subject:"\[edk2\-devel\] \[PATCH v2 2\/4\] StandaloneMmPkg\/Hob\: Integer Overflow in CreateHob\(\)"

[edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Guo, Gua

From: Gua Guo REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765 The CreateHob() function aligns the requested size to 8 performing the following operation: ``` HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); ```

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Sami Mujawar

Hi Gua, Thank you for this patch. Please see my response inline marked [SAMI]. Regards, Sami Mujawar On 11/01/2024, 09:15, "gua@intel.com " mailto:gua@intel.com>> wrote: From: Gua Guo mailto:gua@intel.com>> REF: https://bugzilla.tianocore.org/show_bug

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Guo, Gua

You mean we need to add below error handle after all callers ? Hob = CreateHob (...) ASSERT (Hob != NULL); < Here Thanks, Gua -Original Message- From: Sami Mujawar Sent: Thursday, January 11, 2024 10:06 PM To: Guo, Gua ; devel@edk2.groups.io Cc: Marc Beatove ; Ard Biesh

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Sami Mujawar

Hi Gua, Please find my response inline marked [SAMI]. Regards, Sami Mujawar On 11/01/2024, 14:19, "Guo, Gua" mailto:gua@intel.com>> wrote: You mean we need to add below error handle after all callers ? Hob = CreateHob (...) ASSERT (Hob != NULL); < Here [SAMI] That would

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Guo, Gua

Maybe I can add error handle but they will have several case need to do if it's fine. It maybe increasing some BIOS size. Error Handle Error HandleError Handle Error Handle A > B -> C --> CreateHob ---

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

2024-01-11 Thread Sami Mujawar

Hi Gua, Please find my response inline marked [SAMI]. Regards, Sami Mujawar On 11/01/2024, 15:19, "Guo, Gua" mailto:gua@intel.com>> wrote: Maybe I can add error handle but they will have several case need to do if it's fine. It maybe increasing some BIOS size. Error Handle Error Handl

[edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

Re: [edk2-devel] [PATCH v2 2/4] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()

6 matches

Site Navigation

Mail list logo

Footer information