logic to handle 1FH is completely wrong.
The patch combines them together to fix the 1FH issue.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Eric Dong
---
UefiCpuPkg/Application/Cpuid/Cpuid.c | 83 ++--
1 file changed, 28 insertions
GetProcessorLocation2ByApicId() extracts the
package/die/tile/module/core/thread ID from the initial APIC ID.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Eric Dong
---
UefiCpuPkg/Include/Library/LocalApicLib.h | 29 +++-
.../Library/BaseXApicLib
v2: put the CVE number in patch title.
Ray Ni (2):
MdeModulePkg/HiiDatabase: Fix potential integer overflow
(CVE-2018-12181)
MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed
(CVE-2018-12181)
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130
overflow.
The similar issue also exists in the logic to handle 8bit BMP.
The patch fixes the issue by only copies the first 16 or 256 colors
in the palette depending on the BMP type.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Liming Gao
Cc: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Dandan Bi
Cc: Hao A Wu
---
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 126 ++
1 file changed, 103 insertions(+), 23 deletions
Ray Ni (2):
MdeModulePkg/HiiDatabase: Fix potential integer overflow
MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 130 ++
1 file changed, 105 insertions(+), 25 deletions(-)
--
2.20.1.windows.1
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135
CVE number: CVE-2018-12181
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Dandan Bi
Cc: Hao A Wu
---
MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 126 ++
1 file changed, 103
] array which causes stack overflow.
The similar issue also exists in the logic to handle 8bit BMP.
The patch fixes the issue by only copies the first 16 or 256 colors
in the palette depending on the BMP type.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Liming
the boot failure when using GCC5.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Jordan Justen
Cc: Andrew Fish
---
EmulatorPkg/Sec/Ia32/SwitchRam.S | 95 --
EmulatorPkg/Sec/Ia32/SwitchRam.asm | 94
Per PCI Spec, the option ROM BAR is 32bit so the maximum option ROM
size can be hold by UINT32 type.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Hao Wu
---
MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 4 ++--
MdeModulePkg/Bus/Pci/PciBusDxe
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1505
v2: fixed all typos in PciBus driver.
changed RomSize to UINT32 and added type cast to PPB MEM32 BAR
Base/Length to avoid using RShiftU64().
Ray Ni (3):
MdeModulePkg/PciBus: Change PCI_IO_DEVICE.RomSize to UINT32 type
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Hao Wu
---
MdeModulePkg/Bus/Pci/PciBusDxe/PciCommand.c | 14 ++---
MdeModulePkg/Bus/Pci/PciBusDxe/PciCommand.h | 16 ++---
.../Bus/Pci/PciBusDxe/PciDeviceSupport.c | 14 ++---
.../Bus/Pci/PciBusDxe
RANGE BAR.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Hao Wu
Cc: Dandan Bi
---
.../Bus/Pci/PciBusDxe/PciResourceSupport.c| 51 +--
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe
programs the PPB MEM32 RANGE BAR.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni
Cc: Hao Wu
Cc: Dandan Bi
---
.../Bus/Pci/PciBusDxe/PciResourceSupport.c| 53 +--
1 file changed, 24 insertions(+), 29 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci
14 matches
Mail list logo