Fix the TOCTOU issue of CommBufferSize itself for SMM communicate handler input.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14379 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c

@@ -543,6 +543,7 @@ SmmPerformanceHandlerEx (
   GAUGE_DATA_ENTRY_EX       *GaugeDataEx;
   UINTN                     NumberOfEntries;
   UINTN                     LogEntryKey;
+  UINTN                     TempCommBufferSize;
 
   GaugeEntryExArray = NULL;
 
@@ -553,11 +554,13 @@ SmmPerformanceHandlerEx (
     return EFI_SUCCESS;
   }
 
-  if(*CommBufferSize < sizeof (SMM_PERF_COMMUNICATE_EX)) {
+  TempCommBufferSize = *CommBufferSize;
+
+  if(TempCommBufferSize < sizeof (SMM_PERF_COMMUNICATE_EX)) {
     return EFI_SUCCESS;
   }
 
-  if (!IsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
+  if (!IsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
     DEBUG ((EFI_D_ERROR, "SmmPerformanceHandlerEx: SMM communcation data buffer in SMRAM or overflow!\n"));
     return EFI_SUCCESS;
   }
@@ -649,7 +652,8 @@ SmmPerformanceHandler (
   GAUGE_DATA_ENTRY      *GaugeData;
   UINTN                 NumberOfEntries;
   UINTN                 LogEntryKey;
-  
+  UINTN                 TempCommBufferSize;
+
   GaugeEntryExArray = NULL;
 
   //
@@ -659,11 +663,13 @@ SmmPerformanceHandler (
     return EFI_SUCCESS;
   }
 
-  if(*CommBufferSize < sizeof (SMM_PERF_COMMUNICATE)) {
+  TempCommBufferSize = *CommBufferSize;
+
+  if(TempCommBufferSize < sizeof (SMM_PERF_COMMUNICATE)) {
     return EFI_SUCCESS;
   }
 
-  if (!IsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {
+  if (!IsAddressValid ((UINTN)CommBuffer, TempCommBufferSize)) {
     DEBUG ((EFI_D_ERROR, "SmmPerformanceHandler: SMM communcation data buffer in SMRAM or overflow!\n"));
     return EFI_SUCCESS;
   }