Cc: Jiewen Yao <jiewen....@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.z...@intel.com> --- MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c index 55dcf31..9f47d27 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c @@ -427,9 +427,13 @@ SmmEntryPoint ( // // Synchronous SMI for SMM Core or request from Communicate protocol // - if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize)) { + if (!SmmIsBufferOutsideSmmValid ((UINTN)gSmmCorePrivate->CommunicationBuffer, gSmmCorePrivate->BufferSize) || + !((((UINTN) gSmmCorePrivate->CommunicationBuffer + gSmmCorePrivate->BufferSize) <= (UINTN) gSmmCorePrivate) || + ((UINTN) gSmmCorePrivate->CommunicationBuffer >= ((UINTN) gSmmCorePrivate + sizeof (*gSmmCorePrivate))))) { // - // If CommunicationBuffer is not in valid address scope, return EFI_INVALID_PARAMETER + // If CommunicationBuffer is not in valid address scope, + // or there is overlap between gSmmCorePrivate and CommunicationBuffer, + // return EFI_INVALID_PARAMETER // gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->ReturnStatus = EFI_INVALID_PARAMETER; -- 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel