Execuse me, I made a mistake and sent the wrong patch. Please ignore it. Thanks Wenyi
On 2021/7/29 15:45, Wenyi Xie wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333 > > In function InstallPreHashFvPpi, when calculating the size > of struct HASH_INFOļ¼sizeof is used twice. This bug does > not lead to buffer overflow, "sizeof (HASH_INFO)" is 4, > whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Signed-off-by: Wenyi Xie <xiewen...@huawei.com> > Reviewed-by: Laszlo Ersek <ler...@redhat.com> > --- > SecurityPkg/FvReportPei/FvReportPei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c > b/SecurityPkg/FvReportPei/FvReportPei.c > index d709760ea3ce..e82413e090c0 100644 > --- a/SecurityPkg/FvReportPei/FvReportPei.c > +++ b/SecurityPkg/FvReportPei/FvReportPei.c > @@ -67,7 +67,7 @@ InstallPreHashFvPpi ( > HASH_INFO *HashInfo; > > PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) > - + sizeof (sizeof (HASH_INFO)) > + + sizeof (HASH_INFO) > + HashSize; > > PreHashedFvPpi = AllocatePool (PpiSize); > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78349): https://edk2.groups.io/g/devel/message/78349 Mute This Topic: https://groups.io/mt/84523794/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-