[edk2-devel] [PATCH v1 3/3] MdeModulePkg/Core/Pei: Fix pointer size mismatch in EvacuateTempRam()

Wed, 08 Sep 2021 20:47:16 -0700 

From: Michael Kubacki <[email protected]>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3512

In 32-bit PEI, the local variable pointers MigratedFvHeader and
RawDataFvHeader in EvacuateTempRam() will be 32-bit in size. The
pointers are currently passed to PeiServicesAllocatePages() which
expects a 64-bit output buffer of type EFI_PHYSICAL_ADDRESS.

When PeiServicesAllocatePages() writes to the buffer, the data
can overflow.

Cc: Jian J Wang <[email protected]>
Cc: Liming Gao <[email protected]>
Cc: Dandan Bi <[email protected]>
Signed-off-by: Michael Kubacki <[email protected]>
---
 MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c 
b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
index a050a6ed9646..f6bb906f38f3 100644
--- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
+++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
@@ -1135,6 +1135,7 @@ EvacuateTempRam (
   volatile UINTN                FvIndex;
   volatile UINTN                FvChildIndex;
   UINTN                         ChildFvOffset;
+  EFI_PHYSICAL_ADDRESS          FvHeaderAddress;
   EFI_FIRMWARE_VOLUME_HEADER    *FvHeader;
   EFI_FIRMWARE_VOLUME_HEADER    *ChildFvHeader;
   EFI_FIRMWARE_VOLUME_HEADER    *MigratedFvHeader;
@@ -1186,9 +1187,10 @@ EvacuateTempRam (
       Status =  PeiServicesAllocatePages (
                   EfiBootServicesCode,
                   EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength),
-                  (EFI_PHYSICAL_ADDRESS *) &MigratedFvHeader
+                  &FvHeaderAddress
                   );
       ASSERT_EFI_ERROR (Status);
+      MigratedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvHeaderAddress;
 
       //
       // Allocate pool to save the raw PEIMs, which is used to keep consistent 
context across
@@ -1197,9 +1199,10 @@ EvacuateTempRam (
       Status =  PeiServicesAllocatePages (
                   EfiBootServicesCode,
                   EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength),
-                  (EFI_PHYSICAL_ADDRESS *) &RawDataFvHeader
+                  &FvHeaderAddress
                   );
       ASSERT_EFI_ERROR (Status);
+      RawDataFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvHeaderAddress;
 
       DEBUG ((
         DEBUG_VERBOSE,
-- 
2.28.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80402): https://edk2.groups.io/g/devel/message/80402
Mute This Topic: https://groups.io/mt/85477365/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to