[ros-diffs] [reactos] 01/01: [FREELDR] xboxmem: Fix array out-of-bounds access (#1775)

Wed, 07 Aug 2019 03:07:21 -0700 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2811d2f990fdadef5697ac3927688b7447fdf177

commit 2811d2f990fdadef5697ac3927688b7447fdf177
Author:     Stanislav Motylkov <[email protected]>
AuthorDate: Wed Aug 7 13:06:37 2019 +0300
Commit:     Hermès BÉLUSCA - MAÏTO <[email protected]>
CommitDate: Wed Aug 7 12:06:37 2019 +0200

    [FREELDR] xboxmem: Fix array out-of-bounds access (#1775)
    
    Memory map array should be large enough to fit additional descriptors.
    
    CORE-16216 CORE-16267
---
 boot/freeldr/freeldr/arch/i386/pcmem.c        | 2 --
 boot/freeldr/freeldr/arch/i386/xboxmem.c      | 3 ++-
 boot/freeldr/freeldr/include/arch/pc/pcbios.h | 2 ++
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/boot/freeldr/freeldr/arch/i386/pcmem.c 
b/boot/freeldr/freeldr/arch/i386/pcmem.c
index 2add4d918bf..4dd709b247c 100644
--- a/boot/freeldr/freeldr/arch/i386/pcmem.c
+++ b/boot/freeldr/freeldr/arch/i386/pcmem.c
@@ -35,8 +35,6 @@ DBG_DEFAULT_CHANNEL(MEMORY);
 #define ULONGLONG_ALIGN_UP_BY(size, align) \
     (ULONGLONG_ALIGN_DOWN_BY(((ULONGLONG)(size) + align - 1), align))
 
-#define MAX_BIOS_DESCRIPTORS 80ul
-
 BIOS_MEMORY_MAP PcBiosMemoryMap[MAX_BIOS_DESCRIPTORS];
 ULONG PcBiosMapCount;
 
diff --git a/boot/freeldr/freeldr/arch/i386/xboxmem.c 
b/boot/freeldr/freeldr/arch/i386/xboxmem.c
index ee5da0fec1f..2d6890ea78e 100644
--- a/boot/freeldr/freeldr/arch/i386/xboxmem.c
+++ b/boot/freeldr/freeldr/arch/i386/xboxmem.c
@@ -89,12 +89,13 @@ XboxMemInit(VOID)
     AvailableMemoryMb = InstalledMemoryMb;
 }
 
-FREELDR_MEMORY_DESCRIPTOR XboxMemoryMap[2];
+FREELDR_MEMORY_DESCRIPTOR XboxMemoryMap[MAX_BIOS_DESCRIPTORS + 1];
 
 PFREELDR_MEMORY_DESCRIPTOR
 XboxMemGetMemoryMap(ULONG *MemoryMapSize)
 {
     TRACE("XboxMemGetMemoryMap()\n");
+    /* FIXME: Obtain memory map via multiboot spec */
 
     /* Synthesize memory map */
 
diff --git a/boot/freeldr/freeldr/include/arch/pc/pcbios.h 
b/boot/freeldr/freeldr/include/arch/pc/pcbios.h
index 826a16854de..5ad273f0442 100644
--- a/boot/freeldr/freeldr/include/arch/pc/pcbios.h
+++ b/boot/freeldr/freeldr/include/arch/pc/pcbios.h
@@ -3,6 +3,8 @@
 
 #ifndef __ASM__
 
+#define MAX_BIOS_DESCRIPTORS 80
+
 typedef enum
 {
     // ACPI 1.0.

Reply via email to