On 30 October 2017 at 05:47, Heyi Guo <[email protected]> wrote: > For PciIoPciRead interface, memory prior to Buffer would be written > with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which > would cause serious system exception. > > So we add a pre-check branch to avoid memory override. > > Cc: Star Zeng <[email protected]> > Cc: Eric Dong <[email protected]> > Cc: Ard Biesheuvel <[email protected]> > Cc: Ruiyu Ni <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Heyi Guo <[email protected]>
Reviewed-by: Ard Biesheuvel <[email protected]> > --- > .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 > +++++ > 1 file changed, 5 insertions(+) > > diff --git > a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > > b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > index c836ad6..0e42ae4 100644 > --- > a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > +++ > b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c > @@ -465,6 +465,11 @@ PciIoPciRead ( > Address = (UINT8 *)&Dev->ConfigSpace + Offset; > Length = Count << ((UINTN)Width & 0x3); > > + if (Offset >= sizeof (Dev->ConfigSpace)) { > + ZeroMem (Buffer, Length); > + return EFI_SUCCESS; > + } > + > if (Offset + Length > sizeof (Dev->ConfigSpace)) { > // > // Read all zeroes for config space accesses beyond the first > -- > 1.9.1 > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
