DeviceIndex is used as index in Slot[]. The max size of Slot[] is SD_PEIM_MAX_SLOTS. So DeviceIndex should be checked before used.
Cc: Hao A Wu <hao.a...@intel.com> Cc: Ray Ni <ray...@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zh...@intel.com> --- v2. Update the check boundary from "SD_PEIM_MAX_SLOTS-1" to "SD_PEIM_MAX_SLOTS". Beacuse DeviceIndex is used as "DeviceIndex-1" in arrays. MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c index 8fa58d65b22c..ebd8270ce8e0 100644 --- a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c +++ b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c @@ -174,7 +174,7 @@ SdBlockIoPeimGetMediaInfo ( Private = GET_SD_PEIM_HC_PRIVATE_DATA_FROM_THIS (This); - if ((DeviceIndex == 0) || (DeviceIndex > Private->TotalBlkIoDevices)) { + if ((DeviceIndex == 0) || (DeviceIndex > Private->TotalBlkIoDevices) || (DeviceIndex > SD_PEIM_MAX_SLOTS)) { return EFI_INVALID_PARAMETER; } @@ -252,7 +252,7 @@ SdBlockIoPeimReadBlocks ( return EFI_SUCCESS; } - if ((DeviceIndex == 0) || (DeviceIndex > Private->TotalBlkIoDevices)) { + if ((DeviceIndex == 0) || (DeviceIndex > Private->TotalBlkIoDevices) || (DeviceIndex > SD_PEIM_MAX_SLOTS)) { return EFI_INVALID_PARAMETER; } -- 2.18.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49657): https://edk2.groups.io/g/devel/message/49657 Mute This Topic: https://groups.io/mt/39770853/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-