BaseLib: Fix out-of-bounds reads in SafeString

Pedro Falcato via edk2-commits Sun, 06 Nov 2022 17:57:40 -0800

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: 35043a5ec05db6aa86b1b380416923fd1c3506e6
      
https://github.com/tianocore/edk2/commit/35043a5ec05db6aa86b1b380416923fd1c3506e6
  Author: Pedro Falcato <pedro.falc...@gmail.com>
  Date:   2022-11-07 (Mon, 07 Nov 2022)


  Changed paths:
    M MdePkg/Library/BaseLib/SafeString.c

  Log Message:
  -----------
  MdePkg/BaseLib: Fix out-of-bounds reads in SafeString

There was a OOB access in *StrHexTo* functions, when passed strings like
"XDEADBEEF".

OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe,
which was able to catch these (mostly harmless) issues.

Cc: Vitaly Cheptsov <vit9...@protonmail.com>
Cc: Marvin H?user <mhaeu...@posteo.de>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang....@intel.com>
Signed-off-by: Pedro Falcato <pedro.falc...@gmail.com>
Acked-by: Michael D Kinney <michael.d.kin...@intel.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn>




_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits

[tianocore/edk2] 35043a: MdePkg/BaseLib: Fix out-of-bounds reads in SafeString

Reply via email to