From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 02DCF740032 for ; Thu, 7 Sep 2023 03:35:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=lgQnFmWhBeU/r/kntnm1eN/jqorXCH5n9B2maVES0mQ=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1694057721; v=1; b=ctjobBqDlZi2AUkoIIpYJ4BhKOpawHQpnG8n4397jRtcP+W1tHEHrwLqZ/Mow7odn8CpTdBJ mHfzHY/fLBQzlLnELNkJxmjWdjdTXvseisAf07coCPuYIuAXkSB3OfWCzOOdXkmk/Kn2LOfJOfc rEWLlY+eYPClYa/51LEBY1PY= X-Received: by 127.0.0.2 with SMTP id 9nwCYY7687511xRMjiRiNlVs; Wed, 06 Sep 2023 20:35:21 -0700 X-Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.web11.5890.1694057720753341401 for ; Wed, 06 Sep 2023 20:35:21 -0700 X-Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-31f4a286ae1so478739f8f.3 for ; Wed, 06 Sep 2023 20:35:20 -0700 (PDT) X-Gm-Message-State: en1bU0hGtNboQnnGPTzORCvqx7686176AA= X-Google-Smtp-Source: AGHT+IEuP0Ebea6Gbb/GMhLiUKIWA3pIV/TW2FhEbgJsy7mHg994VBwkqmBwzL0evKkMJR742cv94A== X-Received: by 2002:adf:e691:0:b0:317:7081:9a6a with SMTP id r17-20020adfe691000000b0031770819a6amr3680804wrm.24.1694057718703; Wed, 06 Sep 2023 20:35:18 -0700 (PDT) X-Received: from Michaels-iMac.lan ([193.219.99.195]) by smtp.gmail.com with ESMTPSA id 3-20020a05600c020300b003fc04d13242sm1182118wmi.0.2023.09.06.20.35.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Sep 2023 20:35:18 -0700 (PDT) From: "Mike Beaton" To: devel@edk2.groups.io Cc: Eric Dong , Dandan Bi , Ard Biesheuvel , Mike Beaton Subject: [edk2-devel] [PATCH v5] MdeModulePkg/HiiDatabase: Fix incorrect AllocateCopyPool size Date: Thu, 7 Sep 2023 04:34:42 +0100 Message-ID: <20230907033441.1915-2-mjsbeaton@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mjsbeaton@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ctjobBqD; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io The immediately preceding call, GetBestLanguage, plus the implementation of HiiGetString, which is called immediately afterwards, make it clear that BestLanguage is a null-terminated ASCII string, and not just a five byte, non-null terminated buffer. Therefore AsciiStrLen is one byte too short, meaning that whether the space allocated is really sufficient and whether the resultant string is really null-terminated becomes implementation-dependent. Rather than switching to AsciiStrSize, we use an explicitly compile-time string length calculation (both compile-time and run-time approaches are currently used elsewhere in the codebase for copying static strings). Signed-off-by: Mike Beaton --- MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index 96e05d4cf9..6e791783a6 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -1987,7 +1987,7 @@ GetNameFromId ( NULL ); if (BestLanguage == NULL) { - BestLanguage = AllocateCopyPool (AsciiStrLen ("en-US"), "en-US"); + BestLanguage = AllocateCopyPool (sizeof ("en-US"), "en-US"); ASSERT (BestLanguage != NULL); } -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108357): https://edk2.groups.io/g/devel/message/108357 Mute This Topic: https://groups.io/mt/101208544/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-