Reviewed-by: Liming Gao <[email protected]> -----Original Message----- From: Dong, Eric Sent: Wednesday, January 20, 2016 2:59 PM To: [email protected] Cc: Gao, Liming Subject: [Patch] Refine the code to avoid potential buffer overflow or use NULL pointer.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <[email protected]> Cc: Liming Gao <[email protected]> --- MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c index 560cf8f..c46c965 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c @@ -1,10 +1,10 @@ /** @file Implementation for EFI_HII_IMAGE_PROTOCOL. -Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -264,24 +264,28 @@ Output1bitPixel ( UINTN OffsetY; UINT8 Index; EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BitMapPtr; EFI_GRAPHICS_OUTPUT_BLT_PIXEL PaletteValue[2]; EFI_HII_IMAGE_PALETTE_INFO *Palette; - UINT16 PaletteSize; + UINTN PaletteSize; UINT8 Byte; ASSERT (Image != NULL && Data != NULL && PaletteInfo != NULL); BitMapPtr = Image->Bitmap; // // First entry corresponds to color 0 and second entry corresponds to color 1. // + PaletteSize = 0; CopyMem (&PaletteSize, PaletteInfo, sizeof (UINT16)); PaletteSize += sizeof (UINT16); Palette = AllocateZeroPool (PaletteSize); ASSERT (Palette != NULL); + if (Palette == NULL) { + return; + } CopyMem (Palette, PaletteInfo, PaletteSize); ZeroMem (PaletteValue, sizeof (PaletteValue)); CopyRgbToGopPixel (&PaletteValue[0], &Palette->PaletteValue[0], 1); CopyRgbToGopPixel (&PaletteValue[1], &Palette->PaletteValue[1], 1); @@ -348,25 +352,29 @@ Output4bitPixel ( UINT16 Ypos; UINTN OffsetY; EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BitMapPtr; EFI_GRAPHICS_OUTPUT_BLT_PIXEL PaletteValue[16]; EFI_HII_IMAGE_PALETTE_INFO *Palette; - UINT16 PaletteSize; + UINTN PaletteSize; UINT16 PaletteNum; UINT8 Byte; ASSERT (Image != NULL && Data != NULL && PaletteInfo != NULL); BitMapPtr = Image->Bitmap; // // The bitmap should allocate each color index starting from 0. // + PaletteSize = 0; CopyMem (&PaletteSize, PaletteInfo, sizeof (UINT16)); PaletteSize += sizeof (UINT16); Palette = AllocateZeroPool (PaletteSize); ASSERT (Palette != NULL); + if (Palette == NULL) { + return; + } CopyMem (Palette, PaletteInfo, PaletteSize); PaletteNum = (UINT16)(Palette->PaletteSize / sizeof (EFI_HII_RGB_PIXEL)); ZeroMem (PaletteValue, sizeof (PaletteValue)); CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, PaletteNum); @@ -422,25 +430,29 @@ Output8bitPixel ( UINT16 Ypos; UINTN OffsetY; EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BitMapPtr; EFI_GRAPHICS_OUTPUT_BLT_PIXEL PaletteValue[256]; EFI_HII_IMAGE_PALETTE_INFO *Palette; - UINT16 PaletteSize; + UINTN PaletteSize; UINT16 PaletteNum; UINT8 Byte; ASSERT (Image != NULL && Data != NULL && PaletteInfo != NULL); BitMapPtr = Image->Bitmap; // // The bitmap should allocate each color index starting from 0. // + PaletteSize = 0; CopyMem (&PaletteSize, PaletteInfo, sizeof (UINT16)); PaletteSize += sizeof (UINT16); Palette = AllocateZeroPool (PaletteSize); ASSERT (Palette != NULL); + if (Palette == NULL) { + return; + } CopyMem (Palette, PaletteInfo, PaletteSize); PaletteNum = (UINT16)(Palette->PaletteSize / sizeof (EFI_HII_RGB_PIXEL)); ZeroMem (PaletteValue, sizeof (PaletteValue)); CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, PaletteNum); FreePool (Palette); -- 2.6.4.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
