Reviewed-by: jiewen@intel.com
> -Original Message-
> From: Ni, Ruiyu
> Sent: Monday, February 5, 2018 1:26 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen ; Gao, Liming ;
> Wang, Jian J
> Subject: [PATCH v2]
Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS calls
StrnLenS () to get the length of source string but supplies the
destination buffer size as max size.
It's a bug that may cause out-of-bound memory access.
For example:
StrnCpyS (Dest[10], 10, "hello", 6)
-> StrnLenS ("hello", 10)
2 matches
Mail list logo