From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 61CCD81D87 for ; Thu, 3 Nov 2016 00:23:44 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP; 03 Nov 2016 00:23:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,585,1473145200"; d="scan'208";a="897185148" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.34]) by orsmga003.jf.intel.com with ESMTP; 03 Nov 2016 00:23:43 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Liming Gao , Yonghong Zhu , Eric Dong , Dandan Bi Date: Thu, 3 Nov 2016 15:22:32 +0800 Message-Id: <1478157783-9368-23-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> References: <1478157783-9368-1-git-send-email-hao.a.wu@intel.com> Subject: [PATCH v2 22/53] BaseTools/VfrCompile: Add checks for array access X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Nov 2016 07:23:44 -0000 Cc: Liming Gao Cc: Yonghong Zhu Cc: Eric Dong Cc: Dandan Bi Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h | 3 +++ BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h index 37cac24..f15bff1 100644 --- a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h +++ b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h @@ -30,6 +30,8 @@ * 1989-2000 */ +#include + #define ZZINC {if ( track_columns ) (++_endcol);} #define ZZGETC {ch = input->nextChar(); cl = ZZSHIFT(ch);} @@ -114,6 +116,7 @@ more: state = dfa_base[automaton]; while (ZZNEWSTATE != DfaStates) { state = newstate; + assert(state <= sizeof(dfa)/sizeof(dfa[0])); ZZCOPY; ZZGETC; ZZINC; diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp index 1ab95be..24b0bfa 100644 --- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp +++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp @@ -1474,6 +1474,10 @@ CVfrDataStorage::GetFreeVarStoreId ( } } + if (Index == EFI_FREE_VARSTORE_ID_BITMAP_SIZE) { + return EFI_VARSTORE_ID_INVALID; + } + for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) { if ((mFreeVarStoreIdBitMap[Index] & Mask) == 0) { mFreeVarStoreIdBitMap[Index] |= Mask; @@ -2437,6 +2441,10 @@ CVfrQuestionDB::GetFreeQuestionId ( } } + if (Index == EFI_FREE_QUESTION_ID_BITMAP_SIZE) { + return EFI_QUESTION_ID_INVALID; + } + for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) { if ((mFreeQIdBitMap[Index] & Mask) == 0) { mFreeQIdBitMap[Index] |= Mask; -- 1.9.5.msysgit.0