From nobody Mon May  6 07:51:12 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+78895+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+78895+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=posteo.de
ARC-Seal: i=1; a=rsa-sha256; t=1628451643; cv=none;
	d=zohomail.com; s=zohoarc;
	b=igld5zhTB23ribDtd71K9AIDshploC9wmpBHpxLZRObcGfw4jq/2LSpaHHDeH8+nbhST5KJCNFt/owBakkl5qJjaBiCjZPCf+TYNq78PbSKYuycOAdsoBmNIzv9cYtMx1AEaSgs6FakvcWzicscR9xYqJUFuK1O0LDHCxfpcW8A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1628451643;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=RB3RBcLZ7urUzl5mQQty5NInbdINtN08WpfdFXzzYPs=;
	b=Fj5b39isYwcwSVvugl8Cq/0tQuDA82j2sqXsNkkxpTruNylcDtFIfkQTyPy9J23UfwlQ6lT0E2Eq2848v+L+2YsuTP76juCcjbhIm5+MAzMvC/IcUV6jcjEhA0T3Kha9QP8p9L3QgMBsy/Ne5SizdIFzzuPcIlMpfXOVCKeBx0I=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+78895+1787277+3901457@groups.io;
	dmarc=fail header.from=<mhaeuser@posteo.de> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1628451643351262.425328157189;
 Sun, 8 Aug 2021 12:40:43 -0700 (PDT)
Return-Path: <bounce+27952+78895+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id EMO9YY1788612xV0Xug3DeSN;
 Sun, 08 Aug 2021 12:40:43 -0700
X-Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65])
 by mx.groups.io with SMTP id smtpd.web09.13700.1628451641596301572
 for <devel@edk2.groups.io>;
 Sun, 08 Aug 2021 12:40:41 -0700
X-Received: from submission (posteo.de [89.146.220.130])
	by mout01.posteo.de (Postfix) with ESMTPS id 0CA06240027
	for <devel@edk2.groups.io>; Sun,  8 Aug 2021 21:40:40 +0200 (CEST)
X-Received: from customer (localhost [127.0.0.1])
	by submission (posteo.de) with ESMTPSA id 4GjV1g3THwz6tmD;
	Sun,  8 Aug 2021 21:40:39 +0200 (CEST)
From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= <mhaeuser@posteo.de>
To: devel@edk2.groups.io
Cc: Guo Dong <guo.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Maurice Ma <maurice.ma@intel.com>,
	Benjamin You <benjamin.you@intel.com>,
	Vitaly Cheptsov <vit9696@protonmail.com>
Subject: [edk2-devel] [PATCH] UefiPayloadPkg/UefiPayloadEntry: Fix memory
 corruption
Date: Sun,  8 Aug 2021 19:39:53 +0000
Message-Id: 
 <efa510e3eb820b31f16ac6b79db183d7ad235080.1628365054.git.mhaeuser@posteo.de>
In-Reply-To: 
 <5df11a13422732b9c03c120775a2b4dd0a49182f.1628444003.git.mhaeuser@posteo.de>
References: 
 <5df11a13422732b9c03c120775a2b4dd0a49182f.1628444003.git.mhaeuser@posteo.de>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mhaeuser@posteo.de
X-Gm-Message-State: aMvTNVVfHGrvFe3YbM4OinJvx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1628451643;
 bh=WMu03MnlMXi4JHnSMmiuXOrJTzGTO28ChEGHN4P+W7M=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=SqklFPTSf1Hjsd2Ce9HliYqP1ULRCM3hBP3KEkwpgZCl+mtX/dNGDxMkLll6FSu+S9m
 aDFzIq9Oir0rK8k9mtN3d/NWKa/ix6szoxkrL8nqSP+PpgZ1NbeYMnV6sPJM783RdHQQO
 t7n1AL1bcSMMvTtLkx2aTBATjbJskJjAgbE=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1628451643921100071
Content-Type: text/plain; charset="utf-8"

UefiPayloadEntry's AllocatePool() applies the "sizeof" operator to
HOB index rather than the HOB header structure. This yields 4 Bytes
compared to the 8 Bytes the structure header requires. Fix the call
to allocate the required space instead.

Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin H=C3=A4user <mhaeuser@posteo.de>
Reviewed-by: Guo Dong <guo.dong@intel.com>
---
 UefiPayloadPkg/UefiPayloadEntry/MemoryAllocation.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/MemoryAllocation.c b/UefiPaylo=
adPkg/UefiPayloadEntry/MemoryAllocation.c
index 1204573b3e09..f3494969e5ac 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/MemoryAllocation.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/MemoryAllocation.c
@@ -163,7 +163,7 @@ AllocatePool (
     return NULL;

   }

=20

-  Hob =3D (EFI_HOB_MEMORY_POOL *)CreateHob (EFI_HOB_TYPE_MEMORY_POOL, (UIN=
T16)(sizeof (EFI_HOB_TYPE_MEMORY_POOL) + AllocationSize));

+  Hob =3D (EFI_HOB_MEMORY_POOL *)CreateHob (EFI_HOB_TYPE_MEMORY_POOL, (UIN=
T16)(sizeof (EFI_HOB_MEMORY_POOL) + AllocationSize));

   return (VOID *)(Hob + 1);

 }

=20

--=20
2.31.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78895): https://edk2.groups.io/g/devel/message/78895
Mute This Topic: https://groups.io/mt/84754069/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-