint32_t code; uint32_t nbits; code = ReadSymbol(table, br); + ASSERT (code < BROTLI_NUM_BLOCK_LEN_SYMBOLS); nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); } @@ -910,6 +911,7 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( uint32_t upper_bound = state->mtf_upper_bound; uint32_t* mtf = >mtf[1]; /* Make mtf[-1] addressable. */ uint8_t* mtf_u8 = (uint8_t*)mtf; + uint8_t* mtf_u8t = mtf_u8 - 1; /* Load endian-aware constant. */ const uint8_t b0123[4] = {0, 1, 2, 3}; uint32_t pattern; @@ -928,13 +930,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( for (i = 0; i < v_len; ++i) { int index = v[i]; uint8_t value = mtf_u8[index]; -upper_bound |= v[i]; +upper_bound |= (uint32_t) v[i]; v[i] = value; -mtf_u8[-1] = value; -do { +mtf_u8t[0] = value; +while (index >= 0) { + mtf_u8t[index + 1] = mtf_u8t[index]; index--; - mtf_u8[index + 1] = mtf_u8[index]; -} while (index >= 0); +} } /* Remember amount of elements to be reinitialized. */ state->mtf_upper_bound = upper_bound >> 2; @@ -1566,6 +1568,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal( BrotliBitReaderState memento; if (!safe) { cmd_code = ReadSymbol(s->htree_command, br); +ASSERT (cmd_code < BROTLI_NUM_COMMAND_SYMBOLS); } else { BrotliBitReaderSaveState(br, ); if (!SafeReadSymbol(s->htree_command, br, _code)) { -- 2.10.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound
Reviewed-by: Star Zeng Thanks, Star -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Liming Gao Sent: Tuesday, October 16, 2018 3:27 PM To: edk2-devel@lists.01.org Subject: [edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao --- MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c index fd42b3b..f3b3cb8 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c @@ -858,6 +858,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table, uint32_t code; uint32_t nbits; code = ReadSymbol(table, br); + ASSERT (code < BROTLI_NUM_BLOCK_LEN_SYMBOLS); nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); } @@ -910,6 +911,7 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( uint32_t upper_bound = state->mtf_upper_bound; uint32_t* mtf = >mtf[1]; /* Make mtf[-1] addressable. */ uint8_t* mtf_u8 = (uint8_t*)mtf; + uint8_t* mtf_u8t = mtf_u8 - 1; /* Load endian-aware constant. */ const uint8_t b0123[4] = {0, 1, 2, 3}; uint32_t pattern; @@ -928,13 +930,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( for (i = 0; i < v_len; ++i) { int index = v[i]; uint8_t value = mtf_u8[index]; -upper_bound |= v[i]; +upper_bound |= (uint32_t) v[i]; v[i] = value; -mtf_u8[-1] = value; -do { +mtf_u8t[0] = value; +while (index >= 0) { + mtf_u8t[index + 1] = mtf_u8t[index]; index--; - mtf_u8[index + 1] = mtf_u8[index]; -} while (index >= 0); +} } /* Remember amount of elements to be reinitialized. */ state->mtf_upper_bound = upper_bound >> 2; @@ -1566,6 +1568,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal( BrotliBitReaderState memento; if (!safe) { cmd_code = ReadSymbol(s->htree_command, br); +ASSERT (cmd_code < BROTLI_NUM_COMMAND_SYMBOLS); } else { BrotliBitReaderSaveState(br, ); if (!SafeReadSymbol(s->htree_command, br, _code)) { -- 2.10.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [Patch] MdeModulePkg BrotliDecompressLib: Add the checker to avoid array out of bound
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao --- MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c index fd42b3b..f3b3cb8 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c @@ -858,6 +858,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table, uint32_t code; uint32_t nbits; code = ReadSymbol(table, br); + ASSERT (code < BROTLI_NUM_BLOCK_LEN_SYMBOLS); nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); } @@ -910,6 +911,7 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( uint32_t upper_bound = state->mtf_upper_bound; uint32_t* mtf = >mtf[1]; /* Make mtf[-1] addressable. */ uint8_t* mtf_u8 = (uint8_t*)mtf; + uint8_t* mtf_u8t = mtf_u8 - 1; /* Load endian-aware constant. */ const uint8_t b0123[4] = {0, 1, 2, 3}; uint32_t pattern; @@ -928,13 +930,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform( for (i = 0; i < v_len; ++i) { int index = v[i]; uint8_t value = mtf_u8[index]; -upper_bound |= v[i]; +upper_bound |= (uint32_t) v[i]; v[i] = value; -mtf_u8[-1] = value; -do { +mtf_u8t[0] = value; +while (index >= 0) { + mtf_u8t[index + 1] = mtf_u8t[index]; index--; - mtf_u8[index + 1] = mtf_u8[index]; -} while (index >= 0); +} } /* Remember amount of elements to be reinitialized. */ state->mtf_upper_bound = upper_bound >> 2; @@ -1566,6 +1568,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal( BrotliBitReaderState memento; if (!safe) { cmd_code = ReadSymbol(s->htree_command, br); +ASSERT (cmd_code < BROTLI_NUM_COMMAND_SYMBOLS); } else { BrotliBitReaderSaveState(br, ); if (!SafeReadSymbol(s->htree_command, br, _code)) { -- 2.10.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel