The size of a FV section includes the size of its header. Subtract
latter to yield the correct size of the contained data.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
---
 StandaloneMmPkg/Library/FvLib/FvLib.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/StandaloneMmPkg/Library/FvLib/FvLib.c b/StandaloneMmPkg/Library/FvLib/FvLib.c
index 94139ae3898b..5d5ad8f73fe0 100644
--- a/StandaloneMmPkg/Library/FvLib/FvLib.c
+++ b/StandaloneMmPkg/Library/FvLib/FvLib.c
@@ -359,16 +359,22 @@ FfsFindSectionData (
   ParsedLength  = 0;

   while (ParsedLength < FileSize) {

     if (Section->Type == SectionType) {

+      //

+      // Size is 24 bits wide so mask upper 8 bits.

+      //

+      SectionLength = SECTION_SIZE (Section);

+

+      if (SectionLength < sizeof (*Section)) {

+        return EFI_VOLUME_CORRUPTED;

+      }

       *SectionData = (VOID *) (Section + 1);

-      *SectionDataSize = SECTION_SIZE(Section);

+      *SectionDataSize = SectionLength - sizeof (*Section);

       return EFI_SUCCESS;

     }

     //

-    // Size is 24 bits wide so mask upper 8 bits.

     // SectionLength is adjusted it is 4 byte aligned.

     // Go to the next section

     //

-    SectionLength = SECTION_SIZE(Section);

     SectionLength = GET_OCCUPIED_SIZE (SectionLength, 4);

 

     ParsedLength += SectionLength;

-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78891): https://edk2.groups.io/g/devel/message/78891
Mute This Topic: https://groups.io/mt/84754065/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-