summaryrefslogtreecommitdiff
path: root/MdeModulePkg
diff options
context:
space:
mode:
authorydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524>2013-01-10 03:01:16 +0000
committerydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524>2013-01-10 03:01:16 +0000
commitfda93fc4495ca0343d57f82b8df4583d3f877b8f (patch)
tree9502b6b547579ea27657e4f8288424c3b00dd207 /MdeModulePkg
parent724f26a9d02e6c6fb87d85243d2849c153cffbb5 (diff)
downloadedk2-platforms-fda93fc4495ca0343d57f82b8df4583d3f877b8f.tar.xz
Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.
Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14044 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
-rw-r--r--MdeModulePkg/Library/UefiHiiLib/HiiLib.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
index ba74d0f88f..6d2755ce36 100644
--- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
@@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting (
UINT16 Offset;
UINT16 Width;
UINT64 VarValue;
- UINT64 TmpValue;
+ EFI_IFR_TYPE_VALUE TmpValue;
LIST_ENTRY *Link;
UINT8 *VarBuffer;
UINTN MaxBufferSize;
@@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting (
//
// Check current value is the value of one of option.
//
- TmpValue = 0;
+ ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);
+ ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));
CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));
- if (VarValue == TmpValue) {
+ if (VarValue == TmpValue.u64) {
//
// The value is one of option value.
// Set OpCode to Zero, don't need check again.