Revision: 17472
http://sourceforge.net/p/edk2/code/17472
Author: ydong10
Date: 2015-05-19 09:26:25 +0000 (Tue, 19 May 2015)
Log Message:
-----------
MdeModulePkg: Fix potential buffer overflow issues.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.d...@intel.com>
Reviewed-by: Liming Gao <liming....@intel.com>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h
trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
Modified: trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h
2015-05-19 09:22:59 UTC (rev 17471)
+++ trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h
2015-05-19 09:26:25 UTC (rev 17472)
@@ -113,8 +113,9 @@
//
// It take 23 characters including the NULL to print a 64 bits number with "["
and "]".
// pow(2, 64) = [18446744073709551616]
+// with extra '-' flat, set the width to 24.
//
-#define MAX_NUMERIC_INPUT_WIDTH 23
+#define MAX_NUMERIC_INPUT_WIDTH 24
#define EFI_HII_EXPRESSION_INCONSISTENT_IF 0
#define EFI_HII_EXPRESSION_NO_SUBMIT_IF 1
Modified: trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
2015-05-19 09:22:59 UTC (rev 17471)
+++ trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
2015-05-19 09:26:25 UTC (rev 17472)
@@ -1561,12 +1561,15 @@
&BufferSize,
HandleBuffer);
- } else if (EFI_ERROR (Status)) {
+ }
+
+ if (EFI_ERROR (Status)) {
Result->Type = EFI_IFR_TYPE_UNDEFINED;
Status = EFI_SUCCESS;
goto Done;
}
+ ASSERT (HandleBuffer != NULL);
for ( Index = 0; Index < BufferSize / sizeof(EFI_HANDLE); Index ++) {
Status = gBS->HandleProtocol (
HandleBuffer[Index],
Modified: trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
2015-05-19 09:22:59 UTC (rev 17471)
+++ trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
2015-05-19 09:26:25 UTC (rev 17472)
@@ -2144,6 +2144,7 @@
// Option
//
case EFI_IFR_ONE_OF_OPTION_OP:
+ ASSERT (ParentStatement != NULL);
if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP &&
((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT |
EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) {
//
// It's keep the default value for ordered list opcode.
@@ -2198,7 +2199,6 @@
CopyMem (CurrentOption->SuppressExpression->Expression,
GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION
*) * ConditionalExprCount));
}
- ASSERT (ParentStatement != NULL);
//
// Insert to Option list of current Question
//
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
