Skip to content

MdePkg/BasePeCoffLib: Fix use of uninitialized var after SafeIntLib fix #10688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ardbiesheuvel wants to merge 1 commit into from
Closed

MdePkg/BasePeCoffLib: Fix use of uninitialized var after SafeIntLib fix #10688

ardbiesheuvel wants to merge 1 commit into from

Conversation

@ardbiesheuvel
Copy link
Member

@ardbiesheuvel ardbiesheuvel commented Jan 28, 2025

SafeIntLib is only safe if it is used correctly, and if it signals an overflow, the error must be handled, rather than limping on and using garbage data from the stack, as this may turn out to be more dangerous than using the overflowed value.

So initialize RelocBase to NULL as it will get tested even in case of overflow, and this will prevent it from being initialized as expected.

@ardbiesheuvel
MdePkg/BasePeCoffLib: Fix use of uninitialized var after SafeIntLib fix
ffdc267 
SafeIntLib is only safe if it is used correctly, and if it signals an
overflow, the error must be handled, rather than limping on and using
garbage data from the stack, as this may turn out to be more dangerous
than using the overflowed value.

So initialize RelocBase and RelocBaseEnd to NULL first, as it will get
tested even in case of overflow, and this will prevent it from being
initialized as expected.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
@ardbiesheuvel ardbiesheuvel force-pushed the mdepkg-pecofflib-fix-uninit-relocbase branch from 009b58c to ffdc267 Compare January 28, 2025 09:58
@mergify
Copy link

mergify bot commented Jan 28, 2025

PR can not be merged due to conflict. Please rebase and resubmit

@mdkinney
Copy link
Member

mdkinney commented Jan 28, 2025

This appears to be a duplicate of PR #10689 and should be closed

@ardbiesheuvel ardbiesheuvel deleted the mdepkg-pecofflib-fix-uninit-relocbase branch January 28, 2025 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lersek lersek lersek approved these changes

@lgao4 lgao4 Awaiting requested review from lgao4

@mdkinney mdkinney Awaiting requested review from mdkinney

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ardbiesheuvel @mdkinney @lersek