From 3a1966c4e2f04374178872b064c3a8e42a0eb776 Mon Sep 17 00:00:00 2001
From: jyao1 <jyao1>
Date: Fri, 17 Jan 2014 03:42:09 +0000
Subject: DxeCore is designed to trust input data, so add comments to reminder
 caller to do check to follow PI specification when necessary. Since LBA_CACHE
 is DxeCore implementation specific, DxeCore will check it here.

Signed-off by: jiewen yao <jiewen.yao@intel.com>
Reviewed by: liming gao <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15136 6f19259b-4bc3-4df7-8a09-765794883524
---
 MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'MdeModulePkg')

diff --git a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c
index 27a7f43fe5..fffd821b51 100644
--- a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c
+++ b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c
@@ -4,7 +4,7 @@
   It consumes FV HOBs and creates read-only Firmare Volume Block protocol
   instances for each of them.
 
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -524,9 +524,14 @@ ProduceFVBProtocolOnBuffer (
        PtrBlockMapEntry++) {
     FvbDev->NumBlocks += PtrBlockMapEntry->NumBlocks;
   }
+
   //
   // Second, allocate the cache
   //
+  if (FvbDev->NumBlocks >= (MAX_ADDRESS / sizeof (LBA_CACHE))) {
+    CoreFreePool (FvbDev);
+    return EFI_OUT_OF_RESOURCES;
+  }
   FvbDev->LbaCache = AllocatePool (FvbDev->NumBlocks * sizeof (LBA_CACHE));
   if (FvbDev->LbaCache == NULL) {
     CoreFreePool (FvbDev);
@@ -641,6 +646,10 @@ FwVolBlockDriverInit (
   particular, it can be called by BDS to process a single firmware
   volume found in a capsule.
 
+  Caution: The caller need validate the input firmware volume to follow
+  PI specification.
+  DxeCore will trust the input data and process firmware volume directly.
+
   @param  FvHeader               pointer to a firmware volume header
   @param  Size                   the size of the buffer pointed to by FvHeader
   @param  FVProtocolHandle       the handle on which a firmware volume protocol
-- 
cgit v1.2.3