sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BaseTools/C/Common: Add checks for array access

Browse Source 
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu
2016-09-27 13:28:33 +08:00
parent f45b5a7605
commit b3520abde8
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BaseTools/Source/C/Common/CommonLib.c
View File

@@ -1,7 +1,7 @@
/** @file
Common basic Library Functions
Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -652,7 +652,11 @@ Returns:
//
// Construct the full file path
//
strcat (mCommonLibFullPath, FileName);
if (strlen (mCommonLibFullPath) + strlen (FileName) > MAX_LONG_FILE_PATH - 1) {
Error (NULL, 0, 2000, "Invalid parameter", "FileName %s is too long!", FileName);
return NULL;
}
strncat (mCommonLibFullPath, FileName, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
//
// Convert directory separator '/' to '\\'

7
BaseTools/Source/C/Common/Decompress.c
View File

@@ -2,7 +2,7 @@
Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano
compress algorithm.
Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "Decompress.h"
//
@@ -240,7 +241,7 @@ Returns:
for (Char = 0; Char < NumOfChar; Char++) {
Len = BitLen[Char];
if (Len == 0) {
if (Len == 0 || Len >= 17) {
continue;
}
@@ -373,6 +374,8 @@ Returns:
UINT16 Index;
UINT32 Mask;
assert (nn <= NPT);
Number = (UINT16) GetBits (Sd, nbit);
if (Number == 0) {