Revision: 13533
http://edk2.svn.sourceforge.net/edk2/?rev=13533&view=rev
Author: lgao4
Date: 2012-07-17 01:51:26 +0000 (Tue, 17 Jul 2012)
Log Message:
-----------
Update HobLib and Hob Service to avoid data over flow.
Signed-off-by: Liming Gao <[email protected]>
Reviewed-by: Rui Sun <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Core/Pei/Hob/Hob.c
trunk/edk2/MdeModulePkg/Core/Pei/Memory/MemoryServices.c
Modified: trunk/edk2/MdeModulePkg/Core/Pei/Hob/Hob.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/Pei/Hob/Hob.c 2012-07-17 01:50:52 UTC (rev
13532)
+++ trunk/edk2/MdeModulePkg/Core/Pei/Hob/Hob.c 2012-07-17 01:51:26 UTC (rev
13533)
@@ -1,7 +1,7 @@
/** @file
This module provide Hand-Off Block manupulation.
-Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -89,6 +89,12 @@
HandOffHob = *Hob;
+ //
+ // Check Length to avoid data overflow.
+ //
+ if (0x10000 - Length <= 0x7) {
+ return EFI_INVALID_PARAMETER;
+ }
Length = (UINT16)((Length + 0x7) & (~0x7));
FreeMemory = HandOffHob->EfiFreeMemoryTop -
Modified: trunk/edk2/MdeModulePkg/Core/Pei/Memory/MemoryServices.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/Pei/Memory/MemoryServices.c 2012-07-17
01:50:52 UTC (rev 13532)
+++ trunk/edk2/MdeModulePkg/Core/Pei/Memory/MemoryServices.c 2012-07-17
01:51:26 UTC (rev 13533)
@@ -1,7 +1,7 @@
/** @file
EFI PEI Core memory services
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -249,9 +249,9 @@
//
// Generally, the size of heap in temporary memory does not exceed to 64K,
- // so the maxmium size of pool is 0x10000 - sizeof (EFI_HOB_MEMORY_POOL)
+ // HobLength is multiples of 8 bytes, so the maxmium size of pool is 0xFFF8
- sizeof (EFI_HOB_MEMORY_POOL)
//
- if (Size >= (0x10000 - sizeof (EFI_HOB_MEMORY_POOL))) {
+ if (Size > (0xFFF8 - sizeof (EFI_HOB_MEMORY_POOL))) {
return EFI_OUT_OF_RESOURCES;
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
