From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A47A881F07 for ; Tue, 24 Jan 2017 18:29:55 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP; 24 Jan 2017 18:29:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,281,1477983600"; d="scan'208";a="812966465" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by FMSMGA003.fm.intel.com with ESMTP; 24 Jan 2017 18:29:55 -0800 Received: from fmsmsx102.amr.corp.intel.com (10.18.124.200) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Jan 2017 18:29:55 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX102.amr.corp.intel.com (10.18.124.200) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Jan 2017 18:29:54 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002; Wed, 25 Jan 2017 10:29:52 +0800 From: "Gao, Liming" To: wang xiaofeng CC: "edk2-devel@lists.01.org" , "Dong, Eric" Thread-Topic: [edk2] SetUnicodeMem in DisplayEngineDxe seems unsafe Thread-Index: AQHSdhdxu6fibtGePEqnq5TiCvWTF6FIXqeQ//+SnoCAAIhOcA== Date: Wed, 25 Jan 2017 02:29:52 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14D6D4713@shsmsx102.ccr.corp.intel.com> References: <74D8A39837DF1E4DA445A8C0B3885C503A8DAEFD@shsmsx102.ccr.corp.intel.com> <7ccf9ae0.3b20.15990a025f3.Coremail.winggundum82@163.com> <74D8A39837DF1E4DA445A8C0B3885C503A8DEFEE@shsmsx102.ccr.corp.intel.com> <3d6f0ddd.45de.1599650c94c.Coremail.winggundum82@163.com> <427ee1e3.4404.159cf79e45f.Coremail.winggundum82@163.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14D6D4671@shsmsx102.ccr.corp.intel.com> <5824bac0.f0d.159d36ddb6c.Coremail.winggundum82@163.com> In-Reply-To: <5824bac0.f0d.159d36ddb6c.Coremail.winggundum82@163.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: SetUnicodeMem in DisplayEngineDxe seems unsafe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2017 02:29:55 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable https://bugzilla.tianocore.org/ Thanks Liming >-----Original Message----- >From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >wang xiaofeng >Sent: Wednesday, January 25, 2017 10:22 AM >To: Gao, Liming >Cc: edk2-devel@lists.01.org; Dong, Eric >Subject: Re: [edk2] SetUnicodeMem in DisplayEngineDxe seems unsafe > >Hi Liming, > Where is the BugZillar link? I will try if I can submit it. But not su= re where I >can quickly apply for an account. > > > > > > > > >At 2017-01-25 08:54:47, "Gao, Liming" wrote: >>Xiaofeng: >> Yes. This is a potential issue. This API should be updated with origin= al Buffer >Size. Could you help submit this issue in BugZillar? >> >>Thanks >>Liming >>>-----Original Message----- >>>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >>>wang xiaofeng >>>Sent: Tuesday, January 24, 2017 3:56 PM >>>To: edk2-devel@lists.01.org; Dong, Eric >>>Subject: [edk2] SetUnicodeMem in DisplayEngineDxe seems unsafe >>> >>>Hi DisplayEngineDxe Owner, >>> SetUnicodeMem seems unsafe since the buffer may overflow if the >input >>>Size is bigger than buffer size.Do we think about improve the function >>> >>> >>>/** >>> Set Buffer to Value for Size bytes. >>> >>> >>> @param Buffer Memory to set. >>> @param Size Number of bytes to set >>> @param Value Value of the set operation. >>> >>> >>>**/ >>>VOID >>>SetUnicodeMem ( >>> IN VOID *Buffer, >>> IN UINTN Size, >>> IN CHAR16 Value >>> ) >>>{ >>> CHAR16 *Ptr; >>> >>> >>> Ptr =3D Buffer; >>> while ((Size--) !=3D 0) { >>> *(Ptr++) =3D Value; >>> } >>>} >>> >>> The problem I meet is liking the following screen. Year in main page = shows >>>incorrect char randomly. >>> >>> If I turn off GetNumericInput optimize with #pragma optimize( "", off= ) in >>>InputHandler.c , or swtich to use StrCpyS like this. The problem disappe= ar. >This >>>issue cannot be seen in OVMF ,but it can be reproduced in our own >platform >>>with a rate of 30%. >>> >>> >>> >>>_______________________________________________ >>>edk2-devel mailing list >>>edk2-devel@lists.01.org >>>https://lists.01.org/mailman/listinfo/edk2-devel >>_______________________________________________ >>edk2-devel mailing list >>edk2-devel@lists.01.org >>https://lists.01.org/mailman/listinfo/edk2-devel >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel