sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg: Fix potential buffer overflow issues.

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17472 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Eric Dong
2015-05-19 09:26:25 +00:00
committed by ydong10
parent 5f25ead991
commit aee257db53
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h
View File

@ -113,8 +113,9 @@ extern BOOLEAN gMisMatch;
// //
// It take 23 characters including the NULL to print a 64 bits number with "[" and "]". // It take 23 characters including the NULL to print a 64 bits number with "[" and "]".
// pow(2, 64) = [18446744073709551616] // pow(2, 64) = [18446744073709551616]
// with extra '-' flat, set the width to 24.
// //
#define MAX_NUMERIC_INPUT_WIDTH 23 #define MAX_NUMERIC_INPUT_WIDTH 24
#define EFI_HII_EXPRESSION_INCONSISTENT_IF 0 #define EFI_HII_EXPRESSION_INCONSISTENT_IF 0
#define EFI_HII_EXPRESSION_NO_SUBMIT_IF 1 #define EFI_HII_EXPRESSION_NO_SUBMIT_IF 1

5
MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
View File

@ -1561,12 +1561,15 @@ IfrMatch2 (
&BufferSize, &BufferSize,
HandleBuffer); HandleBuffer);
} else if (EFI_ERROR (Status)) { }
if (EFI_ERROR (Status)) {
Result->Type = EFI_IFR_TYPE_UNDEFINED; Result->Type = EFI_IFR_TYPE_UNDEFINED;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
goto Done; goto Done;
} }
ASSERT (HandleBuffer != NULL);
for ( Index = 0; Index < BufferSize / sizeof(EFI_HANDLE); Index ++) { for ( Index = 0; Index < BufferSize / sizeof(EFI_HANDLE); Index ++) {
Status = gBS->HandleProtocol ( Status = gBS->HandleProtocol (
HandleBuffer[Index], HandleBuffer[Index],

2
MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
View File

@ -2144,6 +2144,7 @@ ParseOpCodes (
// Option // Option
// //
case EFI_IFR_ONE_OF_OPTION_OP: case EFI_IFR_ONE_OF_OPTION_OP:
ASSERT (ParentStatement != NULL);
if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP && ((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT | EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) { if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP && ((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT | EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) {
// //
// It's keep the default value for ordered list opcode. // It's keep the default value for ordered list opcode.
@ -2198,7 +2199,6 @@ ParseOpCodes (
CopyMem (CurrentOption->SuppressExpression->Expression, GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION *) * ConditionalExprCount)); CopyMem (CurrentOption->SuppressExpression->Expression, GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION *) * ConditionalExprCount));
} }
ASSERT (ParentStatement != NULL);
// //
// Insert to Option list of current Question // Insert to Option list of current Question
// //