In file MdeModulePkg\Library\VariablePolicyLib\VariablePolicyLib.c procedure DumpVariablePolicy() function header says the "call can be made with a 0 size and it will return the size of the buffer required to hold the table." In file MdeModulePkg\Library\VarCheckPolicyLib\VarCheckPolicyLib.c procedure VarCheckPolicyLibMmiHandler() around line 219 calls DumpVariablePolicy(NULL, &TempSize). It is attempting to get the required size of the policy buffer, and is passing in NULL as the Policy pointer. However, TempSize is uninitialized. In file MdeModulePkg\Library\VariablePolicyLib\VariablePolicyLib.c procedure DumpVariablePolicy() and receives &Tempsize as *Size. The code checks the parameters, and checks to see if the size passed in is greater than zero. // Check the parameters. if (Size == NULL || (*Size > 0 && Policy == NULL)) { return EFI_INVALID_PARAMETER; } Since TempSize has never been set, the variable could contain anything. I believe VarCheckPolicyLibMmiHandler() needs to set TempSize to zero before calling DumpVariablePolicy(NULL, &TempSize).
Good catch, Allen! I expect nothing less.
Created attachment 690 [details] Mailing List Patch
Will be fixed in PR: https://github.com/tianocore/edk2/pull/1557
