Re: [edk2] [PATCH 1/2] MdePkg: Fix bug in CatVSPrint introduced by r17742

Fri, 03 Jul 2015 06:20:21 -0700 

  BufferToReturn = AllocateCopyPool(SizeRequired, String);

It will touch the address out of the scope of String. Though it is only 
read operation, I think we'd better not touch it, once the String were 
allocated at the boundary of memory region. Also the patch reverts part 
of the changes in r17742 and only replace StrCpy with StrCpyS.

On 07/03/2015 08:25 PM, Ard Biesheuvel wrote:
> On 3 July 2015 at 11:34, Heyi Guo <heyi....@linaro.org> wrote:
>> SVN r17742 uses AllocateCopyPool to replace AllocateZeroPool, however
>> String can be NULL and this will trigger assert in AllocateCopyPool.
>> Error Can be replayed when we use "cd <dir>" command under Shell.
>>
>> Just use a more conservative way to replace unsafe StrCpy.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Heyi Guo <heyi....@linaro.org>
>> ---
>>   MdePkg/Library/UefiLib/UefiLibPrint.c | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdePkg/Library/UefiLib/UefiLibPrint.c 
>> b/MdePkg/Library/UefiLib/UefiLibPrint.c
>> index cc41eb0..604c25b 100644
>> --- a/MdePkg/Library/UefiLib/UefiLibPrint.c
>> +++ b/MdePkg/Library/UefiLib/UefiLibPrint.c
>> @@ -754,12 +754,16 @@ CatVSPrint (
>>       SizeRequired = sizeof(CHAR16) + (CharactersRequired * sizeof(CHAR16));
>>     }
>>
>> -  BufferToReturn = AllocateCopyPool(SizeRequired, String);
>> +  BufferToReturn = AllocateZeroPool(SizeRequired);
>>
>>     if (BufferToReturn == NULL) {
>>       return NULL;
>>     }
>>
>> +  if (String != NULL) {
>> +    StrCpyS(BufferToReturn, SizeRequired, String);
>> +  }
>> +
> How about:
>
> if (String != NULL) {
>   BufferToReturn = AllocateCopyPool(SizeRequired, String);
> } else {
>    BufferToReturn = AllocateZeroPool(SizeRequired);
> }
>
> instead?


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to