Due to the a potential hole in the stop condition of for-loop, the two
continuous access to ArgumentString (index, index+1) inside the loop
might cause the string ending character ('\0') to be read.Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Star Zeng <[email protected]> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <[email protected]> --- MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c index 28d946472f..297d5a05b5 100644 --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( // Compute the number of characters in ArgumentString and store it in Count // ArgumentString is either null-terminated, or it contains Precision characters // - for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); Count++) { + for (Count = 0; + ArgumentString[Count * BytesPerArgumentCharacter] != '\0' && + (Count < Precision || ((Flags & PRECISION) == 0)); + Count++) { ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; if (ArgumentCharacter == 0) { break; -- 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
