diff options
| author | Jeff Fan <jeff.fan@intel.com> | 2014-08-14 02:00:11 +0000 |
|---|---|---|
| committer | vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524> | 2014-08-14 02:00:11 +0000 |
| commit | a1360fa3de6dade1b9d204284356df52bc58e801 (patch) | |
| tree | 134c9df9b714580764ae97e2ccc279c0b8051f02 /IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c | |
| parent | 74a6d86079793bbd53e4d4fd67e6c3d1477f59fa (diff) | |
| download | edk2-platforms-a1360fa3de6dade1b9d204284356df52bc58e801.tar.xz | |
Use StrnCat instead of StrCat to avoid target buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Eric Dong <Eric.Dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15797 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c')
| -rw-r--r-- | IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c b/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c index 410d4f1db6..5a6fa78553 100644 --- a/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c +++ b/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c @@ -1,7 +1,7 @@ /** @file
Perform the platform memory test
-Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -230,11 +230,13 @@ BdsMemoryTest ( EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
BOOLEAN IsFirstBoot;
UINT32 TempData;
+ UINTN StrTotalMemorySize;
ReturnStatus = EFI_SUCCESS;
ZeroMem (&Key, sizeof (EFI_INPUT_KEY));
- Pos = AllocatePool (128);
+ StrTotalMemorySize = 128;
+ Pos = AllocateZeroPool (StrTotalMemorySize);
if (Pos == NULL) {
return ReturnStatus;
@@ -322,7 +324,7 @@ BdsMemoryTest ( //
// TmpStr size is 64, StrPercent is reserved to 16.
//
- StrCat (StrPercent, TmpStr);
+ StrnCat (StrPercent, TmpStr, sizeof (StrPercent) / sizeof (CHAR16) - StrLen (StrPercent) - 1);
PrintXY (10, 10, NULL, NULL, StrPercent);
FreePool (TmpStr);
}
@@ -382,11 +384,12 @@ Done: UnicodeValueToString (StrTotalMemory, COMMA_TYPE, TotalMemorySize, 0);
if (StrTotalMemory[0] == L',') {
StrTotalMemory++;
+ StrTotalMemorySize -= sizeof (CHAR16);
}
TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED));
if (TmpStr != NULL) {
- StrCat (StrTotalMemory, TmpStr);
+ StrnCat (StrTotalMemory, TmpStr, StrTotalMemorySize / sizeof (CHAR16) - StrLen (StrTotalMemory) - 1);
FreePool (TmpStr);
}
|