[edk2] [PATCH v2 1/5] IntelFrameworkModulePkg GenericBdsLib: Potential read over memory boudary

Thu, 09 Jul 2015 18:03:06 -0700 

This commit will resolve the issue brought by r17733.

StringBuffer1 = AllocateCopyPool (
                  MAX_STRING_LEN * sizeof (CHAR16),
                  L"Configuration changed. Reset to apply it Now."
                  );

The above using of AllocateCopyPool() will read contents out of the scope
of the constant string. Potential risk for the constant string allocated
at the boundary of memory region.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a...@intel.com>
Reviewed-by: Qiu Shumin <shumin....@intel.com>
Reviewed-by: Jeff Fan <jeff....@intel.com>
---
 .../Library/GenericBdsLib/BdsMisc.c                  | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c 
b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
index b5be631..24c1998 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
@@ -1127,16 +1127,20 @@ SetupResetReminder (
   if (IsResetReminderFeatureEnable ()) {
     if (IsResetRequired ()) {
 
-      StringBuffer1 = AllocateCopyPool (
-                        MAX_STRING_LEN * sizeof (CHAR16),
-                        L"Configuration changed. Reset to apply it Now."
-                        );
+      StringBuffer1 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
       ASSERT (StringBuffer1 != NULL);
-      StringBuffer2 = AllocateCopyPool (
-                        MAX_STRING_LEN * sizeof (CHAR16),
-                        L"Press ENTER to reset"
-                        );
+      StringBuffer2 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
       ASSERT (StringBuffer2 != NULL);
+      StrCpyS (
+        StringBuffer1,
+        MAX_STRING_LEN,
+        L"Configuration changed. Reset to apply it Now."
+        );
+      StrCpyS (
+        StringBuffer2,
+        MAX_STRING_LEN,
+        L"Press ENTER to reset"
+        );
       //
       // Popup a menu to notice user
       //
-- 
1.9.5.msysgit.0


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to