From nobody Sun May 19 11:31:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+75091+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75091+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=hpe.com ARC-Seal: i=1; a=rsa-sha256; t=1620874151; cv=none; d=zohomail.com; s=zohoarc; b=VDul9LLVvOPzqgBN7ZB3LqZLUtEl9p3FuMqXaNZGBdTPidUSsXmwjRKkMjrOUN/niC2/gBHw32cUaOhRm9lI0Jg7eEbmey04xcMACudcDNzmGh1IpMriTuI/Dx/Nu8SLlQ1Kg3EIo5rdo/XcDozXR3bn7nE+jPg429WCeYjbfi0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620874151; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=xa7H4P9RyvxvOBcyXSMYl3vnKAaiTd6VtzRBYRmRTQM=; b=FxbL5roa/HH0SiUKhQztzmm0z6dxWZjgBwZ9CYA7BSMgHi73+zbH5TBAJun2h/RXVyWCjbex5G3xVzUrOK6juM8p28HiMMl3aM9US16HWv0gVBRZrQoueaUWnVs0WAct4Wc4BxuT0cHJKi1soj4iKHZ2dMR+MZWQ/JdTsKT3ADA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+75091+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162087415110496.20740102611785; Wed, 12 May 2021 19:49:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fYihYY1788612xMYT9HzJeIX; Wed, 12 May 2021 19:49:10 -0700 X-Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by mx.groups.io with SMTP id smtpd.web12.7976.1620874149605930403 for ; Wed, 12 May 2021 19:49:10 -0700 X-Received: from pps.filterd (m0134424.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14D2hfol004958; Thu, 13 May 2021 02:49:01 GMT X-Received: from g9t5008.houston.hpe.com (g9t5008.houston.hpe.com [15.241.48.72]) by mx0b-002e3701.pphosted.com with ESMTP id 38gpsn9t20-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 May 2021 02:49:01 +0000 X-Received: from g9t2301.houston.hpecorp.net (g9t2301.houston.hpecorp.net [16.220.97.129]) by g9t5008.houston.hpe.com (Postfix) with ESMTP id D7D5357; Thu, 13 May 2021 02:49:00 +0000 (UTC) X-Received: from KIDKMZDU3U.asiapacific.hpqcorp.net (unknown [16.169.11.19]) by g9t2301.houston.hpecorp.net (Postfix) with ESMTP id 245EE4B; Thu, 13 May 2021 02:48:58 +0000 (UTC) From: "Li, Walon" To: devel@edk2.groups.io Cc: walon.li@hpe.com, nickle.wang@hpe.com, dandan.bi@intel.com, gaoliming@byosoft.com.cn Subject: [edk2-devel] [PATCH] MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check Date: Thu, 13 May 2021 10:48:40 +0800 Message-Id: <20210513024841.2214-1-walon.li@hpe.com> MIME-Version: 1.0 X-Proofpoint-GUID: 0T9QlqNk_gQRuD0EdjhyUvl-2mFfDoVd X-Proofpoint-ORIG-GUID: 0T9QlqNk_gQRuD0EdjhyUvl-2mFfDoVd X-HPE-SCL: -1 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,walon.li@hpe.com X-Gm-Message-State: Jjy7xCvejpikDG4p6ybCuG68x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1620874150; bh=WDDMEP5b8SbApwtG+9kbOtKl50VehO6rez2Z8Y91Vco=; h=Cc:Date:From:Reply-To:Subject:To; b=f0wEj4ZEGaIlsQkjjngKtQxFhUWrda7U4ADBTw+/wszy6QIGLcx4vokK7qLx5pTt8Bt UfMQCtB/G4g2UldCvBUDVRi5lXWIhaSNZOhHzuGZ1OksVCA2ADzzUrjQfIy24aTGni3QH lQmRr3Vtn7QUBY03Qvjek2e3dcH/ns/GKPE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Code mistake, VariableIndex is smaller normally than buffer+buffersize so should not break loop. Signed-off-by:Walon Li --- .../Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideL= ib.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c index f91f038b7a..bd2d04452f 100644 --- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c +++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c @@ -776,7 +776,7 @@ InitOverridesMapping ( // Check buffer overflow // if ((DriverImageInfo->DriverImagePath =3D=3D NULL) || (VariableInd= ex < (UINT8 *) DriverDevicePath) || - (VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) { + (VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) { Corrupted =3D TRUE; break; } --=20 2.23.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75091): https://edk2.groups.io/g/devel/message/75091 Mute This Topic: https://groups.io/mt/82790757/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-