[edk2-devel] 回复: [PATCH EDK2 v1 1/1] MdePkg/DxeHstiLib: avoid Hsti offset overflow

gaoliming gaoliming at byosoft.com.cn
Fri Nov 20 06:05:54 UTC 2020 

Wenyi:
  HstiSize is the size of Hsti. Hsti points to the structure
ADAPTER_INFO_PLATFORM_SECURITY. 
  So, HstiSize should be larger than sizeof
(ADAPTER_INFO_PLATFORM_SECURITY). 

  If this checker is required, it needs to be added into
InternalHstiFindAip() after Hsti is got from GetInformation().

Thanks
Liming
> -----邮件原件-----
> 发件人: Wenyi Xie <xiewenyi2 at huawei.com>
> 发送时间: 2020年11月19日 17:27
> 收件人: devel at edk2.groups.io; michael.d.kinney at intel.com;
> gaoliming at byosoft.com.cn; zhiguang.liu at intel.com
> 抄送: songdongkuang at huawei.com; xiewenyi2 at huawei.com
> 主题: [PATCH EDK2 v1 1/1] MdePkg/DxeHstiLib: avoid Hsti offset overflow
> 
> add conditional operator to check whether the HstiSize is larger than
> sizeof(CHAR16). If not, setting offset to 0 to avoid overflow.
> 
> Cc: Michael D Kinney <michael.d.kinney at intel.com>
> Cc: Liming Gao <gaoliming at byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu at intel.com>
> Signed-off-by: Wenyi Xie <xiewenyi2 at huawei.com>
> ---
>  MdePkg/Library/DxeHstiLib/HstiDxe.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/DxeHstiLib/HstiDxe.c
> b/MdePkg/Library/DxeHstiLib/HstiDxe.c
> index 4e1c67616b01..f04e6f13b7e5 100644
> --- a/MdePkg/Library/DxeHstiLib/HstiDxe.c
> +++ b/MdePkg/Library/DxeHstiLib/HstiDxe.c
> @@ -519,7 +519,7 @@ InternalHstiRecordErrorString (
>    }
> 
>    if (Append) {
> -    Offset = HstiSize - sizeof(CHAR16);
> +    Offset = (HstiSize >= sizeof(CHAR16)) ? (HstiSize - sizeof(CHAR16)) :
0;
>    } else {
>      Offset = sizeof(ADAPTER_INFO_PLATFORM_SECURITY) +
> Hsti->SecurityFeaturesSize * 3;
>    }
> --
> 2.20.1.windows.1





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67745): https://edk2.groups.io/g/devel/message/67745
Mute This Topic: https://groups.io/mt/78383808/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list