Agree.
Reviewed-by: Ray Ni
Thanks,
Ray
> -Original Message-
> From: Gerd Hoffmann
> Sent: Wednesday, January 24, 2024 8:41 PM
> To: Ni, Ray
> Cc: Guo, Gua ; devel@edk2.groups.io; Marc Beatove
> ; Ard Biesheuvel ;
> Sami Mujawar ; Mathews, John
>
> Subject: Re: RE: [PATCH v3 2/4] Standa
Hi All,
Please see my response inline marked [SAMI].
Regards,
Sami Mujawar
On 24/01/2024, 12:41, "Gerd Hoffmann" mailto:kra...@redhat.com>> wrote:
On Fri, Jan 12, 2024 at 08:56:02AM +, Ni, Ray wrote:
> It's strange to me that ARM's MM env still allows modifying HOBs.
[SAMI] We are invest
On Fri, Jan 12, 2024 at 08:56:02AM +, Ni, Ray wrote:
> It's strange to me that ARM's MM env still allows modifying HOBs.
Yes.
But fixing that is beyond the scope of this patch, which just
fixes the integer overflow in CreateHob().
Can we please move forward and get the remaining CreateHob()
It's strange to me that ARM's MM env still allows modifying HOBs.
Thanks,
Ray
> -Original Message-
> From: Guo, Gua
> Sent: Friday, January 12, 2024 10:25 AM
> To: devel@edk2.groups.io
> Cc: Guo, Gua ; Marc Beatove ;
> Ard Biesheuvel ; Sami Mujawar
> ; Ni, Ray ; Mathews, John
> ; Gerd Hof
From: Gua Guo
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765
The CreateHob() function aligns the requested size to 8
performing the following operation:
```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
```
