Re: [edk2-devel] [PATCH EDK2 v2 1/1] SecurityPkg/FvReportPei: remove redundant sizeof

Thu, 29 Jul 2021 01:23:20 -0700 

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> wenyi,xie via groups.io
> Sent: Thursday, July 29, 2021 3:45 PM
> To: devel@edk2.groups.io; Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A
> <hao.a...@intel.com>
> Cc: songdongku...@huawei.com; xiewen...@huawei.com; Yao, Jiewen
> <jiewen....@intel.com>; Laszlo Ersek <ler...@redhat.com>
> Subject: [edk2-devel] [PATCH EDK2 v2 1/1] SecurityPkg/FvReportPei: remove
> redundant sizeof
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333
> 
> In function InstallPreHashFvPpi, when calculating the size
> of struct HASH_INFOļ¼Œsizeof is used twice. This bug does
> not lead to buffer overflow, "sizeof (HASH_INFO)" is 4,
> whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8.


Thanks.
Reviewed-by: Hao A Wu <hao.a...@intel.com>

I will wait a couple days before merging to see if any additional comment from 
other reviewers.

Best Regards,
Hao Wu


> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Signed-off-by: Wenyi Xie <xiewen...@huawei.com>
> Reviewed-by: Laszlo Ersek <ler...@redhat.com>
> ---
>  SecurityPkg/FvReportPei/FvReportPei.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/SecurityPkg/FvReportPei/FvReportPei.c
> b/SecurityPkg/FvReportPei/FvReportPei.c
> index d709760ea3ce..e82413e090c0 100644
> --- a/SecurityPkg/FvReportPei/FvReportPei.c
> +++ b/SecurityPkg/FvReportPei/FvReportPei.c
> @@ -67,7 +67,7 @@ InstallPreHashFvPpi (
>    HASH_INFO                                         *HashInfo;
> 
>    PpiSize = sizeof
> (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI)
> -            + sizeof (sizeof (HASH_INFO))
> +            + sizeof (HASH_INFO)
>              + HashSize;
> 
>    PreHashedFvPpi = AllocatePool (PpiSize);
> --
> 2.20.1.windows.1
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78353): https://edk2.groups.io/g/devel/message/78353
Mute This Topic: https://groups.io/mt/84523794/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to