Revision: 16527
http://sourceforge.net/p/edk2/code/16527
Author: lzeng14
Date: 2014-12-17 00:39:51 +0000 (Wed, 17 Dec 2014)
Log Message:
-----------
MdeModulePkg DxeCore: Fix potential FV overflow of 4GB boundary on a 32-bit
systems.
The traversing of a Memory Mapped FV can overflow the 4GB limit on a 32bit
system
during the setting up a Linked List of FFS file inside the FV.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Core/Dxe/FwVol/FwVol.c
Modified: trunk/edk2/MdeModulePkg/Core/Dxe/FwVol/FwVol.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/Dxe/FwVol/FwVol.c 2014-12-16 17:50:57 UTC
(rev 16526)
+++ trunk/edk2/MdeModulePkg/Core/Dxe/FwVol/FwVol.c 2014-12-17 00:39:51 UTC
(rev 16527)
@@ -482,7 +482,7 @@
FfsHeader = (EFI_FFS_FILE_HEADER *) (FvDevice->CachedFv);
}
TopFvAddress = FvDevice->EndOfCachedFv;
- while ((UINT8 *) FfsHeader < TopFvAddress) {
+ while (((UINTN) FfsHeader >= (UINTN) FvDevice->CachedFv) && ((UINTN)
FfsHeader <= (UINTN) ((UINTN) TopFvAddress - sizeof (EFI_FFS_FILE_HEADER)))) {
if (FileCached) {
CoreFreePool (CacheFfsHeader);
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
