Ray, Please help take a review to this patch.
Thanks, Star -----Original Message----- From: Heyi Guo [mailto:[email protected]] Sent: Monday, October 30, 2017 1:48 PM To: [email protected]; [email protected] Cc: Heyi Guo <[email protected]>; Zeng, Star <[email protected]>; Dong, Eric <[email protected]>; Ard Biesheuvel <[email protected]>; Ni, Ruiyu <[email protected]> Subject: [edk2][PATCH] MdeModulePkg/NonDiscoverable: fix memory override bug For PciIoPciRead interface, memory prior to Buffer would be written with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause serious system exception. So we add a pre-check branch to avoid memory override. Cc: Star Zeng <[email protected]> Cc: Eric Dong <[email protected]> Cc: Ard Biesheuvel <[email protected]> Cc: Ruiyu Ni <[email protected]> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo <[email protected]> --- .../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index c836ad6..0e42ae4 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePc +++ iDeviceIo.c @@ -465,6 +465,11 @@ PciIoPciRead ( Address = (UINT8 *)&Dev->ConfigSpace + Offset; Length = Count << ((UINTN)Width & 0x3); + if (Offset >= sizeof (Dev->ConfigSpace)) { + ZeroMem (Buffer, Length); + return EFI_SUCCESS; + } + if (Offset + Length > sizeof (Dev->ConfigSpace)) { // // Read all zeroes for config space accesses beyond the first -- 1.9.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
