From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from spamsz.greatwall.com.cn (spamsz.greatwall.com.cn [58.60.186.99]) by mx.groups.io with SMTP id smtpd.web12.9836.1608632321533341616 for ; Tue, 22 Dec 2020 02:18:44 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: greatwall.com.cn, ip: 58.60.186.99, mailfrom: gechao@greatwall.com.cn) X-ASG-Debug-ID: 1608632316-0ec572145855bd0001-xsgHyH Received: from greatwall.com.cn (mailsz01.greatwall.com.cn [10.11.120.1]) by spamsz.greatwall.com.cn with ESMTP id tb6bOADgCjGa42st for ; Tue, 22 Dec 2020 18:18:36 +0800 (CST) X-Barracuda-Envelope-From: gechao@greatwall.com.cn X-Barracuda-RBL-Trusted-Forwarder: 10.11.120.1 Received: from DESKTOP-8UEJ5KU.greatwall.com.cn (unknown [10.11.15.76]) by mailsz.greatwall.com.cn (Coremail) with SMTP id AXgLCgBnoKXax+Ff1uE2AA--.26785S2; Tue, 22 Dec 2020 18:18:03 +0800 (CST) From: gechao@greatwall.com.cn X-Barracuda-RBL-Trusted-Forwarder: 10.11.15.76 To: devel@edk2.groups.io, zhichao.gao@intel.com Cc: ray.ni@intel.com, gechao Subject: [PATCH] MdeModulePkg/TerminalDxe: Fix terminal fifo buffer overflow with UINT8 type Date: Tue, 22 Dec 2020 18:18:32 +0800 X-ASG-Orig-Subj: [PATCH] MdeModulePkg/TerminalDxe: Fix terminal fifo buffer overflow with UINT8 type Message-Id: <5d397bc53140165ed278ea5bf020b0c69acd18eb.1608632264.git.gechao@greatwall.com.cn> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CM-TRANSID: AXgLCgBnoKXax+Ff1uE2AA--.26785S2 X-Coremail-Antispam: 1UD129KBjvdXoWrZr1rtrWDAw1DuF1xWr1UAwb_yoWkWFb_Wa 409w1UAw1UWr93Zr18CF1YyF4vgay7ZFW8A39xZa9xAa45GF40qr97W34vqanrGrsrX397 G3WUCrZ3tFyUujkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbcxFF20E14v26r1j6r4UM7CY07I20VC2zVCF04k26cxKx2IYs7xG 6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8w A2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j 6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwAKzVCY07xG64k0F24l 42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJV WUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI7VAK I48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r 4UMIIF0xvE42xK8VAvwI8IcIk0rVWrZr1j6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF 0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnUUI43ZEXa7VUjRVbDUUUUU== X-CM-SenderInfo: xjhfxtvr6j2vpdwztz3oof0zgofq/ X-Barracuda-Connect: mailsz01.greatwall.com.cn[10.11.120.1] X-Barracuda-Start-Time: 1608632316 X-Barracuda-URL: https://spamfw.greatwall.com.cn:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at greatwall.com.cn X-Barracuda-Scan-Msg-Size: 1111 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.4136 1.0000 0.0000 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=NO_REAL_NAME X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86704 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 NO_REAL_NAME From: does not include a real name Content-Transfer-Encoding: quoted-printable From: gechao The maximum fifo buffer length is RAW_FIFO_MAX_NUMBER + 1 =3D 257, but the maximum value of terminal fifo buffer index is sizeof(UINT8) - 1 =3D 255 wi= th UINT8 type, so check if fifo buffer is empty or full with below expression, ((Tail + 1) % (RAW_FIFO_MAX_NUMBER + 1)) =3D=3D Head, (Tail + 1) might be sizeof(UINT8) + 1 =3D 256, for UINT8 type, it does not make any sense. Signed-off-by: gechao --- MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h b/MdeMod= ulePkg/Universal/Console/TerminalDxe/Terminal.h index 378ace13ce..360e58e847 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h @@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D =0D =0D -#define RAW_FIFO_MAX_NUMBER 256=0D +#define RAW_FIFO_MAX_NUMBER 255=0D #define FIFO_MAX_NUMBER 128=0D =0D typedef struct {=0D --=20 2.25.1