[edk2-devel] [PATCH] MdeModulePkg/TerminalDxe: Fix terminal fifo buffer overflow with UINT8 type

[gechao at greatwall.com.cn]

From: gechao <gechao at greatwall.com.cn>

The maximum fifo buffer length is RAW_FIFO_MAX_NUMBER + 1 = 257, but the
maximum value of terminal fifo buffer index is sizeof(UINT8) - 1 = 255 with
UINT8 type, so check if fifo buffer is empty or full with below expression,
((Tail + 1) % (RAW_FIFO_MAX_NUMBER + 1)) == Head, (Tail + 1) might be
sizeof(UINT8) + 1 = 256, for UINT8 type, it does not make any sense.

Signed-off-by: gechao <gechao at greatwall.com.cn>
---
 MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
index 378ace13ce..360e58e847 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
@@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/BaseLib.h>
 
 
-#define RAW_FIFO_MAX_NUMBER 256
+#define RAW_FIFO_MAX_NUMBER 255
 #define FIFO_MAX_NUMBER     128
 
 typedef struct {
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#69487): https://edk2.groups.io/g/devel/message/69487
Mute This Topic: https://groups.io/mt/79282845/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-