From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.1548.1571367193462760345 for ; Thu, 17 Oct 2019 19:53:13 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: dandan.bi@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2019 19:53:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,310,1566889200"; d="scan'208";a="190235675" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga008.jf.intel.com with ESMTP; 17 Oct 2019 19:53:12 -0700 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 17 Oct 2019 19:53:12 -0700 Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 17 Oct 2019 19:53:12 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.166]) by SHSMSX154.ccr.corp.intel.com ([10.239.6.54]) with mapi id 14.03.0439.000; Fri, 18 Oct 2019 10:53:09 +0800 From: "Dandan Bi" To: "devel@edk2.groups.io" , "Zhang, Shenglei" CC: "Dong, Eric" Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add check for 'Private->Attribute >> 4' Thread-Topic: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add check for 'Private->Attribute >> 4' Thread-Index: AQHVhLMdDSfmIyOEUEaqLhTWY8qbU6dfsVbQ Date: Fri, 18 Oct 2019 02:53:10 +0000 Message-ID: <3C0D5C461C9E904E8F62152F6274C0BB40C7A74D@SHSMSX104.ccr.corp.intel.com> References: <20191017062111.10568-1-shenglei.zhang@intel.com> In-Reply-To: <20191017062111.10568-1-shenglei.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: dandan.bi@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Zhang, Shenglei > Sent: Thursday, October 17, 2019 2:21 PM > To: devel@edk2.groups.io > Cc: Bi, Dandan ; Dong, Eric > Subject: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add check > for 'Private->Attribute >> 4' >=20 > The size of mHiiEfiColors is 16. > mHiiEfiColors[Private->Attribute >> 4] may be out of boundary. > So add a check for that. >=20 > Cc: Dandan Bi > Cc: Eric Dong > Signed-off-by: Shenglei Zhang > --- > MdeModulePkg/Universal/HiiDatabaseDxe/Font.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c > b/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c > index ca63df168c94..282a7a114d17 100644 > --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c > +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c > @@ -999,7 +999,12 @@ GetSystemFont ( > } >=20 > Info->ForegroundColor =3D mHiiEfiColors[Private->Attribute & 0x0f]= ; > - Info->BackgroundColor =3D mHiiEfiColors[Private->Attribute >> 4]; > + if ((Private->Attribute >> 4) < 16){ > + Info->BackgroundColor =3D mHiiEfiColors[Private->Attribute >> 4]= ; > + } else { > + return EFI_INVALID_PARAMETER; > + } > + Hi Shenglei, Foreground and background color are saved in a single byte. Bits 0..3 are = the foreground color and bits 4..6 are the background color. If the Private->Attribute defined correctly, then (Private->Attribute >> 4= ) must less than 8. And in current code Private->Attribute is defined as EF= I_TEXT_ATTR (EFI_LIGHTGRAY, EFI_BLACK) in HiiDatabaseEntry.c, so the (Priva= te->Attribute >> 4) will not overflow. I think we can add ASSERT code inste= ad. Thanks, Dandan > Info->FontInfoMask =3D EFI_FONT_INFO_SYS_FONT | > EFI_FONT_INFO_SYS_SIZE | EFI_FONT_INFO_SYS_STYLE; > Info->FontInfo.FontStyle =3D 0; > Info->FontInfo.FontSize =3D EFI_GLYPH_HEIGHT; > -- > 2.18.0.windows.1 >=20 >=20 >=20