SF.net SVN: edk2:[14044] trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib. c

Wed, 09 Jan 2013 19:01:34 -0800 

Revision: 14044
          http://edk2.svn.sourceforge.net/edk2/?rev=14044&view=rev
Author:   ydong10
Date:     2013-01-10 03:01:16 +0000 (Thu, 10 Jan 2013)
Log Message:
-----------
Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.

Signed-off-by: Eric Dong <[email protected]>
Reviewed-by: Liming Gao <[email protected]>

Modified Paths:
--------------
    trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c

Modified: trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
===================================================================
--- trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c 2013-01-09 08:02:29 UTC 
(rev 14043)
+++ trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c 2013-01-10 03:01:16 UTC 
(rev 14044)
@@ -946,7 +946,7 @@
   UINT16                       Offset;
   UINT16                       Width;
   UINT64                       VarValue;
-  UINT64                       TmpValue;
+  EFI_IFR_TYPE_VALUE           TmpValue;
   LIST_ENTRY                   *Link;
   UINT8                        *VarBuffer;
   UINTN                        MaxBufferSize;
@@ -1511,9 +1511,10 @@
             //
             // Check current value is the value of one of option.
             //
-            TmpValue = 0;
+            ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && 
IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);
+            ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));
             CopyMem (&TmpValue, &IfrOneOfOption->Value, 
IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));
-            if (VarValue == TmpValue) {
+            if (VarValue == TmpValue.u64) {
               //
               // The value is one of option value.
               // Set OpCode to Zero, don't need check again.

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to