Check for Type AllocateAddress, if NumberOfPages is 0 or if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or if (Start + NumberOfBytes) rolls over 0 or if Start is above MAX_ADDRESS or if End is above MAX_ADDRESS, return EFI_NOT_FOUND.
Cc: Jiewen Yao <[email protected]> Cc: Michael Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Feng Tian <[email protected]> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <[email protected]> --- MdeModulePkg/Core/Dxe/Mem/Page.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 62738a187546..2f4ff8ecfdab 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1201,6 +1201,8 @@ CoreInternalAllocatePages ( { EFI_STATUS Status; UINT64 Start; + UINT64 NumberOfBytes; + UINT64 End; UINT64 MaxAddress; UINTN Alignment; @@ -1246,6 +1248,30 @@ CoreInternalAllocatePages ( // MaxAddress = MAX_ADDRESS; + // + // Check for Type AllocateAddress, + // if NumberOfPages is 0 or + // if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or + // if (Start + NumberOfBytes) rolls over 0 or + // if Start is above MAX_ADDRESS or + // if End is above MAX_ADDRESS, + // return EFI_NOT_FOUND. + // + if (Type == AllocateAddress) { + if ((NumberOfPages == 0) || + (NumberOfPages > RShiftU64 (MaxAddress, EFI_PAGE_SHIFT))) { + return EFI_NOT_FOUND; + } + NumberOfBytes = LShiftU64 (NumberOfPages, EFI_PAGE_SHIFT); + End = Start + NumberOfBytes - 1; + + if ((Start >= End) || + (Start > MaxAddress) || + (End > MaxAddress)) { + return EFI_NOT_FOUND; + } + } + if (Type == AllocateMaxAddress) { MaxAddress = Start; } -- 2.7.0.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
