Skip to content

MdePkg: Fix overflow issue in PeCoffLoaderRelocateImageForRuntime #10617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mergify merged 4 commits into from
Jan 26, 2025
Merged

MdePkg: Fix overflow issue in PeCoffLoaderRelocateImageForRuntime #10617

mergify merged 4 commits into from
Jan 26, 2025

Conversation

@sachinami
Copy link
Contributor

@sachinami sachinami commented Jan 13, 2025
edited
Loading

Description

Similar to #6249

RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is also a UINT32 value. The current code in
PeCoffLoaderRelocateImageForRuntime() does not check for overflow when adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a check using SafeIntLib to ensure that the addition does not overflow.

Also added SafeIntLib to UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc for usage in target and host based tests.

  • Breaking change?
    • Breaking change - Does this PR cause a break in build or boot behavior?
    • Examples: Does it add a new library class or move a module to a different repo.
  • Impacts security?
    • Security - Does this PR have a direct security impact?
    • Examples: Crypto algorithm change or buffer overflow fix.
  • Includes tests?
    • Tests - Does this PR include any explicit test code?
    • Examples: Unit tests or integration tests.

How This Was Tested

The fix has been tested in real platform and the image is confirmed to be booting fine.

Integration Instructions

N/A

@github-actions github-actions bot added the impact:security This change has a direct security impact such as changing a crypto algorithm. label Jan 13, 2025
@mdkinney
Copy link
Member

mdkinney commented Jan 13, 2025

The SafeIntLib would be a better choice to help do this check. Also, the failure condition you have added is silent. An invalid relocation that overflows would be skipped with no messages. Should a DEBUG() message be added and should the entire relocation operation fail if this overflow condition is present?

@sachinami sachinami force-pushed the Sachin/BasePeCoffLib branch from 0943cc0 to 1361505 Compare January 23, 2025 13:10
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2025
View reviewed changes
mdkinney
mdkinney reviewed Jan 23, 2025
View reviewed changes
@sachinami
MdePkg: Fix overflow issue in PeCoffLoaderRelocateImageForRuntime
f7f33e5 
RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code in
PeCoffLoaderRelocateImageForRuntime does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch uses
SafeIntLib to ensure that the addition does not overflow.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
@sachinami
MdePkg: Use SafeIntLib to handle overflow
b0b3af2 
Used SafeIntLib to handle the overflow check in
PeCoffLoaderRelocateImage

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
@sachinami sachinami force-pushed the Sachin/BasePeCoffLib branch from 1361505 to b0b3af2 Compare January 23, 2025 22:14
@mdkinney
Copy link
Member

mdkinney commented Jan 23, 2025

For the build failures, I recommend adding a mapping of SafeIntLib to UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc

[LibraryClasses]
  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf

@sachinami
UnitTestFrameworkPkg: Add SafeIntLib to Common Includes
a06bf21 
SafeIntLib has been added to UnitTestFrameworkPkg Common Includes DSC
for usage in host and target based tests.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
@sachinami
Copy link
Contributor Author

sachinami commented Jan 24, 2025

Thank you for your guidance @mdkinney
The changes have been made and CI has passed.

@mdkinney mdkinney added the push Auto push patch series in PR if all checks pass label Jan 24, 2025
@mdkinney
Copy link
Member

mdkinney commented Jan 26, 2025

@mergify refresh

@mergify
Copy link

mergify bot commented Jan 26, 2025

refresh

✅ Pull request refreshed

@mergify mergify bot merged commit d35899b into tianocore:master Jan 26, 2025
126 checks passed
@ardbiesheuvel
Copy link
Member

ardbiesheuvel commented Jan 28, 2025

This series breaks the build on Clang:

MdePkg/Library/BasePeCoffLib/BasePeCoff.c:1061:9: error: variable 'RelocBase' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
    if (!RETURN_ERROR (Status)) {

Please provide a fix asap

@sachinami sachinami mentioned this pull request Jan 28, 2025
Merged
3 tasks
@sachinami
Copy link
Contributor Author

sachinami commented Jan 28, 2025

This series breaks the build on Clang:

MdePkg/Library/BasePeCoffLib/BasePeCoff.c:1061:9: error: variable 'RelocBase' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
    if (!RETURN_ERROR (Status)) {

Please provide a fix asap

Fixed in #10689

@ardbiesheuvel ardbiesheuvel mentioned this pull request Jan 28, 2025
Merged
@SergiiDmytruk SergiiDmytruk mentioned this pull request Apr 15, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdkinney mdkinney mdkinney approved these changes

@makubacki makubacki makubacki approved these changes

@lgao4 lgao4 Awaiting requested review from lgao4

@LiuZhiguang001 LiuZhiguang001 Awaiting requested review from LiuZhiguang001

@spbrogan spbrogan Awaiting requested review from spbrogan

Assignees

No one assigned

Labels

impact:security This change has a direct security impact such as changing a crypto algorithm. push Auto push patch series in PR if all checks pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sachinami @mdkinney @ardbiesheuvel @makubacki