Execuse me, I made a mistake and sent the wrong patch. Please ignore it. Thanks Wenyi
On 2021/7/29 15:45, Wenyi Xie wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333 > > In function InstallPreHashFvPpi, when calculating the size > of struct HASH_INFOļ¼sizeof is used twice. This bug does > not lead to buffer overflow, "sizeof (HASH_INFO)" is 4, > whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8. > > Cc: Jiewen Yao <[email protected]> > Cc: Jian J Wang <[email protected]> > Cc: Laszlo Ersek <[email protected]> > Signed-off-by: Wenyi Xie <[email protected]> > Reviewed-by: Laszlo Ersek <[email protected]> > --- > SecurityPkg/FvReportPei/FvReportPei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c > b/SecurityPkg/FvReportPei/FvReportPei.c > index d709760ea3ce..e82413e090c0 100644 > --- a/SecurityPkg/FvReportPei/FvReportPei.c > +++ b/SecurityPkg/FvReportPei/FvReportPei.c > @@ -67,7 +67,7 @@ InstallPreHashFvPpi ( > HASH_INFO *HashInfo; > > PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) > - + sizeof (sizeof (HASH_INFO)) > + + sizeof (HASH_INFO) > + HashSize; > > PreHashedFvPpi = AllocatePool (PpiSize); > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78349): https://edk2.groups.io/g/devel/message/78349 Mute This Topic: https://groups.io/mt/84523794/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
