Enhance the check for RelocBase->SizeOfBlock before use it.

Signed-off-by: Dong Eric <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13973 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 4 insertions, 5 deletions

diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 6f056e519e..ffff0c14aa 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -984,17 +984,16 @@ PeCoffLoaderRelocateImage (
     while (RelocBase < RelocBaseEnd) {

 

       Reloc     = (UINT16 *) ((CHAR8 *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));

-      RelocEnd  = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);

-      

       //

-      // Make sure RelocEnd is in the Image range.

+      // Add check for RelocBase->SizeOfBlock field.

       //

-      if ((CHAR8 *) RelocEnd < (CHAR8 *)((UINTN) ImageContext->ImageAddress) ||

-          (CHAR8 *) RelocEnd > (CHAR8 *)((UINTN)ImageContext->ImageAddress + (UINTN)ImageContext->ImageSize)) {

+      if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > RelocDir->Size)) {

         ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;

         return RETURN_LOAD_ERROR;

       }

 

+      RelocEnd  = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);

+

       if (!(ImageContext->IsTeImage)) {

         FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress);

         if (FixupBase == NULL) {