diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c index 359dfb9215..a0ddf07b59 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c @@ -26,18 +26,23 @@ UefiTestMain ( UNIT_TEST_FRAMEWORK_HANDLE Framework; DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_NAME, UNIT_TEST_VERSION)); + // MU_CHANGE [BEGIN] - CodeQL change Status = CreateUnitTest (UNIT_TEST_NAME, UNIT_TEST_VERSION, &Framework); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestsfor BaseCryptLib Tests! Status = %r\n", Status)); goto Done; } + // MU_CHANGE [END] - CodeQL change + // // Execute the tests. // Status = RunAllTestSuites (Framework); + // MU_CHANGE [BEGIN] - CodeQL change Done: + // MU_CHANGE [END] - CodeQL change if (Framework) { FreeUnitTestFramework (Framework); } diff --git a/MdeModulePkg/Core/Pei/Ppi/Ppi.c b/MdeModulePkg/Core/Pei/Ppi/Ppi.c index 9b28212448..2c99fb7b59 100644 --- a/MdeModulePkg/Core/Pei/Ppi/Ppi.c +++ b/MdeModulePkg/Core/Pei/Ppi/Ppi.c @@ -329,10 +329,12 @@ ConvertPpiPointersFv ( // Instead we compare the GUID as INT32 at a time and branch // on the first failed comparison. // + // MU_CHANGE [BEGIN] - CodeQL change if ((((INT32 *)Guid)[0] == ((INT32 *)(GuidCheckList[GuidIndex]))[0]) && (((INT32 *)Guid)[1] == ((INT32 *)(GuidCheckList[GuidIndex]))[1]) && (((INT32 *)Guid)[2] == ((INT32 *)(GuidCheckList[GuidIndex]))[2]) && (((INT32 *)Guid)[3] == ((INT32 *)(GuidCheckList[GuidIndex]))[3])) + // MU_CHANGE [END] - CodeQL change { FvInfoPpi = PrivateData->PpiData.PpiList.PpiPtrs[Index].Ppi->Ppi; DEBUG ((DEBUG_VERBOSE, " FvInfo: %p -> ", FvInfoPpi->FvInfo)); diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c index 9ab79b3419..6e1be97629 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c @@ -1437,7 +1437,11 @@ GetFullSmramRanges ( EFI_SMM_RESERVED_SMRAM_REGION *SmramReservedRanges; UINTN MaxCount; BOOLEAN Rescan; - BOOLEAN Failed = FALSE; + // MU_CHANGE [BEGIN] - CodeQL change + BOOLEAN Failed; + + Failed = FALSE; + // MU_CHANGE [END] - CodeQL change // // Get SMM Configuration Protocol if it is present. @@ -1488,6 +1492,7 @@ GetFullSmramRanges ( Failed = TRUE; goto Done; } + // MU_CHANGE [END] - CodeQL change Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, FullSmramRanges); @@ -1542,6 +1547,7 @@ GetFullSmramRanges ( Failed = TRUE; goto Done; } + // MU_CHANGE [END] - CodeQL change for (Index = 0; Index < SmramReservedCount; Index++) { @@ -1556,6 +1562,7 @@ GetFullSmramRanges ( Failed = TRUE; goto Done; } + // MU_CHANGE [END] - CodeQL change TempSmramRangeCount = 0; @@ -1566,6 +1573,7 @@ GetFullSmramRanges ( Failed = TRUE; goto Done; } + // MU_CHANGE [END] - CodeQL change Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, SmramRanges); ASSERT_EFI_ERROR (Status); @@ -1629,6 +1637,7 @@ GetFullSmramRanges ( Failed = TRUE; goto Done; } + // MU_CHANGE [END] - CodeQL change *FullSmramRangeCount = 0; do { @@ -1653,20 +1662,26 @@ GetFullSmramRanges ( ASSERT (*FullSmramRangeCount == TempSmramRangeCount); *FullSmramRangeCount += AdditionSmramRangeCount; + // MU_CHANGE [BEGIN] - CodeQL change Done: if (SmramRanges != NULL) { FreePool (SmramRanges); } + if (SmramReservedRanges != NULL) { FreePool (SmramReservedRanges); } + if (TempSmramRanges != NULL) { FreePool (TempSmramRanges); } + if (Failed) { return NULL; } + // MU_CHANGE [END] - CodeQL change + return FullSmramRanges; } diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c index 04a5b265bd..cf38b40430 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c @@ -1173,6 +1173,14 @@ IfrToString ( } else { SrcBuf = GetBufferForValue (&Value); SrcLen = GetLengthForValue (&Value); + // MU_CHANGE [BEGIN] - CodeQL change + if ((SrcBuf == NULL) || (SrcLen == NULL)) { + ASSERT (SrcBuf != NULL); + ASSERT (SrcLen != NULL); + return EFI_NOT_FOUND; + } + + // MU_CHANGE [END] - CodeQL change } TmpBuf = AllocateZeroPool (SrcLen + 3); @@ -1181,8 +1189,9 @@ IfrToString ( ASSERT (TmpBuf != NULL); return EFI_OUT_OF_RESOURCES; } + // MU_CHANGE [END] - CodeQL change - + if (Format == EFI_IFR_STRING_ASCII) { CopyMem (TmpBuf, SrcBuf, SrcLen); PrintFormat = L"%a"; @@ -1292,7 +1301,8 @@ IfrToUint ( Evaluate opcode EFI_IFR_CATENATE. @param FormSet Formset which contains this opcode. - @param Result Evaluation result for this opcode. + @param Result Evaluation result for this opcode. Result + will be NULL on a failure. @retval EFI_SUCCESS Opcode evaluation success. @retval Other Opcode evaluation failed. @@ -1380,17 +1390,21 @@ IfrCatenate ( // MU_CHANGE [BEGIN] - CodeQL change if (TmpBuf == NULL) { ASSERT (TmpBuf != NULL); - return EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; + goto Done; } - // MU_CHANGE [BEGIN] - CodeQL change + + // MU_CHANGE [END] - CodeQL change CopyMem (Result->Buffer, TmpBuf, Length0); TmpBuf = GetBufferForValue (&Value[1]); // MU_CHANGE [BEGIN] - CodeQL change if (TmpBuf == NULL) { ASSERT (TmpBuf != NULL); - return EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; + goto Done; } - // MU_CHANGE [BEGIN] - CodeQL change + + // MU_CHANGE [END] - CodeQL change CopyMem (&Result->Buffer[Length0], TmpBuf, Length1); } @@ -1415,6 +1429,13 @@ IfrCatenate ( FreePool (StringPtr); } + // MU_CHANGE [BEGIN] - CodeQL change + if (EFI_ERROR (Status) && (Result != NULL)) { + FreePool (Result); + } + + // MU_CHANGE [END] - CodeQL change + return Status; } diff --git a/NetworkPkg/Ip4Dxe/Ip4Input.c b/NetworkPkg/Ip4Dxe/Ip4Input.c index dee3c1ed21..9e246d63b3 100644 --- a/NetworkPkg/Ip4Dxe/Ip4Input.c +++ b/NetworkPkg/Ip4Dxe/Ip4Input.c @@ -1323,6 +1323,7 @@ Ip4InstanceDeliverPacket ( ASSERT (Head != NULL); return EFI_OUT_OF_RESOURCES; } + // MU_CHANGE [END] - CodeQL change Dup->Ip.Ip4 = (IP4_HEAD *)Head; diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c index 85cc75b939..570aebf187 100644 --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c @@ -867,7 +867,8 @@ Ip6ManualAddrDadCallback ( // MU_CHANGE [BEGIN] - CodeQL change if (PassedAddr == NULL) { ASSERT (PassedAddr != NULL); - Item->Status = EFI_OUT_OF_RESOURCES; + Item->Data.Ptr = NULL; + Item->Status = EFI_OUT_OF_RESOURCES; } else { Item->Data.Ptr = PassedAddr; Item->Status = EFI_SUCCESS; @@ -881,6 +882,7 @@ Ip6ManualAddrDadCallback ( ASSERT ((UINTN)PassedAddr - (UINTN)Item->Data.Ptr == Item->DataSize); } + // MU_CHANGE [END] - CodeQL change } } else { diff --git a/NetworkPkg/Ip6Dxe/Ip6Input.c b/NetworkPkg/Ip6Dxe/Ip6Input.c index e82cca2cf4..580466f791 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Input.c +++ b/NetworkPkg/Ip6Dxe/Ip6Input.c @@ -1527,6 +1527,7 @@ Ip6InstanceDeliverPacket ( ASSERT (Head != NULL); return EFI_OUT_OF_RESOURCES; } + // MU_CHANGE [END] - CodeQL change Dup->Ip.Ip6 = (EFI_IP6_HEADER *)Head; diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c index 38cf4a9cea..335b0f8370 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c @@ -1450,6 +1450,7 @@ Ip6SendNeighborSolicit ( ASSERT (Target != NULL); return EFI_OUT_OF_RESOURCES; } + // MU_CHANGE [END] - CodeQL change IP6_COPY_ADDRESS (Target, TargetIp6Address); diff --git a/NetworkPkg/Ip6Dxe/Ip6Output.c b/NetworkPkg/Ip6Dxe/Ip6Output.c index 0b1cf285e4..9be12dab98 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Output.c +++ b/NetworkPkg/Ip6Dxe/Ip6Output.c @@ -872,7 +872,8 @@ Ip6Output ( Status = EFI_OUT_OF_RESOURCES; goto Error; } - // MU_CHANGE [BEGIN] - CodeQL change + + // MU_CHANGE [END] - CodeQL change CopyMem (Buf, ExtHdrs + UnFragmentHdrsLen, FragmentHdrsLen); // diff --git a/NetworkPkg/Library/DxeNetLib/NetBuffer.c b/NetworkPkg/Library/DxeNetLib/NetBuffer.c index a64c5b13a3..9add8b018b 100644 --- a/NetworkPkg/Library/DxeNetLib/NetBuffer.c +++ b/NetworkPkg/Library/DxeNetLib/NetBuffer.c @@ -303,10 +303,13 @@ NetbufDuplicate ( NetbufReserve (Duplicate, HeadSpace); Dst = NetbufAllocSpace (Duplicate, Nbuf->TotalSize, NET_BUF_TAIL); + // MU_CHANGE [BEGIN] - CodeQL change if (Dst == NULL) { ASSERT (Dst != NULL); return NULL; } + + // MU_CHANGE [END] - CodeQL change NetbufCopy (Nbuf, 0, Nbuf->TotalSize, Dst); return Duplicate; diff --git a/NetworkPkg/TcpDxe/TcpOption.c b/NetworkPkg/TcpDxe/TcpOption.c index faf16ae366..9708cb70c4 100644 --- a/NetworkPkg/TcpDxe/TcpOption.c +++ b/NetworkPkg/TcpDxe/TcpOption.c @@ -135,6 +135,7 @@ TcpSynBuildOption ( ASSERT (Data != NULL); return 0; // Returning Len of 0 if we fail allocating space } + // MU_CHANGE [END] - CodeQL change Len += TCP_OPTION_TS_ALIGNED_LEN; @@ -164,6 +165,7 @@ TcpSynBuildOption ( ASSERT (Data != NULL); return 0; // Returning Len of -1 if we fail allocating space } + // MU_CHANGE [END] - CodeQL change Len += TCP_OPTION_WS_ALIGNED_LEN; @@ -177,8 +179,9 @@ TcpSynBuildOption ( // MU_CHANGE [BEGIN] - CodeQL change if (Data == NULL) { ASSERT (Data != NULL); - return 0; // Returning Len of -1 if we fail allocating space + return 0; // Returning Len of 0 if we fail allocating space } + // MU_CHANGE [END] - CodeQL change Len += TCP_OPTION_MSS_LEN; @@ -221,7 +224,13 @@ TcpBuildOption ( NET_BUF_HEAD ); - ASSERT (Data != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (Data == NULL) { + ASSERT (Data != NULL); + return 0; + } + + // MU_CHANGE [END] - CodeQL change Len += TCP_OPTION_TS_ALIGNED_LEN; TcpPutUint32 (Data, TCP_OPTION_TS_FAST); diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c index 661d43a094..4677ad410a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c @@ -1134,12 +1134,6 @@ GetAcpiCpuData ( // For a native platform, copy the CPU S3 data into SMRAM for use on CPU S3 Resume. // CopyMem (&mAcpiCpuData, AcpiCpuData, sizeof (mAcpiCpuData)); - // MU_CHANGE [BEGIN] - CodeQL change - if (&mAcpiCpuData == 0) { - ASSERT (&mAcpiCpuData == 0); - return; - } - // MU_CHANGE [END] - CodeQL change mAcpiCpuData.MtrrTable = (EFI_PHYSICAL_ADDRESS)(UINTN)AllocatePool (sizeof (MTRR_SETTINGS)); ASSERT (mAcpiCpuData.MtrrTable != 0); @@ -1163,7 +1157,13 @@ GetAcpiCpuData ( Idtr = (IA32_DESCRIPTOR *)(UINTN)mAcpiCpuData.IdtrProfile; GdtForAp = AllocatePool ((Gdtr->Limit + 1) + (Idtr->Limit + 1) + mAcpiCpuData.ApMachineCheckHandlerSize); - ASSERT (GdtForAp != NULL); + // MU_CHANGE [BEGIN] - CodeQL change + if (GdtForAp == NULL) { + ASSERT (GdtForAp != NULL); + return; + } + + // MU_CHANGE [END] - CodeQL change IdtForAp = (VOID *)((UINTN)GdtForAp + (Gdtr->Limit + 1)); MachineCheckHandlerForAp = (VOID *)((UINTN)IdtForAp + (Idtr->Limit + 1)); diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c index 8ca57f29b9..2a5de0be1a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c @@ -1849,6 +1849,7 @@ InitializeSmmCpuSemaphores ( ASSERT (SemaphoreBlock != NULL); return; } + // MU_CHANGE [END] - CodeQL change ZeroMem (SemaphoreBlock, TotalSize); diff --git a/UnitTestFrameworkPkg/Library/UnitTestPersistenceLibSimpleFileSystem/UnitTestPersistenceLibSimpleFileSystem.c b/UnitTestFrameworkPkg/Library/UnitTestPersistenceLibSimpleFileSystem/UnitTestPersistenceLibSimpleFileSystem.c index 9ea72dc87f..bab3c1f681 100644 --- a/UnitTestFrameworkPkg/Library/UnitTestPersistenceLibSimpleFileSystem/UnitTestPersistenceLibSimpleFileSystem.c +++ b/UnitTestFrameworkPkg/Library/UnitTestPersistenceLibSimpleFileSystem/UnitTestPersistenceLibSimpleFileSystem.c @@ -388,11 +388,14 @@ LoadUnitTestCache ( // MU_CHANGE: Use file name and path instead of device path FileName = GetCacheFileName (FrameworkHandle); + // MU_CHANGE [BEGIN] - CodeQL change if (FileName == NULL) { ASSERT (FileName != NULL); return EFI_NOT_FOUND; } + // MU_CHANGE [END] - CodeQL change + // // Now that we know the path to the file... let's open it for writing. //