From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from david.siemens.de (david.siemens.de [192.35.17.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EC01381F03 for ; Tue, 24 Jan 2017 08:48:02 -0800 (PST) Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id v0OGlwaq028378 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Jan 2017 17:47:58 +0100 Received: from DEFTHW99ERJMSX.ww902.siemens.net (defthw99erjmsx.ww902.siemens.net [139.22.70.135]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id v0OGlv7A014126 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 24 Jan 2017 17:47:58 +0100 Received: from DEFTHW99ER1MSX.ww902.siemens.net (139.22.70.71) by DEFTHW99ERJMSX.ww902.siemens.net (139.22.70.135) with Microsoft SMTP Server (TLS) id 14.3.339.0; Tue, 24 Jan 2017 17:47:57 +0100 Received: from DEFTHW99EK3MSX.ww902.siemens.net ([169.254.4.42]) by DEFTHW99ER1MSX.ww902.siemens.net ([139.22.70.71]) with mapi id 14.03.0339.000; Tue, 24 Jan 2017 17:47:56 +0100 From: "Witt, Sebastian" To: "Carsey, Jaben" , "edk2-devel@lists.01.org" Thread-Topic: [PATCH] Fix edit on screens with more than 200 columns Thread-Index: AdJ2ODiu1mdD8bRPQUiM1SL7j7EOggACzgCQAAbPCjAAAIdv4A== Date: Tue, 24 Jan 2017 16:47:56 +0000 Message-ID: <5964EF557D87964BB107B86316EE26D21E0F4EA0@DEFTHW99EK3MSX.ww902.siemens.net> References: <5964EF557D87964BB107B86316EE26D21E0F4BB8@DEFTHW99EK3MSX.ww902.siemens.net> In-Reply-To: Accept-Language: de-DE, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [139.22.70.10] MIME-Version: 1.0 Subject: Re: [PATCH] Fix edit on screens with more than 200 columns X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2017 16:48:03 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Only performance. But I haven't measured if there is a big difference betwe= en static buffer and AllocateZeroPool. I wouldn't use a fixed value. There = may be a display device with more than 400 columns. Otherwise one can alway= s allocate the [LastCol + 1] buffer. -----Original Message----- From: Carsey, Jaben [mailto:jaben.carsey@intel.com]=20 Sent: Dienstag, 24. Januar 2017 17:27 To: Witt, Sebastian (DF FA AS DH KHE 1); edk2-devel@lists.01.org Cc: Carsey, Jaben Subject: RE: [PATCH] Fix edit on screens with more than 200 columns Is there a reason to not just always start with allocating the 400 and then= we don't need to complicate the end to conditionally free the buffer? > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of=20 > Witt, Sebastian > Sent: Tuesday, January 24, 2017 5:14 AM > To: edk2-devel@lists.01.org > Subject: [edk2] [PATCH] Fix edit on screens with more than 200 columns > Importance: High >=20 > If the shell edit command is used on a screen with more than > 200 columns, we get a buffer overflow. This increases the default=20 > buffer size to > 400 columns and allocates a pool when this is not enough. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Sebastian Witt >=20 > --- > .../UefiShellDebug1CommandsLib.c | 15 +++++++++= +++++- > 1 file changed, 14 insertions(+), 1 deletion(-) >=20 > diff --git > a/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL > i > b.c > b/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL > i > b.c > index 6ebf002..d81dd01 100644 > --- > a/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL > i > b.c > +++ > b/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Command > +++ sLib.c > @@ -302,12 +302,21 @@ EditorClearLine ( > IN UINTN LastRow > ) > { > - CHAR16 Line[200]; > + CHAR16 Buffer[400]; > + CHAR16 *Line =3D Buffer; >=20 > if (Row =3D=3D 0) { > Row =3D 1; > } >=20 > + // If there are more columns than our buffer can contain, allocate=20 > + new buffer if (LastCol >=3D (sizeof (Buffer) / sizeof (CHAR16))) { > + Line =3D AllocateZeroPool (LastCol*(sizeof(CHAR16) + 1)); > + if (Line =3D=3D NULL) { > + return; > + } > + } > + > // > // prepare a blank line > // > @@ -326,6 +335,10 @@ EditorClearLine ( > // print out the blank line > // > ShellPrintEx (0, ((INT32)Row) - 1, Line); > + > + // Free if allocated > + if (Line !=3D Buffer) > + FreePool (Line); > } >=20 > /** > -- > 2.1.4 >=20 > With best regards, > Sebastian Witt >=20 > Siemens AG > Digital Factory Division > Factory Automation > Automation Products and Systems > DF FA AS DH KHE 1 > Oestliche Rheinbrueckenstr. 50 > 76187 Karlsruhe, Germany > Tel.: +49 721 595-5326 > mailto:sebastian.witt@siemens.com >=20 > www.siemens.com/ingenuityforlife >=20 > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard=20 > Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief=20 > Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina=20 > Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin=20 > and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB=20 > 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel