From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-002e3701.pphosted.com (mx0b-002e3701.pphosted.com [148.163.143.35]) by mx.groups.io with SMTP id smtpd.web12.7976.1620874149605930403 for ; Wed, 12 May 2021 19:49:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@hpe.com header.s=pps0720 header.b=LINo8VEX; spf=pass (domain: hpe.com, ip: 148.163.143.35, mailfrom: prvs=076740e3a3=walon.li@hpe.com) Received: from pps.filterd (m0134424.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14D2hfol004958; Thu, 13 May 2021 02:49:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pps0720; bh=j+QzOeQGtgTgavV7qczf5WjhUSNdqm9MvILWSBZaoUk=; b=LINo8VEXR73H4LcNw7cVSznMWyY1o8iag8JEeqLmvLzcwxNOjQeQFiLW1TEnMgP179Fl 2MV1H0nyhJ1kMlSjRMeo3wkhLfGftNyoEdFxrVAxdrQIvn5ogiIJCcIlbTHqkd9xcIh1 UPkFiv0SzemxkbxGp7XMM0nMG95Bwlmc7iKxVWkqcVrKvecNGGbdh21ykyYRWzSnwmVS NEMSen5OLkWLhnKPMsUSu3jKN24U3z3Pg/eqpsJb7/HVcvyzSXdEUxEgPlQCqgOohRr8 dvaHMwzXrOXVerI7f197WDliXLpDvLGihV1ZuHtClVO2OJwrhB5jb0JjE6BRP8bbdHay +Q== Received: from g9t5008.houston.hpe.com (g9t5008.houston.hpe.com [15.241.48.72]) by mx0b-002e3701.pphosted.com with ESMTP id 38gpsn9t20-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 May 2021 02:49:01 +0000 Received: from g9t2301.houston.hpecorp.net (g9t2301.houston.hpecorp.net [16.220.97.129]) by g9t5008.houston.hpe.com (Postfix) with ESMTP id D7D5357; Thu, 13 May 2021 02:49:00 +0000 (UTC) Received: from KIDKMZDU3U.asiapacific.hpqcorp.net (unknown [16.169.11.19]) by g9t2301.houston.hpecorp.net (Postfix) with ESMTP id 245EE4B; Thu, 13 May 2021 02:48:58 +0000 (UTC) From: "Li, Walon" To: devel@edk2.groups.io Cc: walon.li@hpe.com, nickle.wang@hpe.com, dandan.bi@intel.com, gaoliming@byosoft.com.cn Subject: [PATCH] MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check Date: Thu, 13 May 2021 10:48:40 +0800 Message-Id: <20210513024841.2214-1-walon.li@hpe.com> X-Mailer: git-send-email 2.23.0.windows.1 MIME-Version: 1.0 X-Proofpoint-GUID: 0T9QlqNk_gQRuD0EdjhyUvl-2mFfDoVd X-Proofpoint-ORIG-GUID: 0T9QlqNk_gQRuD0EdjhyUvl-2mFfDoVd X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-05-13_01:2021-05-12,2021-05-13 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 spamscore=0 impostorscore=0 malwarescore=0 suspectscore=0 mlxlogscore=819 bulkscore=0 clxscore=1011 adultscore=0 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105130019 Content-Transfer-Encoding: quoted-printable Code mistake, VariableIndex is smaller normally than buffer+buffersize so should not break loop. Signed-off-by:Walon Li --- .../Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideL= ib.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c index f91f038b7a..bd2d04452f 100644 --- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c +++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c @@ -776,7 +776,7 @@ InitOverridesMapping ( // Check buffer overflow=0D //=0D if ((DriverImageInfo->DriverImagePath =3D=3D NULL) || (VariableInd= ex < (UINT8 *) DriverDevicePath) ||=0D - (VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) {=0D + (VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) {=0D Corrupted =3D TRUE;=0D break;=0D }=0D --=20 2.23.0.windows.1