Fix CodeQL errors

CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c

@@ -26,13 +26,18 @@ UefiTestMain (
   UNIT_TEST_FRAMEWORK_HANDLE  Framework;
 
   DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_NAME, UNIT_TEST_VERSION));
-  CreateUnitTest (UNIT_TEST_NAME, UNIT_TEST_VERSION, &Framework);
+  Status = CreateUnitTest (UNIT_TEST_NAME, UNIT_TEST_VERSION, &Framework);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestsfor BaseCryptLib Tests!  Status = %r\n", Status));
+    goto Done;
+  }
 
   //
   // Execute the tests.
   //
   Status = RunAllTestSuites (Framework);
 
+Done:
   if (Framework) {
     FreeUnitTestFramework (Framework);
   }

MdeModulePkg/Core/Pei/Ppi/Ppi.c

@@ -329,10 +329,10 @@ ConvertPpiPointersFv (
       // Instead we compare the GUID as INT32 at a time and branch
       // on the first failed comparison.
       //
-      if ((((INT32 *)Guid)[0] == ((INT32 *)GuidCheckList[GuidIndex])[0]) &&
-          (((INT32 *)Guid)[1] == ((INT32 *)GuidCheckList[GuidIndex])[1]) &&
-          (((INT32 *)Guid)[2] == ((INT32 *)GuidCheckList[GuidIndex])[2]) &&
-          (((INT32 *)Guid)[3] == ((INT32 *)GuidCheckList[GuidIndex])[3]))
+      if ((((INT32 *)Guid)[0] == ((INT32 *)(GuidCheckList[GuidIndex]))[0]) &&
+          (((INT32 *)Guid)[1] == ((INT32 *)(GuidCheckList[GuidIndex]))[1]) &&
+          (((INT32 *)Guid)[2] == ((INT32 *)(GuidCheckList[GuidIndex]))[2]) &&
+          (((INT32 *)Guid)[3] == ((INT32 *)(GuidCheckList[GuidIndex]))[3]))
       {
         FvInfoPpi = PrivateData->PpiData.PpiList.PpiPtrs[Index].Ppi->Ppi;
         DEBUG ((DEBUG_VERBOSE, "      FvInfo: %p -> ", FvInfoPpi->FvInfo));

MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c

@@ -1437,6 +1437,7 @@ GetFullSmramRanges (
   EFI_SMM_RESERVED_SMRAM_REGION   *SmramReservedRanges;
   UINTN                           MaxCount;
   BOOLEAN                         Rescan;
+  BOOLEAN                         Failed = FALSE;
 
   //
   // Get SMM Configuration Protocol if it is present.
@@ -1481,7 +1482,13 @@ GetFullSmramRanges (
     *FullSmramRangeCount = SmramRangeCount + AdditionSmramRangeCount;
     Size                 = (*FullSmramRangeCount) * sizeof (EFI_SMRAM_DESCRIPTOR);
     FullSmramRanges      = (EFI_SMRAM_DESCRIPTOR *)AllocateZeroPool (Size);
-    ASSERT (FullSmramRanges != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (FullSmramRanges == NULL) {
+      ASSERT (FullSmramRanges != NULL);
+      Failed = TRUE;
+      goto Done;
+    }
+    // MU_CHANGE [END] - CodeQL change
 
     Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, FullSmramRanges);
     ASSERT_EFI_ERROR (Status);
@@ -1528,18 +1535,38 @@ GetFullSmramRanges (
 
   Size                = MaxCount * sizeof (EFI_SMM_RESERVED_SMRAM_REGION);
   SmramReservedRanges = (EFI_SMM_RESERVED_SMRAM_REGION *)AllocatePool (Size);
-  ASSERT (SmramReservedRanges != NULL);
+
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (SmramReservedRanges == NULL) {
+    ASSERT (SmramReservedRanges != NULL);
+    Failed = TRUE;
+    goto Done;
+  }
+  // MU_CHANGE [END] - CodeQL change
+
   for (Index = 0; Index < SmramReservedCount; Index++) {
     CopyMem (&SmramReservedRanges[Index], &SmmConfiguration->SmramReservedRegions[Index], sizeof (EFI_SMM_RESERVED_SMRAM_REGION));
   }
 
   Size            = MaxCount * sizeof (EFI_SMRAM_DESCRIPTOR);
   TempSmramRanges = (EFI_SMRAM_DESCRIPTOR *)AllocatePool (Size);
-  ASSERT (TempSmramRanges != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (TempSmramRanges == NULL) {
+    ASSERT (TempSmramRanges != NULL);
+    Failed = TRUE;
+    goto Done;
+  }
+  // MU_CHANGE [END] - CodeQL change
   TempSmramRangeCount = 0;
 
   SmramRanges = (EFI_SMRAM_DESCRIPTOR *)AllocatePool (Size);
-  ASSERT (SmramRanges != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (SmramRanges == NULL) {
+    ASSERT (SmramRanges != NULL);
+    Failed = TRUE;
+    goto Done;
+  }
+  // MU_CHANGE [END] - CodeQL change
   Status = mSmmAccess->GetCapabilities (mSmmAccess, &Size, SmramRanges);
   ASSERT_EFI_ERROR (Status);
 
@@ -1596,7 +1623,13 @@ GetFullSmramRanges (
   // Sort the entries
   //
   FullSmramRanges = AllocateZeroPool ((TempSmramRangeCount + AdditionSmramRangeCount) * sizeof (EFI_SMRAM_DESCRIPTOR));
-  ASSERT (FullSmramRanges != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (FullSmramRanges == NULL) {
+    ASSERT (FullSmramRanges != NULL);
+    Failed = TRUE;
+    goto Done;
+  }
+  // MU_CHANGE [END] - CodeQL change
   *FullSmramRangeCount = 0;
   do {
     for (Index = 0; Index < TempSmramRangeCount; Index++) {
@@ -1620,9 +1653,19 @@ GetFullSmramRanges (
   ASSERT (*FullSmramRangeCount == TempSmramRangeCount);
   *FullSmramRangeCount += AdditionSmramRangeCount;
 
-  FreePool (SmramRanges);
-  FreePool (SmramReservedRanges);
-  FreePool (TempSmramRanges);
+Done:
+  if (SmramRanges != NULL) {
+    FreePool (SmramRanges);
+  }
+  if (SmramReservedRanges != NULL) {
+    FreePool (SmramReservedRanges);
+  }
+  if (TempSmramRanges != NULL) {
+    FreePool (TempSmramRanges);
+  }
+  if (Failed) {
+    return NULL;
+  }
 
   return FullSmramRanges;
 }

MdeModulePkg/Universal/SetupBrowserDxe/Expression.c

@@ -1181,8 +1181,8 @@ IfrToString (
         ASSERT (TmpBuf != NULL);
         return EFI_OUT_OF_RESOURCES;
       }
-
       // MU_CHANGE [END] - CodeQL change
+
       if (Format == EFI_IFR_STRING_ASCII) {
         CopyMem (TmpBuf, SrcBuf, SrcLen);
         PrintFormat = L"%a";
@@ -1377,10 +1377,20 @@ IfrCatenate (
     ASSERT (Result->Buffer != NULL);
 
     TmpBuf = GetBufferForValue (&Value[0]);
-    ASSERT (TmpBuf != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (TmpBuf == NULL) {
+      ASSERT (TmpBuf != NULL);
+      return EFI_OUT_OF_RESOURCES;
+    }
+    // MU_CHANGE [BEGIN] - CodeQL change
     CopyMem (Result->Buffer, TmpBuf, Length0);
     TmpBuf = GetBufferForValue (&Value[1]);
-    ASSERT (TmpBuf != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (TmpBuf == NULL) {
+      ASSERT (TmpBuf != NULL);
+      return EFI_OUT_OF_RESOURCES;
+    }
+    // MU_CHANGE [BEGIN] - CodeQL change
     CopyMem (&Result->Buffer[Length0], TmpBuf, Length1);
   }
 

NetworkPkg/Ip4Dxe/Ip4Input.c

@@ -1318,7 +1318,12 @@ Ip4InstanceDeliverPacket (
         // may be not continuous before the data.
         //
         Head = NetbufAllocSpace (Dup, IP4_MAX_HEADLEN, NET_BUF_HEAD);
-        ASSERT (Head != NULL);
+        // MU_CHANGE [BEGIN] - CodeQL change
+        if (Head == NULL) {
+          ASSERT (Head != NULL);
+          return EFI_OUT_OF_RESOURCES;
+        }
+        // MU_CHANGE [END] - CodeQL change
 
         Dup->Ip.Ip4 = (IP4_HEAD *)Head;
 

NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c

@@ -864,19 +864,24 @@ Ip6ManualAddrDadCallback (
         // data with those passed.
         //
         PassedAddr = (EFI_IP6_CONFIG_MANUAL_ADDRESS *)AllocatePool (Item->DataSize);
-        ASSERT (PassedAddr != NULL);
-
-        Item->Data.Ptr = PassedAddr;
-        Item->Status   = EFI_SUCCESS;
-
-        while (!NetMapIsEmpty (&Instance->DadPassedMap)) {
-          ManualAddr = (EFI_IP6_CONFIG_MANUAL_ADDRESS *)NetMapRemoveHead (&Instance->DadPassedMap, NULL);
-          CopyMem (PassedAddr, ManualAddr, sizeof (EFI_IP6_CONFIG_MANUAL_ADDRESS));
+        // MU_CHANGE [BEGIN] - CodeQL change
+        if (PassedAddr == NULL) {
+          ASSERT (PassedAddr != NULL);
+          Item->Status = EFI_OUT_OF_RESOURCES;
+        } else {
+          Item->Data.Ptr = PassedAddr;
+          Item->Status   = EFI_SUCCESS;
+
+          while (!NetMapIsEmpty (&Instance->DadPassedMap)) {
+            ManualAddr = (EFI_IP6_CONFIG_MANUAL_ADDRESS *)NetMapRemoveHead (&Instance->DadPassedMap, NULL);
+            CopyMem (PassedAddr, ManualAddr, sizeof (EFI_IP6_CONFIG_MANUAL_ADDRESS));
+
+            PassedAddr++;
+          }
 
-          PassedAddr++;
+          ASSERT ((UINTN)PassedAddr - (UINTN)Item->Data.Ptr == Item->DataSize);
         }
-
-        ASSERT ((UINTN)PassedAddr - (UINTN)Item->Data.Ptr == Item->DataSize);
+        // MU_CHANGE [END] - CodeQL change
       }
     } else {
       //

NetworkPkg/Ip6Dxe/Ip6Input.c

@@ -1522,7 +1522,12 @@ Ip6InstanceDeliverPacket (
       // may be not continuous before the data.
       //
       Head = NetbufAllocSpace (Dup, sizeof (EFI_IP6_HEADER), NET_BUF_HEAD);
-      ASSERT (Head != NULL);
+      // MU_CHANGE [BEGIN] - CodeQL change
+      if (Head == NULL) {
+        ASSERT (Head != NULL);
+        return EFI_OUT_OF_RESOURCES;
+      }
+      // MU_CHANGE [END] - CodeQL change
       Dup->Ip.Ip6 = (EFI_IP6_HEADER *)Head;
 
       CopyMem (Head, Packet->Ip.Ip6, sizeof (EFI_IP6_HEADER));

NetworkPkg/Ip6Dxe/Ip6Nd.c

@@ -1445,7 +1445,12 @@ Ip6SendNeighborSolicit (
   IcmpHead->Head.Code = 0;
 
   Target = (EFI_IPv6_ADDRESS *)NetbufAllocSpace (Packet, sizeof (EFI_IPv6_ADDRESS), FALSE);
-  ASSERT (Target != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (Target == NULL) {
+    ASSERT (Target != NULL);
+    return EFI_OUT_OF_RESOURCES;
+  }
+  // MU_CHANGE [END] - CodeQL change
   IP6_COPY_ADDRESS (Target, TargetIp6Address);
 
   LinkLayerOption = NULL;

NetworkPkg/Ip6Dxe/Ip6Output.c

@@ -866,7 +866,13 @@ Ip6Output (
       // Allocate the space to contain the fragmentable hdrs and copy the data.
       //
       Buf = NetbufAllocSpace (TmpPacket, FragmentHdrsLen, TRUE);
-      ASSERT (Buf != NULL);
+      // MU_CHANGE [BEGIN] - CodeQL change
+      if (Buf == NULL) {
+        ASSERT (Buf != NULL);
+        Status = EFI_OUT_OF_RESOURCES;
+        goto Error;
+      }
+      // MU_CHANGE [BEGIN] - CodeQL change
       CopyMem (Buf, ExtHdrs + UnFragmentHdrsLen, FragmentHdrsLen);
 
       //

NetworkPkg/Library/DxeNetLib/NetBuffer.c

@@ -303,6 +303,10 @@ NetbufDuplicate (
   NetbufReserve (Duplicate, HeadSpace);
 
   Dst = NetbufAllocSpace (Duplicate, Nbuf->TotalSize, NET_BUF_TAIL);
+  if (Dst == NULL) {
+    ASSERT (Dst != NULL);
+    return NULL;
+  }
   NetbufCopy (Nbuf, 0, Nbuf->TotalSize, Dst);
 
   return Duplicate;

NetworkPkg/TcpDxe/TcpOption.c

@@ -130,7 +130,12 @@ TcpSynBuildOption (
              NET_BUF_HEAD
              );
 
-    ASSERT (Data != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (Data == NULL) {
+      ASSERT (Data != NULL);
+      return 0;  // Returning Len of 0 if we fail allocating space
+    }
+    // MU_CHANGE [END] - CodeQL change
     Len += TCP_OPTION_TS_ALIGNED_LEN;
 
     TcpPutUint32 (Data, TCP_OPTION_TS_FAST);
@@ -154,7 +159,12 @@ TcpSynBuildOption (
              NET_BUF_HEAD
              );
 
-    ASSERT (Data != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (Data == NULL) {
+      ASSERT (Data != NULL);
+      return 0; // Returning Len of -1 if we fail allocating space
+    }
+    // MU_CHANGE [END] - CodeQL change
 
     Len += TCP_OPTION_WS_ALIGNED_LEN;
     TcpPutUint32 (Data, TCP_OPTION_WS_FAST | TcpComputeScale (Tcb));
@@ -164,7 +174,12 @@ TcpSynBuildOption (
   // Build the MSS option.
   //
   Data = NetbufAllocSpace (Nbuf, TCP_OPTION_MSS_LEN, 1);
-  ASSERT (Data != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (Data == NULL) {
+    ASSERT (Data != NULL);
+    return 0; // Returning Len of -1 if we fail allocating space
+  }
+  // MU_CHANGE [END] - CodeQL change
 
   Len += TCP_OPTION_MSS_LEN;
   TcpPutUint32 (Data, TCP_OPTION_MSS_FAST | Tcb->RcvMss);

NetworkPkg/TcpDxe/TcpOutput.c

@@ -502,7 +502,12 @@ TcpGetSegmentSndQue (
   //
   if (CopyLen != 0) {
     Data = NetbufAllocSpace (Nbuf, CopyLen, NET_BUF_TAIL);
-    ASSERT (Data != NULL);
+    // MU_CHANGE [BEGIN] - CodeQL change
+    if (Data == NULL) {
+      ASSERT (Data != NULL);
+      goto OnError;
+    }
+    // MU_CHANGE [END] - CodeQL change
 
     if ((INT32)NetbufCopy (Node, Offset, CopyLen, Data) != CopyLen) {
       goto OnError;

UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c

@@ -1134,6 +1134,12 @@ GetAcpiCpuData (
   // For a native platform, copy the CPU S3 data into SMRAM for use on CPU S3 Resume.
   //
   CopyMem (&mAcpiCpuData, AcpiCpuData, sizeof (mAcpiCpuData));
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (&mAcpiCpuData == 0) {
+    ASSERT (&mAcpiCpuData == 0);
+    return;
+  }
+  // MU_CHANGE [END] - CodeQL change
 
   mAcpiCpuData.MtrrTable = (EFI_PHYSICAL_ADDRESS)(UINTN)AllocatePool (sizeof (MTRR_SETTINGS));
   ASSERT (mAcpiCpuData.MtrrTable != 0);

UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c

@@ -1844,7 +1844,12 @@ InitializeSmmCpuSemaphores (
   DEBUG ((DEBUG_INFO, "Total Semaphores Size = 0x%x\n", TotalSize));
   Pages          = EFI_SIZE_TO_PAGES (TotalSize);
   SemaphoreBlock = AllocatePages (Pages);
-  ASSERT (SemaphoreBlock != NULL);
+  // MU_CHANGE [BEGIN] - CodeQL change
+  if (SemaphoreBlock == NULL) {
+    ASSERT (SemaphoreBlock != NULL);
+    return;
+  }
+  // MU_CHANGE [END] - CodeQL change
   ZeroMem (SemaphoreBlock, TotalSize);
 
   SemaphoreAddr                                   = (UINTN)SemaphoreBlock;

UnitTestFrameworkPkg/Library/UnitTestPersistenceLibSimpleFileSystem/UnitTestPersistenceLibSimpleFileSystem.c

@@ -388,6 +388,11 @@ LoadUnitTestCache (
   // MU_CHANGE: Use file name and path instead of device path
   FileName = GetCacheFileName (FrameworkHandle);
 
+  if (FileName == NULL) {
+    ASSERT (FileName != NULL);
+    return EFI_NOT_FOUND;
+  }
+
   //
   // Now that we know the path to the file... let's open it for writing.
   //