BaseTools/VfrCompile: Add checks for array access

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

2 files changed, 11 insertions, 0 deletions

diff --git a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
index 37cac24f14..f15bff1187 100644
--- a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
+++ b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
@@ -30,6 +30,8 @@
  * 1989-2000

  */

 

+#include <assert.h>

+

 #define ZZINC {if ( track_columns ) (++_endcol);}

 

 #define ZZGETC {ch = input->nextChar(); cl = ZZSHIFT(ch);}

@@ -114,6 +116,7 @@ more:
 		state = dfa_base[automaton];

 		while (ZZNEWSTATE != DfaStates) {

 			state = newstate;

+            assert(state <= sizeof(dfa)/sizeof(dfa[0]));

 			ZZCOPY;

 			ZZGETC;

 			ZZINC;

diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index 1ab95bec0a..24b0bfa6fd 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -1474,6 +1474,10 @@ CVfrDataStorage::GetFreeVarStoreId (
     }

   }

 

+  if (Index == EFI_FREE_VARSTORE_ID_BITMAP_SIZE) {

+    return EFI_VARSTORE_ID_INVALID;

+  }

+

   for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {

     if ((mFreeVarStoreIdBitMap[Index] & Mask) == 0) {

       mFreeVarStoreIdBitMap[Index] |= Mask;

@@ -2437,6 +2441,10 @@ CVfrQuestionDB::GetFreeQuestionId (
     }

   }

 

+  if (Index == EFI_FREE_QUESTION_ID_BITMAP_SIZE) {

+    return EFI_QUESTION_ID_INVALID;

+  }

+

   for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {

     if ((mFreeQIdBitMap[Index] & Mask) == 0) {

       mFreeQIdBitMap[Index] |= Mask;