From fd8a2eb062678ea4f286974137bb2aec259e7321 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Wed, 17 Dec 2014 00:39:51 +0000 Subject: MdeModulePkg DxeCore: Fix potential FV overflow of 4GB boundary on a 32-bit systems. The traversing of a Memory Mapped FV can overflow the 4GB limit on a 32bit system during the setting up a Linked List of FFS file inside the FV. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Liming Gao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16527 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Core/Dxe/FwVol/FwVol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'MdeModulePkg/Core/Dxe/FwVol') diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c index f4a6179188..0ca765d691 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c @@ -482,7 +482,7 @@ FvCheck ( FfsHeader = (EFI_FFS_FILE_HEADER *) (FvDevice->CachedFv); } TopFvAddress = FvDevice->EndOfCachedFv; - while ((UINT8 *) FfsHeader < TopFvAddress) { + while (((UINTN) FfsHeader >= (UINTN) FvDevice->CachedFv) && ((UINTN) FfsHeader <= (UINTN) ((UINTN) TopFvAddress - sizeof (EFI_FFS_FILE_HEADER)))) { if (FileCached) { CoreFreePool (CacheFfsHeader); -- cgit v1.2.3