New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MdeModulePkg: CodeQL Fixes. #6266

Open

apop5 wants to merge 1 commit into tianocore:master from apop5:personal/apop5/mdemodulecodeql

Contributor

apop5 commented Sep 30, 2024

Description

Includes changes across the repo for the following CodeQL rules:

cpp/comparison-with-wider-type
cpp/overflow-buffer
cpp/redundant-null-check-param
cpp/uselesstest
Breaking change?
Impacts security?
Includes tests?

How This Was Tested

Shipped in platforms with Project Mu.

Integration Instructions

N/A


          MdeModulePkg: CodeQL Fixes.

a8d5837

Includes changes across the repo for the following CodeQL rules:
- cpp/comparison-with-wider-type
- cpp/overflow-buffer
- cpp/redundant-null-check-param
- cpp/uselesstest

Co-authored-by: Taylor Beebe <tabeebe@microsoft.com>
Co-authored-by: pohanch <125842322+pohanch@users.noreply.github.com>
Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com>
Co-authored-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Co-authored-by: Sean Brogan <sean.brogan@microsoft.com>
Co-authored-by: Aaron Pop <105021049+apop5@users.noreply.github.com>

Signed-off-by: Aaron Pop <aaronpop@microsoft.com>

github-actions bot added the impact:security label

tianocore-assign-reviewers bot requested review from dandanbi, jiaxinwu, lgao4, LiuZhiguang001 and niruiyu

September 30, 2024 23:40

github-advanced-security bot found potential problems

View reviewed changes

MdeModulePkg/Library/BootManagerUiLib/BootManager.c

+                      //
+                      // Don't display hidden boot options, but retain inactive ones.
+                      //
+                      if ((BootOption[Index].Attributes & LOAD_OPTION_HIDDEN) != 0) {

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

                             }
                           }
                         }
+                        CurrentStatement->StorageWidth = (UINT16)sizeof (EFI_HII_REF);
+                        InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

-                            CurrentStatement->StorageWidth = (UINT16)sizeof (UINT64);
-                            Value->Type                    = EFI_IFR_TYPE_NUM_SIZE_64;
-                            break;
+                        InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c


		InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);
		InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

+                        CurrentStatement->BufferValue           = AllocateZeroPool (CurrentStatement->StorageWidth + sizeof (CHAR16));
+                        CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle);
+                        InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

+                        CurrentStatement->BufferValue           = AllocateZeroPool ((CurrentStatement->StorageWidth + sizeof (CHAR16)));
+                        CurrentStatement->HiiValue.Value.string = NewString ((CHAR16 *)CurrentStatement->BufferValue, FormSet->HiiHandle);
+                        InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

-                        //
-                        CurrentStatement->Storage      = NULL;
-                        CurrentStatement->StorageWidth = 0;
+                          InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c

-                        //
-                        CurrentStatement->Storage      = NULL;
-                        CurrentStatement->StorageWidth = 0;
+                          InitializeRequestElement (FormSet, CurrentStatement, CurrentForm);

Check failure

Code scanning / CodeQL

Returned pointer not checked High

Value may be null; it should be checked before dereferencing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

dandanbi Awaiting requested review from dandanbi

jiaxinwu Awaiting requested review from jiaxinwu

lgao4 Awaiting requested review from lgao4

LiuZhiguang001 Awaiting requested review from LiuZhiguang001

niruiyu Awaiting requested review from niruiyu

At least 1 approving review is required to merge this pull request.

Labels

impact:security