From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 848AF81D8B for ; Thu, 3 Nov 2016 00:23:41 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP; 03 Nov 2016 00:23:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,585,1473145200"; d="scan'208";a="897185136" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.34]) by orsmga003.jf.intel.com with ESMTP; 03 Nov 2016 00:23:42 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Liming Gao , Yonghong Zhu Date: Thu, 3 Nov 2016 15:22:31 +0800 Message-Id: <1478157783-9368-22-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> References: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> Subject: [PATCH v2 21/53] BaseTools/TianoCompress: Add checks for array access X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2016 07:23:41 -0000 Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- BaseTools/Source/C/TianoCompress/TianoCompress.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/BaseTools/Source/C/TianoCompress/TianoCompress.c b/BaseTools/Source/C/TianoCompress/TianoCompress.c index b994d93..93cb6c3 100644 --- a/BaseTools/Source/C/TianoCompress/TianoCompress.c +++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c @@ -2215,7 +2215,7 @@ Returns: for (Char = 0; Char < NumOfChar; Char++) { Len = BitLen[Char]; - if (Len == 0) { + if (Len == 0 || Len >= 17) { continue; } @@ -2346,6 +2346,8 @@ Returns: volatile UINT16 Index; UINT32 Mask; + assert (nn <= NPT); + Number = (UINT16) GetBits (Sd, nbit); if (Number == 0) { -- 1.9.5.msysgit.0