On Mon, Jan 07, 2019 at 08:15:00AM +0100, Ard Biesheuvel wrote:
> Take care not to dereference BlockEntry if it may be pointing past
> the end of the page table we are manipulating. It is only a read,
> and thus harmless, but HeapGuard triggers on it so let's fix it.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>

Reviewed-by: Leif Lindholm <leif.lindh...@linaro.org>

> ---
>  ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c 
> b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> index e41044142ef4..d66df3e17a02 100644
> --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
> @@ -382,7 +382,7 @@ UpdateRegionMapping (
>  
>        // Break the inner loop when next block is a table
>        // Rerun GetBlockEntryListFromAddress to avoid page table memory leak
> -      if (TableLevel != 3 &&
> +      if (TableLevel != 3 && BlockEntry <= LastBlockEntry &&
>            (*BlockEntry & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) {
>              break;
>        }
> -- 
> 2.20.1
> 
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to