sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg/Core: Fix potential array overflow

Browse Source 
In the method DumpGuardedMemoryBitmap() and SetAllGuardPages(), the code
didn't check if the global mMapLevel is legal value or not, which leaves
a logic hole causing potential array overflow in code followed.

This patch adds sanity check before any array reference in those methods.

Cc: Wu Hao <hao.a.wu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Wu Hao <hao.a.wu@intel.com>
This commit is contained in:
Jian J Wang
2017-11-23 08:56:46 +08:00
committed by Hao Wu
parent 938d2456fc
commit c6c501654e
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
View File

@@ -1110,7 +1110,9 @@ DumpGuardedMemoryBitmap (
CHAR8 *Ruler1; CHAR8 *Ruler1;
CHAR8 *Ruler2; CHAR8 *Ruler2;
if (mGuardedMemoryMap == 0) { if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return; return;
} }

8
MdeModulePkg/Core/PiSmmCore/HeapGuard.c
View File

@@ -1170,7 +1170,9 @@ SetAllGuardPages (
UINTN Index; UINTN Index;
BOOLEAN OnGuarding; BOOLEAN OnGuarding;
if (mGuardedMemoryMap == 0) { if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return; return;
} }
@@ -1329,7 +1331,9 @@ DumpGuardedMemoryBitmap (
CHAR8 *Ruler1; CHAR8 *Ruler1;
CHAR8 *Ruler2; CHAR8 *Ruler2;
if (mGuardedMemoryMap == 0) { if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return; return;
} }