On 04/13/21 14:33, Wenyi Xie wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333 > > In function InstallPreHashFvPpi, when calculatuing the size
(1) s/calculatuing/calculating/ (2) I suggest remarking, in the commit message, that this bug does not lead to buffer overflow, given that "sizeof (HASH_INFO)" is 4, whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8. > of struct HASH_INFOļ¼sizeof is used twice. > > Cc: Jiewen Yao <[email protected]> > Cc: Jian J Wang <[email protected]> > Cc: Laszlo Ersek <[email protected]> > Signed-off-by: Wenyi Xie <[email protected]> > --- > SecurityPkg/FvReportPei/FvReportPei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c > b/SecurityPkg/FvReportPei/FvReportPei.c > index d709760ea3ce..e82413e090c0 100644 > --- a/SecurityPkg/FvReportPei/FvReportPei.c > +++ b/SecurityPkg/FvReportPei/FvReportPei.c > @@ -67,7 +67,7 @@ InstallPreHashFvPpi ( > HASH_INFO *HashInfo; > > PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) > - + sizeof (sizeof (HASH_INFO)) > + + sizeof (HASH_INFO) > + HashSize; > > PreHashedFvPpi = AllocatePool (PpiSize); > >From my perspective: Reviewed-by: Laszlo Ersek <[email protected]> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74044): https://edk2.groups.io/g/devel/message/74044 Mute This Topic: https://groups.io/mt/82063417/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
