diff options
author | Star Zeng <star.zeng@intel.com> | 2016-03-18 09:52:44 +0800 |
---|---|---|
committer | Star Zeng <star.zeng@intel.com> | 2016-03-22 11:00:40 +0800 |
commit | c2a07a10b1a781fe18942f54d6cf282aa855f72c (patch) | |
tree | 05a90fed000ef48201ef44afb789dbe75160040f /MdeModulePkg | |
parent | f0459afe9172587bfdcef55ebe4beddb6fc8d286 (diff) | |
download | edk2-platforms-c2a07a10b1a781fe18942f54d6cf282aa855f72c.tar.xz |
MdeModulePkg DxeCore: Address boundary check for Type AllocateAddress
Check for Type AllocateAddress,
if NumberOfPages is 0 or
if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or
if (Start + NumberOfBytes) rolls over 0 or
if Start is above MAX_ADDRESS or
if End is above MAX_ADDRESS,
return EFI_NOT_FOUND.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'MdeModulePkg')
-rw-r--r-- | MdeModulePkg/Core/Dxe/Mem/Page.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 62738a1875..2f4ff8ecfd 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1201,6 +1201,8 @@ CoreInternalAllocatePages ( {
EFI_STATUS Status;
UINT64 Start;
+ UINT64 NumberOfBytes;
+ UINT64 End;
UINT64 MaxAddress;
UINTN Alignment;
@@ -1246,6 +1248,30 @@ CoreInternalAllocatePages ( //
MaxAddress = MAX_ADDRESS;
+ //
+ // Check for Type AllocateAddress,
+ // if NumberOfPages is 0 or
+ // if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or
+ // if (Start + NumberOfBytes) rolls over 0 or
+ // if Start is above MAX_ADDRESS or
+ // if End is above MAX_ADDRESS,
+ // return EFI_NOT_FOUND.
+ //
+ if (Type == AllocateAddress) {
+ if ((NumberOfPages == 0) ||
+ (NumberOfPages > RShiftU64 (MaxAddress, EFI_PAGE_SHIFT))) {
+ return EFI_NOT_FOUND;
+ }
+ NumberOfBytes = LShiftU64 (NumberOfPages, EFI_PAGE_SHIFT);
+ End = Start + NumberOfBytes - 1;
+
+ if ((Start >= End) ||
+ (Start > MaxAddress) ||
+ (End > MaxAddress)) {
+ return EFI_NOT_FOUND;
+ }
+ }
+
if (Type == AllocateMaxAddress) {
MaxAddress = Start;
}
|