REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333
In function InstallPreHashFvPpi, when calculating the size
of struct HASH_INFOļ¼sizeof is used twice. This bug does
not lead to buffer overflow, "sizeof (HASH_INFO)" is 4,
whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8.
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Signed-off-by: Wenyi Xie <xiewen...@huawei.com>
Reviewed-by: Laszlo Ersek <ler...@redhat.com>
---
SecurityPkg/FvReportPei/FvReportPei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SecurityPkg/FvReportPei/FvReportPei.c
b/SecurityPkg/FvReportPei/FvReportPei.c
index d709760ea3ce..e82413e090c0 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -67,7 +67,7 @@ InstallPreHashFvPpi (
HASH_INFO *HashInfo;
PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI)
- + sizeof (sizeof (HASH_INFO))
+ + sizeof (HASH_INFO)
+ HashSize;
PreHashedFvPpi = AllocatePool (PpiSize);
--
2.20.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78348): https://edk2.groups.io/g/devel/message/78348
Mute This Topic: https://groups.io/mt/84523794/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
