[edk2-devel] [PATCH] MdeModulePkg/PiSmmIpl: Correct fixed load address bounds check
Marvin Häuser
mhaeuser at posteo.de
Sun Aug 8 19:39:44 UTC 2021
The current code only checks whether PiSmmCore's fixed loading
address, but not its entire memory range, is in bounds of the
reserved area. Furthermore, it does not consider the module's fixed
loading address, which is relative to the reserved area, could
wraparound when added to the base address.
Fix both issues by performing sufficient bounds checks in a way that
is free from wraparounds.
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Hao A Wu <hao.a.wu at intel.com>
Cc: Eric Dong <eric.dong at intel.com>
Cc: Ray Ni <ray.ni at intel.com>
Cc: Vitaly Cheptsov <vit9696 at protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser at posteo.de>
---
MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
index 599a0cd01d80..259cd0bb8924 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
@@ -979,7 +979,8 @@ GetPeCoffImageFixLoadingAssignedAddress(
//
FixLoadingAddress = (EFI_PHYSICAL_ADDRESS)(SmramBase + (INT64)ValueInSectionHeader);
- if (SmramBase + SmmCodeSize > FixLoadingAddress && SmramBase <= FixLoadingAddress) {
+ if (ValueInSectionHeader < SmmCodeSize
+ && (UINTN)(ImageContext->ImageSize + ImageContext->SectionAlignment) <= SmmCodeSize - ValueInSectionHeader) {
//
// The assigned address is valid. Return the specified loading address
//
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78886): https://edk2.groups.io/g/devel/message/78886
Mute This Topic: https://groups.io/mt/84754059/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list