diff options
| author | Eric Dong <eric.dong@intel.com> | 2015-05-19 09:26:25 +0000 |
|---|---|---|
| committer | ydong10 <ydong10@Edk2> | 2015-05-19 09:26:25 +0000 |
| commit | aee257db53c87e5657b9e2c8aa558b58c4ec0fb4 (patch) | |
| tree | 2b57bb967c981a7dc8537900a42799ff421a6860 /MdeModulePkg | |
| parent | 5f25ead991ad34f5d11b6b7f5f6a50479142934f (diff) | |
| download | edk2-platforms-aee257db53c87e5657b9e2c8aa558b58c4ec0fb4.tar.xz | |
MdeModulePkg: Fix potential buffer overflow issues.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17472 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h | 3 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/SetupBrowserDxe/Expression.c | 5 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h index eeb9b2f318..063e94c6bc 100644 --- a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h +++ b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.h @@ -113,8 +113,9 @@ extern BOOLEAN gMisMatch; //
// It take 23 characters including the NULL to print a 64 bits number with "[" and "]".
// pow(2, 64) = [18446744073709551616]
+// with extra '-' flat, set the width to 24.
//
-#define MAX_NUMERIC_INPUT_WIDTH 23
+#define MAX_NUMERIC_INPUT_WIDTH 24
#define EFI_HII_EXPRESSION_INCONSISTENT_IF 0
#define EFI_HII_EXPRESSION_NO_SUBMIT_IF 1
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c index 01e114b0e3..637cfda3f6 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c @@ -1561,12 +1561,15 @@ IfrMatch2 ( &BufferSize,
HandleBuffer);
- } else if (EFI_ERROR (Status)) {
+ }
+
+ if (EFI_ERROR (Status)) {
Result->Type = EFI_IFR_TYPE_UNDEFINED;
Status = EFI_SUCCESS;
goto Done;
}
+ ASSERT (HandleBuffer != NULL);
for ( Index = 0; Index < BufferSize / sizeof(EFI_HANDLE); Index ++) {
Status = gBS->HandleProtocol (
HandleBuffer[Index],
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c index 8ddc449e69..3785c32f3c 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c @@ -2144,6 +2144,7 @@ ParseOpCodes ( // Option
//
case EFI_IFR_ONE_OF_OPTION_OP:
+ ASSERT (ParentStatement != NULL);
if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP && ((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT | EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) {
//
// It's keep the default value for ordered list opcode.
@@ -2198,7 +2199,6 @@ ParseOpCodes ( CopyMem (CurrentOption->SuppressExpression->Expression, GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION *) * ConditionalExprCount));
}
- ASSERT (ParentStatement != NULL);
//
// Insert to Option list of current Question
//
|