[edk2-devel] [RFC PATCH 0/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation

Philippe Mathieu-Daudé posted 1 patch 32 weeks ago
Failed in applying to current master (apply log)
.../DxeS3BootScriptLib.inf                    |   1 +
.../InternalBootScriptLib.h                   |   1 +
.../PiDxeS3BootScriptLib/BootScriptSave.c     | 114 +++++++++++-------
3 files changed, 73 insertions(+), 43 deletions(-)

[edk2-devel] [RFC PATCH 0/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation

Posted by Philippe Mathieu-Daudé 32 weeks ago
Commit 322ac05f8bbc added truncation checks to fix CVE-2019-14563.

I found the 'a * b > d - c' reverse notation not obvious to review,
and suggested to write 'a * b + c > d'. Laszlo explained me this is
the EDK2 standard pattern to check against each overflow, but pointed
out the SafeIntLib which have pretty readable calls.

This is my try at using it.

Regards,

Phil.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>

Philippe Mathieu-Daudé (1):
  MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation

 .../DxeS3BootScriptLib.inf                    |   1 +
 .../InternalBootScriptLib.h                   |   1 +
 .../PiDxeS3BootScriptLib/BootScriptSave.c     | 114 +++++++++++-------
 3 files changed, 73 insertions(+), 43 deletions(-)

-- 
2.21.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54382): https://edk2.groups.io/g/devel/message/54382
Mute This Topic: https://groups.io/mt/71248585/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-