On 09/21/18 09:25, Ruiyu Ni wrote: > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ruiyu Ni <ruiyu...@intel.com> > Cc: Star Zeng <star.z...@intel.com> > --- > .../Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c | 26 > +++++++++++++++++----- > 1 file changed, 21 insertions(+), 5 deletions(-) > > diff --git a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c > b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c > index f8a1239ceb..0b6b56f846 100644 > --- a/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c > +++ b/MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciRootBridgeIo.c > @@ -321,6 +321,7 @@ RootBridgeIoCheckParameter ( > UINT64 Base; > UINT64 Limit; > UINT32 Size; > + UINT64 Length; > > // > // Check to see if Buffer is NULL > @@ -337,7 +338,7 @@ RootBridgeIoCheckParameter ( > } > > // > - // For FIFO type, the target address won't increase during the access, > + // For FIFO type, the device address won't increase during the access, > // so treat Count as 1 > // > if (Width >= EfiPciWidthFifoUint8 && Width <= EfiPciWidthFifoUint64) { > @@ -347,6 +348,13 @@ RootBridgeIoCheckParameter ( > Width = (EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_WIDTH) (Width & 0x03); > Size = 1 << Width; > > + // > + // Make sure (Count * Size) doesn't exceed MAX_UINT64 > + // > + if (Count > DivU64x32 (MAX_UINT64, Size)) { > + return EFI_INVALID_PARAMETER; > + } > + > // > // Check to see if Address is aligned > // > @@ -354,6 +362,14 @@ RootBridgeIoCheckParameter ( > return EFI_UNSUPPORTED; > } > > + // > + // Make sure (Address + Count * Size) doesn't exceed MAX_UINT64 > + // > + Length = MultU64x32 (Count, Size); > + if (Address > MAX_UINT64 - Length) { > + return EFI_INVALID_PARAMETER; > + } > + > RootBridge = ROOT_BRIDGE_FROM_THIS (This); > > // > @@ -372,7 +388,7 @@ RootBridgeIoCheckParameter ( > // > // Allow Legacy IO access > // > - if (Address + MultU64x32 (Count, Size) <= 0x1000) { > + if (Address + Length <= 0x1000) { > if ((RootBridge->Attributes & ( > EFI_PCI_ATTRIBUTE_ISA_IO | EFI_PCI_ATTRIBUTE_VGA_PALETTE_IO | > EFI_PCI_ATTRIBUTE_VGA_IO | > EFI_PCI_ATTRIBUTE_IDE_PRIMARY_IO | > EFI_PCI_ATTRIBUTE_IDE_SECONDARY_IO | > @@ -386,7 +402,7 @@ RootBridgeIoCheckParameter ( > // > // Allow Legacy MMIO access > // > - if ((Address >= 0xA0000) && (Address + MultU64x32 (Count, Size)) <= > 0xC0000) { > + if ((Address >= 0xA0000) && (Address + Length) <= 0xC0000) { > if ((RootBridge->Attributes & EFI_PCI_ATTRIBUTE_VGA_MEMORY) != 0) { > return EFI_SUCCESS; > } > @@ -395,7 +411,7 @@ RootBridgeIoCheckParameter ( > // By comparing the Address against Limit we know which range to be used > // for checking > // > - if (Address + MultU64x32 (Count, Size) <= RootBridge->Mem.Limit + 1) { > + if (Address + Length <= RootBridge->Mem.Limit + 1) { > Base = RootBridge->Mem.Base; > Limit = RootBridge->Mem.Limit; > } else { > @@ -427,7 +443,7 @@ RootBridgeIoCheckParameter ( > return EFI_INVALID_PARAMETER; > } > > - if (Address + MultU64x32 (Count, Size) > Limit + 1) { > + if (Address + Length > Limit + 1) { > return EFI_INVALID_PARAMETER; > } > >
Reviewed-by: Laszlo Ersek <ler...@redhat.com> _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel