subject:"\[edk2\] \[PATCH v2\] MdePkg\/SafeString\: Fix potential out\-of\-bound memory access"

Re: [edk2] [PATCH v2] MdePkg/SafeString: Fix potential out-of-bound memory access

2018-02-05 Thread Yao, Jiewen

Reviewed-by: jiewen@intel.com > -Original Message- > From: Ni, Ruiyu > Sent: Monday, February 5, 2018 1:26 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Gao, Liming ; > Wang, Jian J > Subject: [PATCH v2]

[edk2] [PATCH v2] MdePkg/SafeString: Fix potential out-of-bound memory access

2018-02-04 Thread Ruiyu Ni

Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS calls StrnLenS () to get the length of source string but supplies the destination buffer size as max size. It's a bug that may cause out-of-bound memory access. For example: StrnCpyS (Dest[10], 10, "hello", 6) -> StrnLenS ("hello", 10)