[v2] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index

[edk2-devel] [PATCH v2] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index

Posted by Guomin Jiang 4 years ago

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2272
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2287
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2288
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2289
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2290

Index should be off-by one than size of array, so when check
array, the max index should less than size of array.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
---
 .../SmiHandlerProfileInfo/SmiHandlerProfileInfo.c    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
index 0f7163160b..4153074b7a 100644
--- a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
+++ b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
@@ -382,7 +382,7 @@ SxTypeToString (
   IN EFI_SLEEP_TYPE  Type
   )
 {
-  if (Type >= 0 && Type <= ARRAY_SIZE(mSxTypeString)) {
+  if (Type >= 0 && Type < ARRAY_SIZE(mSxTypeString)) {
     return mSxTypeString[Type];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
@@ -407,7 +407,7 @@ SxPhaseToString (
   IN EFI_SLEEP_PHASE Phase
   )
 {
-  if (Phase >= 0 && Phase <= ARRAY_SIZE(mSxPhaseString)) {
+  if (Phase >= 0 && Phase < ARRAY_SIZE(mSxPhaseString)) {
     return mSxPhaseString[Phase];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
@@ -432,7 +432,7 @@ PowerButtonPhaseToString (
   IN EFI_POWER_BUTTON_PHASE  Phase
   )
 {
-  if (Phase >= 0 && Phase <= ARRAY_SIZE(mPowerButtonPhaseString)) {
+  if (Phase >= 0 && Phase < ARRAY_SIZE(mPowerButtonPhaseString)) {
     return mPowerButtonPhaseString[Phase];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
@@ -457,7 +457,7 @@ StandbyButtonPhaseToString (
   IN EFI_STANDBY_BUTTON_PHASE  Phase
   )
 {
-  if (Phase >= 0 && Phase <= ARRAY_SIZE(mStandbyButtonPhaseString)) {
+  if (Phase >= 0 && Phase < ARRAY_SIZE(mStandbyButtonPhaseString)) {
     return mStandbyButtonPhaseString[Phase];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
@@ -483,7 +483,7 @@ IoTrapTypeToString (
   IN EFI_SMM_IO_TRAP_DISPATCH_TYPE  Type
   )
 {
-  if (Type >= 0 && Type <= ARRAY_SIZE(mIoTrapTypeString)) {
+  if (Type >= 0 && Type < ARRAY_SIZE(mIoTrapTypeString)) {
     return mIoTrapTypeString[Type];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
@@ -508,7 +508,7 @@ UsbTypeToString (
   IN EFI_USB_SMI_TYPE          Type
   )
 {
-  if (Type >= 0 && Type <= ARRAY_SIZE(mUsbTypeString)) {
+  if (Type >= 0 && Type < ARRAY_SIZE(mUsbTypeString)) {
     return mUsbTypeString[Type];
   } else {
     AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
-- 
2.25.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56927): https://edk2.groups.io/g/devel/message/56927
Mute This Topic: https://groups.io/mt/72742445/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index

Posted by Wang, Jian J 4 years ago

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Jiang, Guomin <guomin.jiang@intel.com>
> Sent: Friday, April 03, 2020 12:25 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH v2] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array
> Index
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2272
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2287
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2288
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2289
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2290
> 
> Index should be off-by one than size of array, so when check
> array, the max index should less than size of array.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
> ---
>  .../SmiHandlerProfileInfo/SmiHandlerProfileInfo.c    | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git
> a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
> b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
> index 0f7163160b..4153074b7a 100644
> ---
> a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
> +++
> b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c
> @@ -382,7 +382,7 @@ SxTypeToString (
>    IN EFI_SLEEP_TYPE  Type
> 
>    )
> 
>  {
> 
> -  if (Type >= 0 && Type <= ARRAY_SIZE(mSxTypeString)) {
> 
> +  if (Type >= 0 && Type < ARRAY_SIZE(mSxTypeString)) {
> 
>      return mSxTypeString[Type];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
> 
> @@ -407,7 +407,7 @@ SxPhaseToString (
>    IN EFI_SLEEP_PHASE Phase
> 
>    )
> 
>  {
> 
> -  if (Phase >= 0 && Phase <= ARRAY_SIZE(mSxPhaseString)) {
> 
> +  if (Phase >= 0 && Phase < ARRAY_SIZE(mSxPhaseString)) {
> 
>      return mSxPhaseString[Phase];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
> 
> @@ -432,7 +432,7 @@ PowerButtonPhaseToString (
>    IN EFI_POWER_BUTTON_PHASE  Phase
> 
>    )
> 
>  {
> 
> -  if (Phase >= 0 && Phase <= ARRAY_SIZE(mPowerButtonPhaseString)) {
> 
> +  if (Phase >= 0 && Phase < ARRAY_SIZE(mPowerButtonPhaseString)) {
> 
>      return mPowerButtonPhaseString[Phase];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
> 
> @@ -457,7 +457,7 @@ StandbyButtonPhaseToString (
>    IN EFI_STANDBY_BUTTON_PHASE  Phase
> 
>    )
> 
>  {
> 
> -  if (Phase >= 0 && Phase <= ARRAY_SIZE(mStandbyButtonPhaseString)) {
> 
> +  if (Phase >= 0 && Phase < ARRAY_SIZE(mStandbyButtonPhaseString)) {
> 
>      return mStandbyButtonPhaseString[Phase];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase);
> 
> @@ -483,7 +483,7 @@ IoTrapTypeToString (
>    IN EFI_SMM_IO_TRAP_DISPATCH_TYPE  Type
> 
>    )
> 
>  {
> 
> -  if (Type >= 0 && Type <= ARRAY_SIZE(mIoTrapTypeString)) {
> 
> +  if (Type >= 0 && Type < ARRAY_SIZE(mIoTrapTypeString)) {
> 
>      return mIoTrapTypeString[Type];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
> 
> @@ -508,7 +508,7 @@ UsbTypeToString (
>    IN EFI_USB_SMI_TYPE          Type
> 
>    )
> 
>  {
> 
> -  if (Type >= 0 && Type <= ARRAY_SIZE(mUsbTypeString)) {
> 
> +  if (Type >= 0 && Type < ARRAY_SIZE(mUsbTypeString)) {
> 
>      return mUsbTypeString[Type];
> 
>    } else {
> 
>      AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type);
> 
> --
> 2.25.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56928): https://edk2.groups.io/g/devel/message/56928
Mute This Topic: https://groups.io/mt/72742445/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-