From d2eec3191275e0f799d42e179fc8d8a04290992f Mon Sep 17 00:00:00 2001 From: vanjeff Date: Fri, 10 Jul 2009 05:03:24 +0000 Subject: enhanced check when reading BMP file. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8859 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/GenericBdsLib/BdsConsole.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'IntelFrameworkModulePkg/Library') diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c index 012fe5be04..a352d80842 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c @@ -629,14 +629,15 @@ ConvertBmpToGopBlt ( // // Calculate the BltBuffer needed size. // - BltBufferSize = BmpHeader->PixelWidth * BmpHeader->PixelHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); - if (BltBufferSize >= SIZE_4GB) { - // - // If the BMP resolution is too large - // - return EFI_UNSUPPORTED; - } - + BltBufferSize = MultU64x32 ((UINT64) BmpHeader->PixelWidth, BmpHeader->PixelHeight); + // + // Ensure the BltBufferSize * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) doesn't overflow + // + if (BltBufferSize > DivU64x32 ((UINTN) ~0, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL))) { + return EFI_UNSUPPORTED; + } + BltBufferSize = MultU64x32 (BltBufferSize, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)); + IsAllocated = FALSE; if (*GopBlt == NULL) { // -- cgit v1.2.3