MdeModulePkg/NvmExpress: Fix bug of handling not null-terminated strings

In EnumerateNvmeDevNamespace(), when Private->ControllerData->Sn and/or
Private->ControllerData->Mn are NOT null-terminated strings,
UnicodeSPrintAsciiFormat(…) may generate unexpected (garbage) output
string.

Cc: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

2 files changed, 15 insertions, 6 deletions

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
index 54d637e7d0..49a73c4f91 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@@ -74,6 +74,8 @@ EnumerateNvmeDevNamespace (
   UINT32                                Lbads;

   UINT32                                Flbas;

   UINT32                                LbaFmtIdx;

+  UINT8                                 Sn[21];

+  UINT8                                 Mn[41];

 

   NewDevicePathNode = NULL;

   DevicePath        = NULL;

@@ -265,7 +267,11 @@ EnumerateNvmeDevNamespace (
     //

     // Build controller name for Component Name (2) protocol.

     //

-    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Private->ControllerData->Sn, Private->ControllerData->Mn, NamespaceData->Eui64);

+    CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn));

+    Sn[20] = 0;

+    CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn));

+    Mn[40] = 0;

+    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Sn, Mn, NamespaceData->Eui64);

 

     AddUnicodeString2 (

       "eng",

diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
index 60b06b45e6..009ad7c43d 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
@@ -785,7 +785,8 @@ NvmeControllerInit (
   NVME_AQA                        Aqa;

   NVME_ASQ                        Asq;

   NVME_ACQ                        Acq;

-

+  UINT8                           Sn[21];

+  UINT8                           Mn[41];

   //

   // Save original PCI attributes and enable this controller.

   //

@@ -943,13 +944,15 @@ NvmeControllerInit (
   //

   // Dump NvmExpress Identify Controller Data

   //

-  Private->ControllerData->Sn[19] = 0;

-  Private->ControllerData->Mn[39] = 0;

+  CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn));

+  Sn[20] = 0;

+  CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn));

+  Mn[40] = 0;

   DEBUG ((EFI_D_INFO, " == NVME IDENTIFY CONTROLLER DATA ==\n"));

   DEBUG ((EFI_D_INFO, "    PCI VID   : 0x%x\n", Private->ControllerData->Vid));

   DEBUG ((EFI_D_INFO, "    PCI SSVID : 0x%x\n", Private->ControllerData->Ssvid));

-  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   (CHAR8 *)(Private->ControllerData->Sn)));

-  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   (CHAR8 *)(Private->ControllerData->Mn)));

+  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   Sn));

+  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   Mn));

   DEBUG ((EFI_D_INFO, "    FR        : 0x%x\n", *((UINT64*)Private->ControllerData->Fr)));

   DEBUG ((EFI_D_INFO, "    RAB       : 0x%x\n", Private->ControllerData->Rab));

   DEBUG ((EFI_D_INFO, "    IEEE      : 0x%x\n", *(UINT32*)Private->ControllerData->Ieee_oui));