Re: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation

Tue, 26 Dec 2017 18:15:07 -0800 

Mike and Liming,

Could you take a look at this patch?

Regards,
Jian


> -----Original Message-----
> From: edk2-devel [mailto:[email protected]] On Behalf Of Jian J
> Wang
> Sent: Monday, December 25, 2017 10:09 AM
> To: [email protected]
> Cc: Kinney, Michael D <[email protected]>; Yao, Jiewen
> <[email protected]>; Zeng, Star <[email protected]>; Gao, Liming
> <[email protected]>
> Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position
> calculation
> 
> Due to the a potential hole in the stop condition of for-loop, the two
> continuous access to ArgumentString (index, index+1) inside the loop
> might cause the string ending character ('\0') to be read.
> 
> Cc: Michael D Kinney <[email protected]>
> Cc: Liming Gao <[email protected]>
> Cc: Jiewen Yao <[email protected]>
> Cc: Star Zeng <[email protected]>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <[email protected]>
> ---
>  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> index 28d946472f..297d5a05b5 100644
> --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
>        // Compute the number of characters in ArgumentString and store it in
> Count
>        // ArgumentString is either null-terminated, or it contains Precision
> characters
>        //
> -      for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); 
> Count++) {
> +      for (Count = 0;
> +            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
> +            (Count < Precision || ((Flags & PRECISION) == 0));
> +              Count++) {
>          ArgumentCharacter = ((ArgumentString[Count *
> BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count *
> BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
>          if (ArgumentCharacter == 0) {
>            break;
> --
> 2.15.1.windows.2
> 
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to