[edk2] [patch 2/3] MdeModulePkg/NvmExpress: Fix bug of handling not null-terminated strings

Tue, 24 Nov 2015 00:51:13 -0800 

In EnumerateNvmeDevNamespace(), when Private->ControllerData->Sn and/or
Private->ControllerData->Mn are NOT null-terminated strings,
UnicodeSPrintAsciiFormat(…) may generate unexpected (garbage) output
string.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.t...@intel.com>
Cc: Simon (Xiang) Lian-SSI <simon.l...@ssi.samsung.com>
Cc: Star Zeng <star.z...@intel.com>
---
 MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c    |  8 +++++++-
 MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c | 13 ++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c 
b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index 4d34526..224b2ee 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -74,6 +74,8 @@ EnumerateNvmeDevNamespace (
   UINT32                                Lbads;
   UINT32                                Flbas;
   UINT32                                LbaFmtIdx;
+  UINT8                                 Sn[21];
+  UINT8                                 Mn[41];
 
   NewDevicePathNode = NULL;
   DevicePath        = NULL;
@@ -264,7 +266,11 @@ EnumerateNvmeDevNamespace (
     //
     // Build controller name for Component Name (2) protocol.
     //
-    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), 
"%a-%a-%x", Private->ControllerData->Sn, Private->ControllerData->Mn, 
NamespaceData->Eui64);
+    CopyMem (Sn, Private->ControllerData->Sn, sizeof 
(Private->ControllerData->Sn));
+    Sn[20] = 0;
+    CopyMem (Mn, Private->ControllerData->Mn, sizeof 
(Private->ControllerData->Mn));
+    Mn[40] = 0;
+    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), 
"%a-%a-%x", Sn, Mn, NamespaceData->Eui64);
 
     AddUnicodeString2 (
       "eng",
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c 
b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
index f6b6288..c90f0a7 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
@@ -785,7 +785,8 @@ NvmeControllerInit (
   NVME_AQA                        Aqa;
   NVME_ASQ                        Asq;
   NVME_ACQ                        Acq;
-
+  UINT8                           Sn[21];
+  UINT8                           Mn[41];
   //
   // Save original PCI attributes and enable this controller.
   //
@@ -945,13 +946,15 @@ NvmeControllerInit (
   //
   // Dump NvmExpress Identify Controller Data
   //
-  Private->ControllerData->Sn[19] = 0;
-  Private->ControllerData->Mn[39] = 0;
+  CopyMem (Sn, Private->ControllerData->Sn, sizeof 
(Private->ControllerData->Sn));
+  Sn[20] = 0;
+  CopyMem (Mn, Private->ControllerData->Mn, sizeof 
(Private->ControllerData->Mn));
+  Mn[40] = 0;
   DEBUG ((EFI_D_INFO, " == NVME IDENTIFY CONTROLLER DATA ==\n"));
   DEBUG ((EFI_D_INFO, "    PCI VID   : 0x%x\n", Private->ControllerData->Vid));
   DEBUG ((EFI_D_INFO, "    PCI SSVID : 0x%x\n", 
Private->ControllerData->Ssvid));
-  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   (CHAR8 
*)(Private->ControllerData->Sn)));
-  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   (CHAR8 
*)(Private->ControllerData->Mn)));
+  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   Sn));
+  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   Mn));
   DEBUG ((EFI_D_INFO, "    FR        : 0x%x\n", 
*((UINT64*)Private->ControllerData->Fr)));
   DEBUG ((EFI_D_INFO, "    RAB       : 0x%x\n", Private->ControllerData->Rab));
   DEBUG ((EFI_D_INFO, "    IEEE      : 0x%x\n", 
*(UINT32*)Private->ControllerData->Ieee_oui));
-- 
1.9.5.msysgit.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to