From: gechao <gechao@greatwall.com.cn>
Fix the bug of terminal fifo buffer overflow with UINT8 type.
typedef struct {
UINT8 Head;
UINT8 Tail;
UINT8 Data[RAW_FIFO_MAX_NUMBER + 1];
} RAW_DATA_FIFO;
RAW_FIFO_MAX_NUMBER is 256.
the data buffer size is 257 (Index from 0 to 256), but the max value of
the index, Head or Tail (UINT8), is 255. That means the last data of the
data buffer would be always empty if we use Head/Tail to output/input the
data correctly. And because of the incorrect buffer size the FIFO full
check "((Tail + 1) % (RAW_FIFO_MAX_NUMBER + 1)) == Head" would never meet.
Signed-off-by: gechao <gechao@greatwall.com.cn>
---
MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
index 378ace13ce..360e58e847 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
@@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseLib.h>
-#define RAW_FIFO_MAX_NUMBER 256
+#define RAW_FIFO_MAX_NUMBER 255
#define FIFO_MAX_NUMBER 128
typedef struct {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#70321): https://edk2.groups.io/g/devel/message/70321
Mute This Topic: https://groups.io/mt/79670455/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
There is no need to add [BUG] in the title. I would remove it when I create the PR. If you want to have a record for this bug, you can edit a Bugzilla and add the link in the commit message. Beside of that, Reviewed-by: Zhichao Gao <zhichao.gao@intel.com> Thanks, Zhichao > -----Original Message----- > From: gechao@greatwall.com.cn <gechao@greatwall.com.cn> > Sent: Thursday, January 14, 2021 11:23 AM > To: Gao, Zhichao <zhichao.gao@intel.com> > Cc: devel@edk2.groups.io; Ni, Ray <ray.ni@intel.com>; gechao > <gechao@greatwall.com.cn> > Subject: [PATCH] MdeModulePkg/TerminalDxe [BUG]: Terminal fifo buffer > overflow. > > From: gechao <gechao@greatwall.com.cn> > > Fix the bug of terminal fifo buffer overflow with UINT8 type. > > typedef struct { > UINT8 Head; > UINT8 Tail; > UINT8 Data[RAW_FIFO_MAX_NUMBER + 1]; > } RAW_DATA_FIFO; > RAW_FIFO_MAX_NUMBER is 256. > the data buffer size is 257 (Index from 0 to 256), but the max value of the index, > Head or Tail (UINT8), is 255. That means the last data of the data buffer would be > always empty if we use Head/Tail to output/input the data correctly. And > because of the incorrect buffer size the FIFO full check "((Tail + 1) % > (RAW_FIFO_MAX_NUMBER + 1)) == Head" would never meet. > > Signed-off-by: gechao <gechao@greatwall.com.cn> > --- > MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h > b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h > index 378ace13ce..360e58e847 100644 > --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h > +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h > @@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include <Library/BaseLib.h> -#define RAW_FIFO_MAX_NUMBER 256+#define > RAW_FIFO_MAX_NUMBER 255 #define FIFO_MAX_NUMBER 128 typedef > struct {-- > 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#70275): https://edk2.groups.io/g/devel/message/70275 Mute This Topic: https://groups.io/mt/79670455/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.