Code mistake, VariableIndex is smaller normally than buffer+buffersize
so should not break loop.
Signed-off-by:Walon Li <walon.li@hpe.com>
---
.../Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
index f91f038b7a..bd2d04452f 100644
--- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
+++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
@@ -776,7 +776,7 @@ InitOverridesMapping (
// Check buffer overflow
//
if ((DriverImageInfo->DriverImagePath == NULL) || (VariableIndex < (UINT8 *) DriverDevicePath) ||
- (VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) {
+ (VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) {
Corrupted = TRUE;
break;
}
--
2.23.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75091): https://edk2.groups.io/g/devel/message/75091
Mute This Topic: https://groups.io/mt/82790757/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Agree this fix. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> > -----邮件原件----- > 发件人: Walon Li <walon.li@hpe.com> > 发送时间: 2021年5月13日 10:49 > 收件人: devel@edk2.groups.io > 抄送: walon.li@hpe.com; nickle.wang@hpe.com; dandan.bi@intel.com; > gaoliming@byosoft.com.cn > 主题: [PATCH] MdeModulePkg/PlatformDriOverrideDxe: Fix overflow > condition check > > Code mistake, VariableIndex is smaller normally than buffer+buffersize > so should not break loop. > > Signed-off-by:Walon Li <walon.li@hpe.com> > --- > .../Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git > a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c > b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c > index f91f038b7a..bd2d04452f 100644 > --- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c > +++ > b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c > @@ -776,7 +776,7 @@ InitOverridesMapping ( > // Check buffer overflow > > // > > if ((DriverImageInfo->DriverImagePath == NULL) || (VariableIndex > < (UINT8 *) DriverDevicePath) || > > - (VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) { > > + (VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) { > > Corrupted = TRUE; > > break; > > } > > -- > 2.23.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75092): https://edk2.groups.io/g/devel/message/75092 Mute This Topic: https://groups.io/mt/82791174/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.