From: gechao <gechao@greatwall.com.cn>
Fix the bug of terminal fifo buffer overflow with UINT8 type.
typedef struct {
UINT8 Head;
UINT8 Tail;
UINT8 Data[RAW_FIFO_MAX_NUMBER + 1];
} RAW_DATA_FIFO;
RAW_FIFO_MAX_NUMBER is 256.
the data buffer size is 257 (Index from 0 to 256), but the max value of
the index, Head or Tail (UINT8), is 255. That means the last data of the
data buffer would be always empty if we use Head/Tail to output/input the
data correctly. And because of the incorrect buffer size the FIFO full
check "((Tail + 1) % (RAW_FIFO_MAX_NUMBER + 1)) == Head" would never meet.
Signed-off-by: gechao <gechao@greatwall.com.cn>
---
MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
index 378ace13ce..360e58e847 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
@@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseLib.h>
-#define RAW_FIFO_MAX_NUMBER 256
+#define RAW_FIFO_MAX_NUMBER 255
#define FIFO_MAX_NUMBER 128
typedef struct {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#70321): https://edk2.groups.io/g/devel/message/70321
Mute This Topic: https://groups.io/mt/79670455/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
There is no need to add [BUG] in the title. I would remove it when I create the PR.
If you want to have a record for this bug, you can edit a Bugzilla and add the link in the commit message.
Beside of that, Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
Thanks,
Zhichao
> -----Original Message-----
> From: gechao@greatwall.com.cn <gechao@greatwall.com.cn>
> Sent: Thursday, January 14, 2021 11:23 AM
> To: Gao, Zhichao <zhichao.gao@intel.com>
> Cc: devel@edk2.groups.io; Ni, Ray <ray.ni@intel.com>; gechao
> <gechao@greatwall.com.cn>
> Subject: [PATCH] MdeModulePkg/TerminalDxe [BUG]: Terminal fifo buffer
> overflow.
>
> From: gechao <gechao@greatwall.com.cn>
>
> Fix the bug of terminal fifo buffer overflow with UINT8 type.
>
> typedef struct {
> UINT8 Head;
> UINT8 Tail;
> UINT8 Data[RAW_FIFO_MAX_NUMBER + 1];
> } RAW_DATA_FIFO;
> RAW_FIFO_MAX_NUMBER is 256.
> the data buffer size is 257 (Index from 0 to 256), but the max value of the index,
> Head or Tail (UINT8), is 255. That means the last data of the data buffer would be
> always empty if we use Head/Tail to output/input the data correctly. And
> because of the incorrect buffer size the FIFO full check "((Tail + 1) %
> (RAW_FIFO_MAX_NUMBER + 1)) == Head" would never meet.
>
> Signed-off-by: gechao <gechao@greatwall.com.cn>
> ---
> MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
> b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
> index 378ace13ce..360e58e847 100644
> --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
> +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
> @@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Library/BaseLib.h> -#define RAW_FIFO_MAX_NUMBER 256+#define
> RAW_FIFO_MAX_NUMBER 255 #define FIFO_MAX_NUMBER 128 typedef
> struct {--
> 2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#70275): https://edk2.groups.io/g/devel/message/70275
Mute This Topic: https://groups.io/mt/79670455/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.