Re: [edk2] [PATCH] MdeModulePkg: Fix potential buffer overflow issues

Tue, 19 May 2015 00:19:00 -0700 

Reviewed-by: Liming Gao <liming....@intel.com>

From: Dong, Eric
Sent: Tuesday, May 19, 2015 1:35 PM
To: edk2-devel@lists.sourceforge.net
Cc: Gao, Liming
Subject: [PATCH] MdeModulePkg: Fix potential buffer overflow issues


Fix potential buffer overflow issues.



Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Eric Dong <eric.d...@intel.com<mailto:eric.d...@intel.com>>


Index: Universal/DisplayEngineDxe/FormDisplay.h

===================================================================

--- Universal/DisplayEngineDxe/FormDisplay.h  (revision 17469)

+++ Universal/DisplayEngineDxe/FormDisplay.h               (working copy)

@@ -113,8 +113,9 @@

//

// It take 23 characters including the NULL to print a 64 bits number with "[" 
and "]".

// pow(2, 64) = [18446744073709551616]

+// with extra '-' flat, set the width to 24.

//

-#define MAX_NUMERIC_INPUT_WIDTH 23

+#define MAX_NUMERIC_INPUT_WIDTH 24



 #define EFI_HII_EXPRESSION_INCONSISTENT_IF   0

#define EFI_HII_EXPRESSION_NO_SUBMIT_IF      1

Index: Universal/SetupBrowserDxe/Expression.c

===================================================================

--- Universal/SetupBrowserDxe/Expression.c     (revision 17469)

+++ Universal/SetupBrowserDxe/Expression.c  (working copy)

@@ -1561,12 +1561,15 @@

                         &BufferSize,

                         HandleBuffer);



-  } else if (EFI_ERROR (Status)) {

+  }

+

+  if (EFI_ERROR (Status)) {

     Result->Type = EFI_IFR_TYPE_UNDEFINED;

     Status = EFI_SUCCESS;

     goto Done;

   }



+  ASSERT (HandleBuffer != NULL);

   for ( Index = 0; Index < BufferSize / sizeof(EFI_HANDLE); Index ++) {

     Status = gBS->HandleProtocol (

                   HandleBuffer[Index],

Index: Universal/SetupBrowserDxe/IfrParse.c

===================================================================

--- Universal/SetupBrowserDxe/IfrParse.c           (revision 17469)

+++ Universal/SetupBrowserDxe/IfrParse.c        (working copy)

@@ -2144,6 +2144,7 @@

     // Option

     //

     case EFI_IFR_ONE_OF_OPTION_OP:

+      ASSERT (ParentStatement != NULL);

       if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP && 
((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT | 
EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) {

         //

         // It's keep the default value for ordered list opcode.

@@ -2198,7 +2199,6 @@

         CopyMem (CurrentOption->SuppressExpression->Expression, 
GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION 
*) * ConditionalExprCount));

       }



-      ASSERT (ParentStatement != NULL);

       //

       // Insert to Option list of current Question

       //

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to