3323 – LoadFile: Insufficient data is returned

Bug 3323 - LoadFile: Insufficient data is returned

Summary: LoadFile: Insufficient data is returned

Status:	UNCONFIRMED

Alias:	None

Product:	EDK2
Classification:	Unclassified
Component:	Code (show other bugs)
Version:	Current
Hardware:	All All

Importance:	Normal normal
Assignee:	Marvin Häuser

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-12 10:19 UTC by Marvin Häuser
Modified:	2021-04-13 21:56 UTC (History)
CC List:	4 users (show)

See Also:
EDK II Code First industry standard specifications:	---
Branch URL:
Release(s) the issue is observed:	EDK II Master
The OS the target platform is running:	---
Package:	MdePkg
Release(s) the issues must be fixed:	EDK II Master
Tianocore documents:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marvin Häuser 2021-04-12 10:19:55 UTC

The LoadFile APIs (PPI and protocol) do not return sufficient data, as apparent from the subsequent header-parsing in PeiCore[1]. This is unfortunate for many reasons, e.g. the caller may assume the loader ensured sanity conditions it did not, or it may duplicate verification logic already performed.

To mitigate TOC/TOU, PE files must be read entirely into memory first no matter the source, so I believe reading a file and loading (as in expanding to the loaded address space, relocating, etc) should be two very distinct steps, not abstracted by a single protocol. For convenience, a wrapper library could be provided.

This is an issue with the UEFI PI and UEFI specifications and is submitted mainly for discussion/feedback and tracking reasons.

[1] https://github.com/tianocore/edk2/blob/2072c22a0d63c780b0cc6377f6d4ffb116ad6144/MdeModulePkg/Core/Pei/Image/Image.c#L912-L926

Comment 1 gaoliming 2021-04-13 21:56:42 UTC

Marvin, you can continue to provide the proposal.