From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id D27FAD81163 for ; Thu, 11 Jan 2024 08:43:49 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4Frt0z1u15EWLVo9Ra6nDMGA+ADuroUVCtn0nd5dvwM=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20140610; t=1704962628; v=1; b=eS2acMVv9/JAnU/4n+MU7WSzT1p44SFpFgg4mNOKJpJqGRjSdHorjqf+JjvTHknXYI/VkIB2 xucYJxmLC/Xd9IkQC/bASMgBH9MG37nlGOW0imiUuy/5WLN/8vQDuaR72XC3PrjZORaD9VmjmyS ouwSMhSrUk9VstaYC2avRKcc= X-Received: by 127.0.0.2 with SMTP id T8HVYY7687511xkUcdmJVDVO; Thu, 11 Jan 2024 00:43:48 -0800 X-Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by mx.groups.io with SMTP id smtpd.web11.7416.1704962627549626118 for ; Thu, 11 Jan 2024 00:43:48 -0800 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 32464CE1E71 for ; Thu, 11 Jan 2024 08:43:44 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85C37C433C7 for ; Thu, 11 Jan 2024 08:43:42 +0000 (UTC) X-Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-50eaa8b447bso5470923e87.1 for ; Thu, 11 Jan 2024 00:43:42 -0800 (PST) X-Gm-Message-State: ZtvTbLEbS37CqaOrj73p1lOix7686176AA= X-Google-Smtp-Source: AGHT+IHCw12vkjovRYkrVXwiwE9/M7AiiS/ovSZy4HISfz4VFrDLEaXe1iA1CHGtDL7V6wtT3xOOVw3baXTdbrkGxr0= X-Received: by 2002:a05:6512:280d:b0:50e:e1f1:dd30 with SMTP id cf13-20020a056512280d00b0050ee1f1dd30mr24609lfb.93.1704962620632; Thu, 11 Jan 2024 00:43:40 -0800 (PST) MIME-Version: 1.0 References: <17A9331C4FE606BC.28944@groups.io> In-Reply-To: From: "Ard Biesheuvel" Date: Thu, 11 Jan 2024 09:43:29 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob() To: devel@edk2.groups.io, gua.guo@intel.com Cc: Gerd Hoffmann , "Mathews, John" , "Zimmer, Vincent" Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=eS2acMVv; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) On Thu, 11 Jan 2024 at 09:35, Guo, Gua wrote: > > CC: @Mathews, John and @Zimmer, Vincent > > Hi @Gerd Hoffmann > > My company teammate share me your patch can resolved https://bugzilla.tianocore.org/show_bug.cgi?id=4166. So the signed-off name is your name. > Again, a signed-off-by line is *not* a statement of authorship. You *cannot* add it on someone else's behalf if you want to credit the author. A signed-off-by line is a statement by the contributor of the code to indicate that the contributed code is made available under conditions that are in agreement with the open source license of the project. If you want to credit the author, you can mention their name in the commit log, or add some other tag (authored-by, for example). If you want to contribute code by another author, and you know you are able to do so under the terms, you should indicate so by adding your own signed-off line to the patch. Thanks, Ard. > If you have any concern, you can also share for me, if you don't have concern please also let me know, before merging it. > > It's PR https://github.com/tianocore/edk2/pull/5252/ > > Thanks, > Gua > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Guo, Gua > Sent: Thursday, January 11, 2024 1:15 PM > To: devel@edk2.groups.io > Cc: Guo, Gua > Subject: [edk2-devel] [PATCH v1 0/4] Bz4166: Integer Overflow in CreateHob() > > From: Gua Guo > > Fix Integer Overflow for CVE-2022-36765 > 1. UefiPayloadPkg/Hob: Integer Overflow in CreateHob() 2. StandaloneMmPkg/Hob: Integer Overflow in CreateHob() 3. EmbeddedPkg/Hob: Integer Overflow in CreateHob() 4. MdeModulePkg/Hob: Integer Overflow in CreateHob() > > > Gerd Hoffmann (4): > UefiPayloadPkg/Hob: Integer Overflow in CreateHob() > StandaloneMmPkg/Hob: Integer Overflow in CreateHob() > EmbeddedPkg/Hob: Integer Overflow in CreateHob() > MdeModulePkg/Hob: Integer Overflow in CreateHob() > > EmbeddedPkg/Library/PrePiHobLib/Hob.c | 6 ++++++ > MdeModulePkg/Core/Pei/Hob/Hob.c | 2 +- > .../StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c | 6 ++++++ > UefiPayloadPkg/Library/PayloadEntryHobLib/Hob.c | 6 ++++++ > 4 files changed, 19 insertions(+), 1 deletion(-) > > -- > 2.39.2.windows.1 > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113594): https://edk2.groups.io/g/devel/message/113594 Mute This Topic: https://groups.io/mt/103657270/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-