From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 6AC37780442 for ; Mon, 8 Jan 2024 07:00:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=md09U9hxK/MCHVLi1zZ6ZCxBkGVokd+CRGf3v7EuzB8=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1704697209; v=1; b=qSszPdxVfcasdtgyMDs2f8xn4JpLhRJi8v+7TZthhPE+z9KmsmT9lwEt0pfVRxmOSkek3I31 989yxmySxln+dPBAtE6l3m8g6w5bu2jm6277NcCFpHt0xxU5kzIDZyUb7Y/s1Rc9G1sn87Op6V2 1b4UfozaVhsPCNfu9P26DnHs= X-Received: by 127.0.0.2 with SMTP id cBylYY7687511xqyhUZX9WuT; Sun, 07 Jan 2024 23:00:09 -0800 X-Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.web11.1669.1704697208220647328 for ; Sun, 07 Jan 2024 23:00:08 -0800 X-Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-40d4f5d902dso16889625e9.2 for ; Sun, 07 Jan 2024 23:00:07 -0800 (PST) X-Gm-Message-State: tJZrx2visfl7tZnRTBf24sDix7686176AA= X-Google-Smtp-Source: AGHT+IHef+VfeTcb2WPPyml6QfDySFGIhTVR5YWdSZNvhfjkepUQNNLvASJFH5URZerJO3iQE7SufA== X-Received: by 2002:a7b:c4d0:0:b0:40d:9042:9747 with SMTP id g16-20020a7bc4d0000000b0040d90429747mr1609192wmk.47.1704697205940; Sun, 07 Jan 2024 23:00:05 -0800 (PST) X-Received: from fedora.. (ip-037-049-067-221.um09.pools.vodafone-ip.de. [37.49.67.221]) by smtp.gmail.com with ESMTPSA id y10-20020a5d620a000000b003372befd19bsm6943031wru.104.2024.01.07.23.00.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Jan 2024 23:00:05 -0800 (PST) From: "Patrick Rudolph" To: devel@edk2.groups.io Cc: sean@starlabs.systems, gua.guo@intel.com, james.lu@intel.com, ray.ni@intel.com, guo.dong@intel.com, sheng.tan@9elements.com, Patrick Rudolph Subject: [edk2-devel] [PATCH] UefiPayloadPkg: CbParseLib: Fix integer overflow Date: Mon, 8 Jan 2024 07:59:21 +0100 Message-ID: <48d2fc1437b07b1e815f3ca8cabc9c1a2fc05a87.1704696950.git.patrick.rudolph@9elements.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,patrick.rudolph@9elements.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=qSszPdxV; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=9elements.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io The IMD entry uses the 32bit start field as relative offset to root. On Ia32X64 this works fine as UINTN is also 32 bit and negative relative offsets are properly calculated due to an integer overflow. On X64 this doesn't work as UINTN is 64 bit and the offset is no longer subtracted, but it's added to the root. Fix that by sign extending the start field to 64 bit. Test: Booting UefiPayloadPkg still works on Ia32X64 and now also works on X64. Signed-off-by: Patrick Rudolph --- UefiPayloadPkg/Library/CbParseLib/CbParseLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c b/UefiPayloadPk= g/Library/CbParseLib/CbParseLib.c index 8a353f77f6..9e149532a7 100644 --- a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c +++ b/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c @@ -282,7 +282,7 @@ FindCbMemTable ( for (Idx =3D 0; Idx < Root->num_entries; Idx++) {=0D if (Entries[Idx].id =3D=3D TableId) {=0D if (IsImdEntry) {=0D - *MemTable =3D (VOID *)((UINTN)Entries[Idx].start + (UINTN)Root);=0D + *MemTable =3D (VOID *)((INTN)(INT32)Entries[Idx].start + (UINTN)Ro= ot);=0D } else {=0D *MemTable =3D (VOID *)(UINTN)Entries[Idx].start;=0D }=0D --=20 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113361): https://edk2.groups.io/g/devel/message/113361 Mute This Topic: https://groups.io/mt/103593206/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-