From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C17701A1DF5 for ; Thu, 13 Oct 2016 01:59:54 -0700 (PDT) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga102.fm.intel.com with ESMTP; 13 Oct 2016 01:59:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,339,1473145200"; d="scan'208";a="179382300" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga004.fm.intel.com with ESMTP; 13 Oct 2016 01:59:54 -0700 Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 13 Oct 2016 01:59:54 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 13 Oct 2016 01:59:54 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.209]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002; Thu, 13 Oct 2016 16:59:38 +0800 From: "Ni, Ruiyu" To: Thomas Palmer , "edk2-devel@lists.01.org" Thread-Topic: [PATCH] Nt32Pkg/WinNtBusDriverDxe: Fix small memory overrun Thread-Index: AQHSJMdeIRNaHqkqrkOPSMx62VTePqCmFqjw Date: Thu, 13 Oct 2016 08:59:38 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D58E33851@SHSMSX104.ccr.corp.intel.com> References: <1476304179-6493-1-git-send-email-thomas.palmer@hpe.com> In-Reply-To: <1476304179-6493-1-git-send-email-thomas.palmer@hpe.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDY0ZWMzYmYtY2Q5YS00YzAwLWE1YWEtMjcxOTM4MmU0OTVjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX1BVQkxJQyJ9XX1dfSwiU3ViamVjdExhYmVscyI6W10sIlRNQ1ZlcnNpb24iOiIxNS45LjYuNiIsIlRydXN0ZWRMYWJlbEhhc2giOiJ6bTVHWVBOYkl2enZOQ056UWxoRTFCdG1YdUU4VHl5emZxc25NbTJUc2NjPSJ9 x-ctpclassification: CTP_PUBLIC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] Nt32Pkg/WinNtBusDriverDxe: Fix small memory overrun X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 08:59:55 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ruiyu Ni >-----Original Message----- >From: Thomas Palmer [mailto:thomas.palmer@hpe.com] >Sent: Thursday, October 13, 2016 4:30 AM >To: edk2-devel@lists.01.org >Cc: Ni, Ruiyu ; joseph.shifflett@hpe.com; Thomas Palme= r >Subject: [PATCH] Nt32Pkg/WinNtBusDriverDxe: Fix small memory overrun > >When allocating memory for a string, the CHAR16 NUL character needs >two bytes of space. Use StrSize to get accurate size > >Contributed-under: TianoCore Contribution Agreement 1.0 >Signed-off-by: Thomas Palmer >--- > Nt32Pkg/WinNtBusDriverDxe/WinNtBusDriver.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/Nt32Pkg/WinNtBusDriverDxe/WinNtBusDriver.c b/Nt32Pkg/WinNtBus= DriverDxe/WinNtBusDriver.c >index 1516ab8..c46ee07 100644 >--- a/Nt32Pkg/WinNtBusDriverDxe/WinNtBusDriver.c >+++ b/Nt32Pkg/WinNtBusDriverDxe/WinNtBusDriver.c >@@ -452,8 +452,8 @@ Returns: > PcdTempStr =3D (VOID *)LibPcdGetPtr (mPcdEnvironment[Index].Token); > ASSERT (PcdTempStr !=3D NULL); > >- TempStrSize =3D StrLen (PcdTempStr); >- TempStr =3D AllocateMemory ((TempStrSize * sizeof (CHAR16)) + 1); >+ TempStrSize =3D StrSize (PcdTempStr); >+ TempStr =3D AllocateMemory (TempStrSize); > StrCpy (TempStr, PcdTempStr); > > StartString =3D TempStr; >-- >2.7.4