diff options
| author | ydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-01-10 03:01:16 +0000 |
|---|---|---|
| committer | ydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-01-10 03:01:16 +0000 |
| commit | fda93fc4495ca0343d57f82b8df4583d3f877b8f (patch) | |
| tree | 9502b6b547579ea27657e4f8288424c3b00dd207 /MdeModulePkg | |
| parent | 724f26a9d02e6c6fb87d85243d2849c153cffbb5 (diff) | |
| download | edk2-platforms-fda93fc4495ca0343d57f82b8df4583d3f877b8f.tar.xz | |
Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14044 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c index ba74d0f88f..6d2755ce36 100644 --- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c +++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c @@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting ( UINT16 Offset;
UINT16 Width;
UINT64 VarValue;
- UINT64 TmpValue;
+ EFI_IFR_TYPE_VALUE TmpValue;
LIST_ENTRY *Link;
UINT8 *VarBuffer;
UINTN MaxBufferSize;
@@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting ( //
// Check current value is the value of one of option.
//
- TmpValue = 0;
+ ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);
+ ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));
CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));
- if (VarValue == TmpValue) {
+ if (VarValue == TmpValue.u64) {
//
// The value is one of option value.
// Set OpCode to Zero, don't need check again.
|