Cc: Jiewen Yao <jiewen....@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.z...@intel.com>
---
MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
index 55dcf31..9f47d27 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
@@ -427,9 +427,13 @@ SmmEntryPoint (
//
// Synchronous SMI for SMM Core or request from Communicate protocol
//
- if (!SmmIsBufferOutsideSmmValid
((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) {
+ if (!SmmIsBufferOutsideSmmValid
((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) ||
+ !((((UINTN) gSmmCorePrivate->CommunicationBuffer +
gSmmCorePrivate->BufferSize) <= (UINTN) gSmmCorePrivate) ||
+ ((UINTN) gSmmCorePrivate->CommunicationBuffer >= ((UINTN)
gSmmCorePrivate + sizeof (*gSmmCorePrivate))))) {
//
- // If CommunicationBuffer is not in valid address scope, return
EFI_INVALID_PARAMETER
+ // If CommunicationBuffer is not in valid address scope,
+ // or there is overlap between gSmmCorePrivate and CommunicationBuffer,
+ // return EFI_INVALID_PARAMETER
//
gSmmCorePrivate->CommunicationBuffer = NULL;
gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER;
--
1.9.5.msysgit.0
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
