1. Patchew
  2. EDK2
  3. [edk2] [PATCH 00/17] BaseTools/C: Code refinements
  4. View patch

[edk2] [PATCH 01/17] BaseTools/C/Common: Add checks for array access

Hao Wu posted 17 patches 7 years ago
[edk2] [PATCH 01/17] BaseTools/C/Common: Add checks for array access
Posted by Hao Wu 7 years ago 
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 BaseTools/Source/C/Common/Decompress.c        |  8 ++++----
 BaseTools/Source/C/Common/SimpleFileParsing.c | 12 +++++-------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c
index b2049bd01c..8f1afb4e40 100644
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c
@@ -2,7 +2,7 @@
 Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano 
 compress algorithm.
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -394,7 +394,7 @@ Returns:
 
   Index = 0;
 
-  while (Index < Number) {
+  while (Index < Number && Index < NPT) {
 
     CharC = (UINT16) (Sd->mBitBuf >> (BITBUFSIZ - 3));
 
@@ -413,14 +413,14 @@ Returns:
     if (Index == Special) {
       CharC = (UINT16) GetBits (Sd, 2);
       CharC--;
-      while ((INT16) (CharC) >= 0) {
+      while ((INT16) (CharC) >= 0 && Index < NPT) {
         Sd->mPTLen[Index++] = 0;
         CharC--;
       }
     }
   }
 
-  while (Index < nn) {
+  while (Index < nn && Index < NPT) {
     Sd->mPTLen[Index++] = 0;
   }
 
diff --git a/BaseTools/Source/C/Common/SimpleFileParsing.c b/BaseTools/Source/C/Common/SimpleFileParsing.c
index 868c6b794b..209a0954b3 100644
--- a/BaseTools/Source/C/Common/SimpleFileParsing.c
+++ b/BaseTools/Source/C/Common/SimpleFileParsing.c
@@ -1,7 +1,7 @@
 /** @file
 Generic but simple file parsing routines.
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@@ -1232,12 +1232,10 @@ GetHexChars (
 {
   UINT32  Len;
   Len = 0;
-  while (!EndOfFile (&mGlobals.SourceFile) && (BufferLen > 0)) {
+  while (!EndOfFile (&mGlobals.SourceFile) && (Len < BufferLen)) {
     if (isxdigit ((int)mGlobals.SourceFile.FileBufferPtr[0])) {
-      *Buffer = mGlobals.SourceFile.FileBufferPtr[0];
-      Buffer++;
+      Buffer[Len] = mGlobals.SourceFile.FileBufferPtr[0];
       Len++;
-      BufferLen--;
       mGlobals.SourceFile.FileBufferPtr++;
     } else {
       break;
@@ -1246,8 +1244,8 @@ GetHexChars (
   //
   // Null terminate if we can
   //
-  if ((Len > 0) && (BufferLen > 0)) {
-    *Buffer = 0;
+  if ((Len > 0) && (Len < BufferLen)) {
+    Buffer[Len] = 0;
   }
 
   return Len;
-- 
2.12.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.