From nobody Wed May 15 19:38:37 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+113361+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+113361+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=9elements.com ARC-Seal: i=1; a=rsa-sha256; t=1704697209; cv=none; d=zohomail.com; s=zohoarc; b=ll1rpyiRvkVD7884hVBqdJ5lRNqR2dJ7ZAAK2t6xcIP8TeA7CjMuRP5PN7z6h5BeEXiFC/l8DwyHygfbn7syhynQ/v+LxXr4aYptlF5oWY2Ph7esUAc+ksIvgls34B4rJmIoM0qzoXmmuoiepByytDUN0KR9RTjJZlPeBzjG4WQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1704697209; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Sender:Subject:Subject:To:To:Message-Id; bh=wBTrjoY5kV0UYLkzfac/a/cQ2dngC4luHMbDVInbb/Q=; b=a3B5LdX7NLjhY3wQ/U3nq8lUViPiWEM87jP4sn0209pzCIUde19hy+erVm35Atl6M2Z58fbbKYAygV6JPbBPMu9XRvPeztTu6PyECSF3nM0UOhFueM+5/Puye6aRX9Ioi5KqAfRyMJSMUSQgD2vrsOat0SHOh6Q2Lrpv4EdKZYk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+113361+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1704697209541529.4502809436433; Sun, 7 Jan 2024 23:00:09 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=tGQ6YBRTcH3YXv0z09edGqDg0u3PobPdmEYNho4gR2I=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1704697209; v=1; b=TIoOvN71pzfVSxQLN4Usn0Xvc84vkZrT5Bf3Myeh9m77DfmsEHwZvQbiRR4lDWjuur+WgLxa YDZMalxrdjvww3CDu63BgkUysCdYmbcu+k+b58UrJX9+BuQCd22/g5DQvn5FHAZmUSCJABNUNsx PUTLfVpmms3s2Q42WGyY6Djw= X-Received: by 127.0.0.2 with SMTP id oHTcYY1788612xY31IQws5I7; Sun, 07 Jan 2024 23:00:09 -0800 X-Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.web11.1669.1704697208220647328 for ; Sun, 07 Jan 2024 23:00:08 -0800 X-Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-40d4f5d902dso16889625e9.2 for ; Sun, 07 Jan 2024 23:00:07 -0800 (PST) X-Gm-Message-State: UlbKb8qCCTsEJSy0IRRlEte9x1787277AA= X-Google-Smtp-Source: AGHT+IHef+VfeTcb2WPPyml6QfDySFGIhTVR5YWdSZNvhfjkepUQNNLvASJFH5URZerJO3iQE7SufA== X-Received: by 2002:a7b:c4d0:0:b0:40d:9042:9747 with SMTP id g16-20020a7bc4d0000000b0040d90429747mr1609192wmk.47.1704697205940; Sun, 07 Jan 2024 23:00:05 -0800 (PST) X-Received: from fedora.. (ip-037-049-067-221.um09.pools.vodafone-ip.de. [37.49.67.221]) by smtp.gmail.com with ESMTPSA id y10-20020a5d620a000000b003372befd19bsm6943031wru.104.2024.01.07.23.00.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Jan 2024 23:00:05 -0800 (PST) From: "Patrick Rudolph" To: devel@edk2.groups.io Cc: sean@starlabs.systems, gua.guo@intel.com, james.lu@intel.com, ray.ni@intel.com, guo.dong@intel.com, sheng.tan@9elements.com, Patrick Rudolph Subject: [edk2-devel] [PATCH] UefiPayloadPkg: CbParseLib: Fix integer overflow Date: Mon, 8 Jan 2024 07:59:21 +0100 Message-ID: <48d2fc1437b07b1e815f3ca8cabc9c1a2fc05a87.1704696950.git.patrick.rudolph@9elements.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,patrick.rudolph@9elements.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1704697210468100001 Content-Type: text/plain; charset="utf-8" The IMD entry uses the 32bit start field as relative offset to root. On Ia32X64 this works fine as UINTN is also 32 bit and negative relative offsets are properly calculated due to an integer overflow. On X64 this doesn't work as UINTN is 64 bit and the offset is no longer subtracted, but it's added to the root. Fix that by sign extending the start field to 64 bit. Test: Booting UefiPayloadPkg still works on Ia32X64 and now also works on X64. Signed-off-by: Patrick Rudolph Reviewed-by: Gua Guo Reviewed-by: Sean Rhodes --- UefiPayloadPkg/Library/CbParseLib/CbParseLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c b/UefiPayloadPk= g/Library/CbParseLib/CbParseLib.c index 8a353f77f6..9e149532a7 100644 --- a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -282,7 +282,7 @@ FindCbMemTable ( for (Idx =3D 0; Idx < Root->num_entries; Idx++) { if (Entries[Idx].id =3D=3D TableId) { if (IsImdEntry) { - *MemTable =3D (VOID *)((UINTN)Entries[Idx].start + (UINTN)Root); + *MemTable =3D (VOID *)((INTN)(INT32)Entries[Idx].start + (UINTN)Ro= ot); } else { *MemTable =3D (VOID *)(UINTN)Entries[Idx].start; } --=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113361): https://edk2.groups.io/g/devel/message/113361 Mute This Topic: https://groups.io/mt/103593206/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-