From nobody Fri Mar 29 00:51:10 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54383+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54383+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1581618587846160.26101989269603; Thu, 13 Feb 2020 10:29:47 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 54ftYY1788612x3tAFbQLHx0; Thu, 13 Feb 2020 10:29:47 -0800 X-Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web09.1028.1581618586329509114 for ; Thu, 13 Feb 2020 10:29:46 -0800 X-Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-395-WbWFHAxwO5GM62iRcwSqbQ-1; Thu, 13 Feb 2020 13:29:41 -0500 X-Received: by mail-wr1-f69.google.com with SMTP id o6so2707239wrp.8 for ; Thu, 13 Feb 2020 10:29:41 -0800 (PST) X-Gm-Message-State: wNs2CtszlKlyzpRFxVqVRstJx1787277AA= X-Received: by 2002:a7b:cbd6:: with SMTP id n22mr7424525wmi.118.1581618579685; Thu, 13 Feb 2020 10:29:39 -0800 (PST) X-Google-Smtp-Source: APXvYqzsIKJrsYQVOYiXT4+emlahEpOY+B4X0Q37m+F+2qyDjSsW4xESYiRiAVNFNsEgSKt72EANxw== X-Received: by 2002:a7b:cbd6:: with SMTP id n22mr7424463wmi.118.1581618578708; Thu, 13 Feb 2020 10:29:38 -0800 (PST) X-Received: from x1w.redhat.com (78.red-88-21-202.staticip.rima-tde.net. [88.21.202.78]) by smtp.gmail.com with ESMTPSA id d22sm3927229wmd.39.2020.02.13.10.29.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Feb 2020 10:29:37 -0800 (PST) From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= To: devel@edk2.groups.io Cc: Philippe Mathieu-Daude , Jian J Wang , Hao A Wu , Eric Dong , Laszlo Ersek Subject: [edk2-devel] [RFC PATCH 1/1] MdeModulePkg/PiDxeS3BootScriptLib: Use SafeIntLib to avoid truncation Date: Thu, 13 Feb 2020 19:29:35 +0100 Message-Id: <20200213182935.26663-2-philmd@redhat.com> In-Reply-To: <20200213182935.26663-1-philmd@redhat.com> References: <20200213182935.26663-1-philmd@redhat.com> MIME-Version: 1.0 X-MC-Unique: WbWFHAxwO5GM62iRcwSqbQ-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,philmd@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1581618587; bh=liwCNDqWkhON86ECkyZFuXpTEjrdxJKNYhk/+F6clAk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=sztkfnPmvOGTq3KmE/jy8VtdeVlQmOdSKqOLzS4wLbkcdv4/QnBcvi5ixX0ycSr9Fka LHmpmbQYkqqZ0ZEu/l2j1P6ZayWOylAdm9UrjLQ0tzUfXdJb1GvI47wl5CCkbSiG6laYJ g0A2yw+db5/nIYVDiu/RvAnzhMnflRZml0s= X-ZohoMail-DKIM: pass (identity @groups.io) Math expressions written in terms of SafeIntLib function calls are easily readable, making review trivial. Convert the truncation checks added by commit 322ac05f8 to SafeIntLib calls. Cc: Jian J Wang Cc: Hao A Wu Cc: Eric Dong Suggested-by: Laszlo Ersek Signed-off-by: Philippe Mathieu-Daude --- .../DxeS3BootScriptLib.inf | 1 + .../InternalBootScriptLib.h | 1 + .../PiDxeS3BootScriptLib/BootScriptSave.c | 114 +++++++++++------- 3 files changed, 73 insertions(+), 43 deletions(-) diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.i= nf b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf index 2b894c99da55..698039fe8e69 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf @@ -40,15 +40,16 @@ [Packages] [LibraryClasses] UefiBootServicesTableLib BaseLib BaseMemoryLib TimerLib DebugLib PcdLib UefiLib SmbusLib PciSegmentLib IoLib LockBoxLib + SafeIntLib =20 [Protocols] gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLi= b.h b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h index 9485994087d0..7513220c15ac 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h @@ -1,49 +1,50 @@ /** @file Support for S3 boot script lib. This file defined some internal macro an= d internal data structure =20 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ #ifndef __INTERNAL_BOOT_SCRIPT_LIB__ #define __INTERNAL_BOOT_SCRIPT_LIB__ =20 #include =20 #include #include #include #include #include #include =20 #include =20 #include #include #include #include #include #include #include #include #include #include #include +#include =20 #include "BootScriptInternalFormat.h" =20 #define MAX_IO_ADDRESS 0xFFFF =20 // // Macro to convert a UEFI PCI address + segment to a PCI Segment Library = PCI address // #define PCI_ADDRESS_ENCODE(S, A) PCI_SEGMENT_LIB_ADDRESS( \ S, \ ((((UINTN)(A)) & 0xff000000) >> 24), \ ((((UINTN)(A)) & 0x00ff0000) >> 16), \ ((((UINTN)(A)) & 0xff00) >> 8), \ ((RShiftU64 ((A), 32) & 0xfff) | ((A) &= 0xff)) \ ) diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/M= deModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 9315fc9f0188..d229263638fc 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -995,55 +995,60 @@ EFIAPI S3BootScriptSaveIoWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) =20 { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; =20 - WidthInByte =3D (UINT8) (0x01 << (Width & 0x03)); + Status =3D SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } =20 - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE)= )) { + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_IO_WRITE), &Len= gth); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Co= unt)); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // save script data // ScriptIoWrite.OpCode =3D EFI_BOOT_SCRIPT_IO_WRITE_OPCODE; ScriptIoWrite.Length =3D Length; ScriptIoWrite.Width =3D Width; ScriptIoWrite.Address =3D Address; ScriptIoWrite.Count =3D (UINT32) Count; CopyMem ((VOID*)Script, (VOID*)&ScriptIoWrite, sizeof(EFI_BOOT_SCRIPT_IO= _WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_IO_WRITE)), Buffer, Wi= dthInByte * Count); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; } =20 /** Adds a record for an I/O modify operation into a S3 boot script table =20 @param Width The width of the I/O operations.Enumerated in S3_BOOT_SCR= IPT_LIB_WIDTH. @param Address The base address of the I/O operations. @param Data A pointer to the data to be OR-ed. @param DataMask A pointer to the data mask to be AND-ed with the data r= ead from the register =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1100,54 +1105,59 @@ EFIAPI S3BootScriptSaveMemWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite; =20 - WidthInByte =3D (UINT8) (0x01 << (Width & 0x03)); + Status =3D SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } =20 - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE= ))) { + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_MEM_WRITE), &Le= ngth); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * C= ount)); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptMemWrite.OpCode =3D EFI_BOOT_SCRIPT_MEM_WRITE_OPCODE; ScriptMemWrite.Length =3D Length; ScriptMemWrite.Width =3D Width; ScriptMemWrite.Address =3D Address; ScriptMemWrite.Count =3D (UINT32) Count; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptMemWrite, sizeof(EFI_BOOT_SCRIPT_M= EM_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_MEM_WRITE)), Buffer, W= idthInByte * Count); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; } /** Adds a record for a memory modify operation into a specified boot script= table. =20 @param Width The width of the I/O operations.Enumerated in S3_BOOT_S= CRIPT_LIB_WIDTH. @param Address The base address of the memory operations. Address need= s alignment if required @param Data A pointer to the data to be OR-ed. @param DataMask A pointer to the data mask to be AND-ed with the data r= ead from the register. =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1206,62 +1216,67 @@ EFIAPI S3BootScriptSavePciCfgWrite ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE ScriptPciWrite; =20 if (Width =3D=3D S3BootScriptWidthUint64 || Width =3D=3D S3BootScriptWidthFifoUint64 || Width =3D=3D S3BootScriptWidthFillUint64) { return EFI_INVALID_PARAMETER; } =20 - WidthInByte =3D (UINT8) (0x01 << (Width & 0x03)); + Status =3D SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } =20 - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFI= G_WRITE))) { + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRIT= E), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInB= yte * Count)); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptPciWrite.OpCode =3D EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE_OPCODE; ScriptPciWrite.Length =3D Length; ScriptPciWrite.Width =3D Width; ScriptPciWrite.Address =3D Address; ScriptPciWrite.Count =3D (UINT32) Count; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptPciWrite, sizeof (EFI_BOOT_SCRIPT= _PCI_CONFIG_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE)), Bu= ffer, WidthInByte * Count); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; } /** Adds a record for a PCI configuration space modify operation into a spec= ified boot script table. =20 @param Width The width of the I/O operations.Enumerated in S3_BOOT_S= CRIPT_LIB_WIDTH. @param Address The address within the PCI configuration space. @param Data A pointer to the data to be OR-ed.The size depends on W= idth. @param DataMask A pointer to the data mask to be AND-ed. =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN__SUCCESS Opcode is added. @note A known Limitations in the implementation which is 64bits operati= ons are not supported. =20 **/ @@ -1331,65 +1346,70 @@ EFIAPI S3BootScriptSavePciCfg2Write ( IN S3_BOOT_SCRIPT_LIB_WIDTH Width, IN UINT16 Segment, IN UINT64 Address, IN UINTN Count, IN VOID *Buffer ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; UINT8 WidthInByte; EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE ScriptPciWrite2; =20 if (Width =3D=3D S3BootScriptWidthUint64 || Width =3D=3D S3BootScriptWidthFifoUint64 || Width =3D=3D S3BootScriptWidthFillUint64) { return EFI_INVALID_PARAMETER; } =20 - WidthInByte =3D (UINT8) (0x01 << (Width & 0x03)); + Status =3D SafeUintnToUint8 (Count, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Mult (Length, 0x01 << (Width & 0x03), &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } =20 - // - // Truncation check - // - if ((Count > MAX_UINT8) || - (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFI= G2_WRITE))) { + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRI= TE), &Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthIn= Byte * Count)); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptPciWrite2.OpCode =3D EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE_OPCODE; ScriptPciWrite2.Length =3D Length; ScriptPciWrite2.Width =3D Width; ScriptPciWrite2.Address =3D Address; ScriptPciWrite2.Segment =3D Segment; ScriptPciWrite2.Count =3D (UINT32)Count; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptPciWrite2, sizeof (EFI_BOOT_SCRIPT= _PCI_CONFIG2_WRITE)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE)), B= uffer, WidthInByte * Count); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; } /** Adds a record for a PCI configuration 2 space modify operation into a sp= ecified boot script table. =20 @param Width The width of the I/O operations.Enumerated in S3_BOOT_S= CRIPT_LIB_WIDTH. @param Segment The PCI segment number for Address. @param Address The address within the PCI configuration space. @param Data A pointer to the data to be OR-ed. The size depends on = Width. @param DataMask A pointer to the data mask to be AND-ed. =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN_SUCCESS Opcode is added. @note A known Limitations in the implementation which is 64bits operati= ons are not supported. =20 **/ @@ -1560,64 +1580,66 @@ EFIAPI S3BootScriptSaveSmbusExecute ( IN UINTN SmBusAddress, IN EFI_SMBUS_OPERATION Operation, IN UINTN *Length, IN VOID *Buffer ) { EFI_STATUS Status; UINTN BufferLength; UINT8 DataSize; UINT8 *Script; EFI_BOOT_SCRIPT_SMBUS_EXECUTE ScriptSmbusExecute; =20 if (Length =3D=3D NULL) { BufferLength =3D 0; } else { BufferLength =3D *Length; } =20 Status =3D CheckParameters (SmBusAddress, Operation, &BufferLength, Buff= er); if (EFI_ERROR (Status)) { return Status; } =20 - // - // Truncation check - // - if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) { + Status =3D SafeUintnToUint8 (BufferLength, &DataSize); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Add (DataSize, sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE= ), &DataSize); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - DataSize =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLeng= th); =20 Script =3D S3BootScriptGetEntryAddAddress (DataSize); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptSmbusExecute.OpCode =3D EFI_BOOT_SCRIPT_SMBUS_EXECUTE_OPCODE; ScriptSmbusExecute.Length =3D DataSize; ScriptSmbusExecute.SmBusAddress =3D (UINT64) SmBusAddress; ScriptSmbusExecute.Operation =3D Operation; ScriptSmbusExecute.DataSize =3D (UINT32) BufferLength; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptSmbusExecute, sizeof (EFI_BOOT_SCR= IPT_SMBUS_EXECUTE)); CopyMem ( (VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)), Buffer, BufferLength ); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; } /** Adds a record for an execution stall on the processor into a specified b= oot script table. =20 @param Duration Duration in microseconds of the stall =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN_SUCCESS Opcode is added. **/ @@ -1768,48 +1790,51 @@ EFIAPI S3BootScriptSaveInformation ( IN UINT32 InformationLength, IN VOID *Information ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; =20 - // - // Truncation check - // - if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)= ) { + Status =3D SafeUint32ToUint8 (InformationLength, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_INFORMATION), &= Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLen= gth); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptInformation.OpCode =3D EFI_BOOT_SCRIPT_INFORMATION_OPCODE; ScriptInformation.Length =3D Length; =20 =20 ScriptInformation.InformationLength =3D InformationLength; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptInformation, sizeof (EFI_BOOT_SCRI= PT_INFORMATION)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_INFORMATION)), (VOID *= ) Information, (UINTN) InformationLength); =20 SyncBootScript (Script); =20 return RETURN_SUCCESS; =20 } /** Store a string in the boot script table. This opcode is a no-op on dispa= tch and is only used for debugging script issues. =20 @param String The string to save to boot script table =20 @retval RETURN_OUT_OF_RESOURCES Not enough memory for the table do oper= ation. @retval RETURN_SUCCESS Opcode is added. =20 **/ @@ -2231,62 +2256,65 @@ EFIAPI S3BootScriptLabelInternal ( IN BOOLEAN BeforeOrAfter, IN OUT VOID **Position OPTIONAL, IN UINT32 InformationLength, IN CONST CHAR8 *Information ) { + EFI_STATUS Status; UINT8 Length; UINT8 *Script; EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; =20 - // - // Truncation check - // - if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)= ) { + Status =3D SafeUint32ToUint8 (InformationLength, &Length); + if (EFI_ERROR (Status)) { + return RETURN_OUT_OF_RESOURCES; + } + + Status =3D SafeUint8Add (Length, sizeof (EFI_BOOT_SCRIPT_INFORMATION), &= Length); + if (EFI_ERROR (Status)) { return RETURN_OUT_OF_RESOURCES; } - Length =3D (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLen= gth); =20 Script =3D S3BootScriptGetEntryAddAddress (Length); if (Script =3D=3D NULL) { return RETURN_OUT_OF_RESOURCES; } // // Build script data // ScriptInformation.OpCode =3D S3_BOOT_SCRIPT_LIB_LABEL_OPCODE; ScriptInformation.Length =3D Length; =20 =20 ScriptInformation.InformationLength =3D InformationLength; =20 CopyMem ((VOID*)Script, (VOID*)&ScriptInformation, sizeof (EFI_BOOT_SCRI= PT_INFORMATION)); CopyMem ((VOID*)(Script + sizeof (EFI_BOOT_SCRIPT_INFORMATION)), (VOID *= ) Information, (UINTN) InformationLength); =20 SyncBootScript (Script); =20 return S3BootScriptMoveLastOpcode (BeforeOrAfter, Position); =20 } /** Find a label within the boot script table and, if not present, optionall= y create it. =20 @param BeforeOrAfter Specifies whether the opcode is stored bef= ore (TRUE) or after (FALSE) the position in the boot = script table specified by Position. @param CreateIfNotFound Specifies whether the label will be create= d if the label does not exists (TRUE) or not (FALSE). @param Position On entry, specifies the position in the bo= ot script table where the opcode will be inserted, either = before or after, depending on BeforeOrAfter. On exit, speci= fies the position of the inserted opcode in the boot script = table. @param Label Points to the label which will be inserted= in the boot script table. =20 @retval EFI_SUCCESS The operation succeeded. A record was adde= d into the specified script table. @retval EFI_INVALID_PARAMETER The parameter is illegal or the given boot= script is not supported. If the opcode is unknow or not supported b= ecause of the PCD Feature Flags. @retval EFI_OUT_OF_RESOURCES There is insufficient memory to store the = boot script. =20 **/ --=20 2.21.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54383): https://edk2.groups.io/g/devel/message/54383 Mute This Topic: https://groups.io/mt/71248587/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-