From 9e2364ef1203f81c8572766d360fb7b10c2cda56 Mon Sep 17 00:00:00 2001
From: Jeff Fan <jeff.fan@intel.com>
Date: Mon, 30 Jun 2014 06:13:53 +0000
Subject: Fix the potential address overflow issue when checking PE signature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Library/DebugAgent/DebugAgentCommon/DebugAgent.c              | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'SourceLevelDebugPkg')

diff --git a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
index 48bc38ca54..f3da983946 100644
--- a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
+++ b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
@@ -214,10 +214,12 @@ FindAndReportModuleImageInfo (
     if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
       //
       // DOS image header is present, so read the PE header after the DOS image header.
-      // Check if address overflow firstly.
       //
-      if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) {
-        Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew));
+      Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
+      //
+      // Make sure PE header address does not overflow and is less than the initial address.
+      //
+      if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) {
         if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
           //
           // It's PE image.
-- 
cgit v1.2.3