Changes compared with v1: Commit messages are modified for easy understanding.
Cover letter for patch v1: Commit r17732 to r17739 used safe string functions to replace the old ones in IntelFrameworkModulePkg. However, these changes broght the following two issues: 1. AllocateCopyPool (AllocationSize, Buffer) Some usage of AllocateCopyPool() will read contents out of the scope of 'Buffer'. Potential risk when 'Buffer' is allocated at the boundary of memory region. 2. Some replacement of StrnCpy/StrnCat with StrCpyS/StrCatS functions These changes will cause ASSERT when buffer overflow occurs, the patches will use StrnCpyS/StrnCatS instead to resolve this issue. Hao Wu (5): IntelFrameworkModulePkg GenericBdsLib: Potential read over memory boudary IntelFrameworkModulePkg BdsDxe: Fix ASSERT in BdsMemoryTest IntelFrameworkModulePkg BootMaint: Fix potential read over memory boundary IntelFrameworkModulePkg BootMngr: Fix potential read over memory boundary IntelFrameworkModulePkg DeviceMngr: Potential read over memory boundary .../Library/GenericBdsLib/BdsMisc.c | 20 ++++++++++++-------- .../Universal/BdsDxe/BootMaint/BootOption.c | 3 ++- .../Universal/BdsDxe/BootMngr/BootManager.c | 3 ++- .../Universal/BdsDxe/DeviceMngr/DeviceManager.c | 3 ++- .../Universal/BdsDxe/MemoryTest.c | 14 ++++++++++++-- 5 files changed, 30 insertions(+), 13 deletions(-) -- 1.9.5.msysgit.0 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel