From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5F1A32194233D for ; Thu, 6 Apr 2017 23:52:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1491547945; x=1523083945; h=from:to:cc:subject:date:message-id:mime-version; bh=TB5F0TV+JfBm4yj4UYgIMv7Ft6i9G8vV5+rJ5OEWv2Y=; b=sRaUxtPf5ioX6bKpJ9HTkEMN3JkiGIsKfwwBYXpxAi67+e2fcKLeu+un wOxuNRSDwD+XM9sK4o7jseTtKKQkYA==; Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Apr 2017 23:52:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,164,1488873600"; d="dat'59?scan'59,208,59";a="85800575" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga005.fm.intel.com with ESMTP; 06 Apr 2017 23:52:18 -0700 Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 6 Apr 2017 23:52:17 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 6 Apr 2017 23:52:17 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.246]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.117]) with mapi id 14.03.0319.002; Fri, 7 Apr 2017 14:52:15 +0800 From: "Song, BinX" To: "edk2-devel@lists.01.org" CC: "Gao, Liming" Thread-Topic: [PATCH] MdeModulePkg: Fix BrotliCustomDecompressLib potential issue Thread-Index: AdKva31sNs1yyyJ/QMSWt9Ja5xarGg== Date: Fri, 7 Apr 2017 06:52:15 +0000 Message-ID: <559D2DF22BC9A3468B4FA1AA547F0EF10255AC9B@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: <559D2DF22BC9A3468B4FA1AA547F0EF10255AC9B@shsmsx102.ccr.corp.intel.com> x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 Subject: [PATCH] MdeModulePkg: Fix BrotliCustomDecompressLib potential issue X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 06:52:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable - Fix BrotliCustomDecompressLib potential issue Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Bell Song --- .../Library/BrotliCustomDecompressLib/BrotliDecompress.c | 1 + MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c | 12 ++++++++= ---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompres= s.c b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c index 2c2648a..a303921 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/BrotliDecompress.c @@ -126,6 +126,7 @@ BrotliDecompress ( BrotliState * BroState; VOID * Temp; =20 + TotalOut =3D 0; AvailableOut =3D FILE_BUFFER_SIZE; Result =3D BROTLI_RESULT_ERROR; BroState =3D BrotliCreateState(BrAlloc, BrFree, BuffInfo); diff --git a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c b/= MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c index 1ebab3c..c49fab9 100644 --- a/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c +++ b/MdeModulePkg/Library/BrotliCustomDecompressLib/dec/decode.c @@ -802,6 +802,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const Huf= fmanCode* table, uint32_t code; uint32_t nbits; code =3D ReadSymbol(table, br); + if (code >=3D BROTLI_NUM_BLOCK_LEN_SYMBOLS) code =3D BROTLI_NUM_BLOCK_LE= N_SYMBOLS - 1; nbits =3D kBlockLengthPrefixCode[code].nbits; /* nbits =3D=3D 2..24 */ return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); } @@ -872,13 +873,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransfo= rm( for (i =3D 0; i < v_len; ++i) { int index =3D v[i]; uint8_t value =3D mtf[index]; - upper_bound |=3D v[i]; + upper_bound |=3D (uint32_t)v[i]; v[i] =3D value; mtf[-1] =3D value; - do { + while (index > 0) { index--; mtf[index + 1] =3D mtf[index]; - } while (index >=3D 0); + } } /* Remember amount of elements to be reinitialized. */ state->mtf_upper_bound =3D upper_bound; @@ -1498,6 +1499,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal( return BROTLI_FALSE; } } + if (cmd_code >=3D BROTLI_NUM_COMMAND_SYMBOLS) cmd_code =3D BROTLI_NUM_CO= MMAND_SYMBOLS - 1; v =3D kCmdLut[cmd_code]; s->distance_code =3D v.distance_code; s->distance_context =3D v.context; @@ -2209,7 +2211,9 @@ BrotliDecoderResult BrotliDecoderDecompressStream( } s->max_distance =3D s->max_backward_distance; if (s->state =3D=3D BROTLI_STATE_COMMAND_POST_WRITE_1) { - memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos); + if (s->ringbuffer !=3D 0) { + memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos); + } if (s->meta_block_remaining_len =3D=3D 0) { /* Next metablock, if any */ s->state =3D BROTLI_STATE_METABLOCK_DONE; --=20 2.10.2.windows.1