Hi Guomin, I think you missed one at line 435, function PowerButtonPhaseToString(). Regards, Jian From: Jiang, Guomin Sent: Monday, March 30, 2020 9:32 AM To: devel@edk2.groups.io; newexplorerj@gmail.com; GuoMinJ via Groups.Io Cc: Wang, Jian J ; Wu, Hao A Subject: RE: [edk2-devel] [PATCH] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index Hi Jian, Hao, Could you please help review this change? Thanks From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of GuoMinJ Sent: Thursday, March 26, 2020 2:11 PM To: devel@edk2.groups.io; newexplorerj@gmail.com; GuoMinJ via Groups.Io > Cc: Wang, Jian J >; Wu, Hao A > Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index Hi jiang, hao could you please help verify this change. -------- Original message -------- From: "GuoMinJ via Groups.Io" > Date: Sat, Feb 22, 2020, 1:19 PM To: devel@edk2.groups.io Cc: GuoMinJ > Subject: [edk2-devel] [PATCH] MdeModulePkg/SmiHandlerProfileInfo: Overflowed Array Index REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2272 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2289 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2290 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2287 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2288 Index should be off-by one than size of array, so when check array, the max index should less than size of array. Signed-off-by: GuoMinJ > --- .../SmiHandlerProfileInfo/SmiHandlerProfileInfo.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c index 0f7163160b..4f195b16ce 100644 --- a/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c +++ b/MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileInfo.c @@ -382,7 +382,7 @@ SxTypeToString ( IN EFI_SLEEP_TYPE Type ) { - if (Type >= 0 && Type <= ARRAY_SIZE(mSxTypeString)) { + if (Type >= 0 && Type < ARRAY_SIZE(mSxTypeString)) { return mSxTypeString[Type]; } else { AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type); @@ -407,7 +407,7 @@ SxPhaseToString ( IN EFI_SLEEP_PHASE Phase ) { - if (Phase >= 0 && Phase <= ARRAY_SIZE(mSxPhaseString)) { + if (Phase >= 0 && Phase < ARRAY_SIZE(mSxPhaseString)) { return mSxPhaseString[Phase]; } else { AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase); @@ -457,7 +457,7 @@ StandbyButtonPhaseToString ( IN EFI_STANDBY_BUTTON_PHASE Phase ) { - if (Phase >= 0 && Phase <= ARRAY_SIZE(mStandbyButtonPhaseString)) { + if (Phase >= 0 && Phase < ARRAY_SIZE(mStandbyButtonPhaseString)) { return mStandbyButtonPhaseString[Phase]; } else { AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Phase); @@ -483,7 +483,7 @@ IoTrapTypeToString ( IN EFI_SMM_IO_TRAP_DISPATCH_TYPE Type ) { - if (Type >= 0 && Type <= ARRAY_SIZE(mIoTrapTypeString)) { + if (Type >= 0 && Type < ARRAY_SIZE(mIoTrapTypeString)) { return mIoTrapTypeString[Type]; } else { AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type); @@ -508,7 +508,7 @@ UsbTypeToString ( IN EFI_USB_SMI_TYPE Type ) { - if (Type >= 0 && Type <= ARRAY_SIZE(mUsbTypeString)) { + if (Type >= 0 && Type < ARRAY_SIZE(mUsbTypeString)) { return mUsbTypeString[Type]; } else { AsciiSPrint (mNameString, sizeof(mNameString), "0x%x", Type); -- 2.17.1