diff options
| author | Ruiyu Ni <ruiyu.ni@intel.com> | 2015-07-10 02:16:42 +0000 |
|---|---|---|
| committer | niruiyu <niruiyu@Edk2> | 2015-07-10 02:16:42 +0000 |
| commit | 579b5ef204947defbd6fc60c11bdd740ad09d6e9 (patch) | |
| tree | 356931cca38524a3890788e9ddf8d2ccc39b1fea /MdeModulePkg/Library/SmmLockBoxLib | |
| parent | d7fc5cfd68bdf7d0b3d94fe08a523130c961d296 (diff) | |
| download | edk2-platforms-579b5ef204947defbd6fc60c11bdd740ad09d6e9.tar.xz | |
MdeModulePkg: Fix potential integer overflow issue
In certain rare circumstance, the data passed from outside of SMM may be
invalid resulting the integer overflow. The issue are found by code review.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17908 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Library/SmmLockBoxLib')
| -rw-r--r-- | MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c index a789daf9a8..23a786d56e 100644 --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c @@ -1,6 +1,6 @@ /** @file
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -394,6 +394,7 @@ UpdateLockBox ( DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));
return EFI_BUFFER_TOO_SMALL;
}
+ ASSERT ((UINTN)LockBox->SmramBuffer <= (MAX_ADDRESS - Offset));
CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length);
//
|