From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.1203.1572419684814010860 for ; Wed, 30 Oct 2019 00:14:45 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: hao.a.wu@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2019 00:14:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,246,1569308400"; d="scan'208";a="400050185" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga005.fm.intel.com with ESMTP; 30 Oct 2019 00:14:43 -0700 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 30 Oct 2019 00:14:43 -0700 Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 30 Oct 2019 00:14:43 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.127]) by SHSMSX108.ccr.corp.intel.com ([169.254.8.41]) with mapi id 14.03.0439.000; Wed, 30 Oct 2019 15:14:41 +0800 From: "Wu, Hao A" To: "devel@edk2.groups.io" , "Zhang, Shenglei" CC: "Ni, Ray" Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/SdBlockIoPei: Add check for DeviceIndex Thread-Topic: [edk2-devel] [PATCH] MdeModulePkg/SdBlockIoPei: Add check for DeviceIndex Thread-Index: AQHVhLMbjK2mAdUEM0K+pujkBWqoeKdy2JwQ Date: Wed, 30 Oct 2019 07:14:41 +0000 Message-ID: References: <20191017062111.10568-1-shenglei.zhang@intel.com> <20191017062111.10568-2-shenglei.zhang@intel.com> In-Reply-To: <20191017062111.10568-2-shenglei.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Zhang, Shenglei > Sent: Thursday, October 17, 2019 2:21 PM > To: devel@edk2.groups.io > Cc: Wu, Hao A; Ni, Ray > Subject: [edk2-devel] [PATCH] MdeModulePkg/SdBlockIoPei: Add check for > DeviceIndex >=20 > DeviceIndex is used as index in Slot[]. The max size of Slot[] > is SD_PEIM_MAX_SLOTS. So DeviceIndex should be checked before used. >=20 > Cc: Hao A Wu > Cc: Ray Ni > Signed-off-by: Shenglei Zhang > --- > MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c > b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c > index 8fa58d65b22c..25530dcb34ce 100644 > --- a/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c > +++ b/MdeModulePkg/Bus/Sd/SdBlockIoPei/SdBlockIoPei.c > @@ -174,7 +174,7 @@ SdBlockIoPeimGetMediaInfo ( >=20 > Private =3D GET_SD_PEIM_HC_PRIVATE_DATA_FROM_THIS (This); >=20 > - if ((DeviceIndex =3D=3D 0) || (DeviceIndex > Private->TotalBlkIoDevic= es)) { > + if ((DeviceIndex =3D=3D 0) || (DeviceIndex > Private->TotalBlkIoDevic= es) || > (DeviceIndex > (SD_PEIM_MAX_SLOTS - 1))) { Hello, I do not think the change is proper, since 'DeviceIndex' is used to access= the array Private->Slot[SD_PEIM_MAX_SLOTS] like: Private->Slot[DeviceIndex - 1] I think the change should be: ... || (DeviceIndex > (SD_PEIM_MAX_SLOTS) instead of: ... || (DeviceIndex > (SD_PEIM_MAX_SLOTS - 1) Could you help to double confirm on this? Thanks in advance. Best Regards, Hao Wu > return EFI_INVALID_PARAMETER; > } >=20 > @@ -252,7 +252,7 @@ SdBlockIoPeimReadBlocks ( > return EFI_SUCCESS; > } >=20 > - if ((DeviceIndex =3D=3D 0) || (DeviceIndex > Private->TotalBlkIoDevic= es)) { > + if ((DeviceIndex =3D=3D 0) || (DeviceIndex > Private->TotalBlkIoDevic= es) || > (DeviceIndex > (SD_PEIM_MAX_SLOTS - 1))) { > return EFI_INVALID_PARAMETER; > } >=20 > -- > 2.18.0.windows.1 >=20 >=20 >=20