[edk2-devel] [PATCH v1 1/1] UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing
Kun Qin
kuqin12 at gmail.com
Mon Apr 12 17:43:37 UTC 2021
Hi Laszlo,
Thanks for the help.
Regards,
Kun
On 04/12/2021 10:36, Laszlo Ersek wrote:
> On 04/07/21 18:08, Laszlo Ersek wrote:
>> On 04/06/21 21:52, Kun Qin wrote:
>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3283
>>>
>>> Current SMM Save State routine does not check the number of bytes to be
>>> read, when it comse to read IO_INFO, before casting the incoming buffer
>>> to EFI_SMM_SAVE_STATE_IO_INFO. This could potentially cause memory
>>> corruption due to extra bytes are written out of buffer boundary.
>>>
>>> This change adds a width check before copying IoInfo into output buffer.
>>>
>>> Cc: Eric Dong <eric.dong at intel.com>
>>> Cc: Ray Ni <ray.ni at intel.com>
>>> Cc: Laszlo Ersek <lersek at redhat.com>
>>> Cc: Rahul Kumar <rahul1.kumar at intel.com>
>>>
>>> Signed-off-by: Kun Qin <kuqin12 at gmail.com>
>>> Reviewed-by: Ray Ni <ray.ni at intel.com>
>>> Reviewed-by: Laszlo Ersek <lersek at redhat.com>
>>> ---
>>>
>>> Notes:
>>> v2:
>>> - Update return code description [Laszlo]
>>>
>>> UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 9 ++++++++-
>>> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 2 +-
>>> 2 files changed, 9 insertions(+), 2 deletions(-)
>>
>> Thanks, looks OK. I'll let Ray or Eric merge the patch.
>
> :/
>
> Merged as commit a7d8e28b29f2, via
> <https://github.com/tianocore/edk2/pull/1554>.
>
> Laszlo
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73973): https://edk2.groups.io/g/devel/message/73973
Mute This Topic: https://groups.io/mt/81899611/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list