From b86b413a96f12d45debb91afdcb24def2ef4772a Mon Sep 17 00:00:00 2001 From: lgao4 Date: Mon, 22 Feb 2010 06:30:41 +0000 Subject: 1. Update GetStringWorker() of HiiDataBaseDxe to only search in other language and not update the StringSize to avoid GetString() buffer overflow. 2. Update SetupBrowser to correctly handle ordered list option. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10041 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Universal/HiiDatabaseDxe/String.c | 13 ++++++++++--- MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c | 4 ++++ MdeModulePkg/Universal/SetupBrowserDxe/ProcessOptions.c | 14 +++++++++++++- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/String.c b/MdeModulePkg/Universal/HiiDatabaseDxe/String.c index 5fc3642115..321b2f7040 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/String.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/String.c @@ -599,7 +599,7 @@ GetStringWorker ( IN HII_STRING_PACKAGE_INSTANCE *StringPackage, IN EFI_STRING_ID StringId, OUT EFI_STRING String, - IN OUT UINTN *StringSize, + IN OUT UINTN *StringSize, OPTIONAL OUT EFI_FONT_INFO **StringFontInfo OPTIONAL ) { @@ -610,7 +610,7 @@ GetStringWorker ( EFI_STATUS Status; UINT8 FontId; - ASSERT (StringPackage != NULL && StringSize != NULL); + ASSERT (StringPackage != NULL); ASSERT (Private != NULL && Private->Signature == HII_DATABASE_PRIVATE_DATA_SIGNATURE); // @@ -629,6 +629,13 @@ GetStringWorker ( return Status; } + if (StringSize == NULL) { + // + // String text buffer is not requested + // + return EFI_SUCCESS; + } + // // Get the string text. // @@ -1471,7 +1478,7 @@ HiiGetString ( Link = Link->ForwardLink ) { StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry, HII_STRING_PACKAGE_SIGNATURE); - Status = GetStringWorker (Private, StringPackage, StringId, String, StringSize, StringFontInfo); + Status = GetStringWorker (Private, StringPackage, StringId, NULL, NULL, NULL); if (!EFI_ERROR (Status)) { return EFI_INVALID_LANGUAGE; } diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c index 02684e46ca..fc03834f1d 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c @@ -590,6 +590,9 @@ DestroyStatement ( if (Statement->BlockName != NULL) { FreePool (Statement->BlockName); } + if (Statement->BufferValue != NULL) { + FreePool (Statement->BufferValue); + } } @@ -1352,6 +1355,7 @@ ParseOpCodes ( CurrentStatement->MaxContainers = ((EFI_IFR_ORDERED_LIST *) OpCodeData)->MaxContainers; CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BUFFER; + CurrentStatement->BufferValue = NULL; if (Scope != 0) { SuppressForOption = TRUE; diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/ProcessOptions.c b/MdeModulePkg/Universal/SetupBrowserDxe/ProcessOptions.c index 639c04dafb..5eeec77af2 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/ProcessOptions.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/ProcessOptions.c @@ -2,7 +2,7 @@ Implementation for handling the User Interface option processing. -Copyright (c) 2004 - 2009, Intel Corporation +Copyright (c) 2004 - 2010, Intel Corporation All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -421,6 +421,12 @@ ProcessOptions ( switch (Question->Operand) { case EFI_IFR_ORDERED_LIST_OP: + // + // Check whether there are Options of this OrderedList + // + if (IsListEmpty (&Question->OptionListHead)) { + break; + } // // Initialize Option value array // @@ -508,6 +514,12 @@ ProcessOptions ( break; case EFI_IFR_ONE_OF_OP: + // + // Check whether there are Options of this OneOf + // + if (IsListEmpty (&Question->OptionListHead)) { + break; + } if (Selected) { // // Go ask for input -- cgit v1.2.3