From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8F66D802B4 for ; Sun, 5 Mar 2017 17:29:38 -0800 (PST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Mar 2017 17:29:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,251,1484035200"; d="scan'208";a="72524719" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga005.fm.intel.com with ESMTP; 05 Mar 2017 17:29:37 -0800 Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 5 Mar 2017 17:29:37 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 5 Mar 2017 17:29:37 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002; Mon, 6 Mar 2017 09:29:35 +0800 From: "Zhang, Chao B" To: "Wu, Hao A" , "edk2-devel@lists.01.org" Thread-Topic: [PATCH v3 5/6] SecurityPkg: Refine type cast for pointer subtraction Thread-Index: AQHSjxxrC0PdO0cmREOBrjb4l6jXj6GHE+cw Date: Mon, 6 Mar 2017 01:29:34 +0000 Message-ID: References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> <1487995514-7628-6-git-send-email-hao.a.wu@intel.com> In-Reply-To: <1487995514-7628-6-git-send-email-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v3 5/6] SecurityPkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 01:29:38 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Chao Zhang -----Original Message----- From: Wu, Hao A=20 Sent: Saturday, February 25, 2017 12:05 PM To: edk2-devel@lists.01.org Cc: Wu, Hao A ; Zhang, Chao B Subject: [PATCH v3 5/6] SecurityPkg: Refine type cast for pointer subtracti= on For pointer subtraction, the result is of type "ptrdiff_t". According to th= e C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same= array object, or one past the last element of the array object; the result= is the difference of the subscripts of the two array elements. The size of= the result is implementation-defined, and its type (a signed integer type)= is ptrdiff_t defined in the header. If the result is not repres= entable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed= by pointers to elements of the same array object. This might lead to poten= tial issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some st= atic code checkers may warn that the pointer subtraction might underflow fi= rst and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each = pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek --- SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c = | 16 ++++++++-------- SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c = | 10 +++++----- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c = | 6 +++--- SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c = | 10 +++++----- SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c = | 10 +++++----- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl= .c | 12 ++++++------ 6 files changed, 32 insertions(+), 32 deletions(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati= onLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL= ib.c index e28e106..588072c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLi +++ b.c @@ -391,13 +391,13 @@ HashPeImage ( // // Use PE32 offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Check= Sum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) -=20 + (UINTN) HashBase; NumberOfRvaAndSizes =3D mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndS= izes; } else if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { // // Use PE32+ offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.C= heckSum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) -= =20 + (UINTN) HashBase; NumberOfRvaAndSizes =3D mNtHeader.Pe32Plus->OptionalHeader.NumberOfRva= AndSizes; } else { // @@ -425,13 +425,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + si= zeof (UINT32); - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) = (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders -=20 + ((UINTN) HashBase - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum = + sizeof (UINT32); - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UIN= TN) (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders -=20 + ((UINTN) HashBase - (UINTN) mImageBase); } =20 if (HashSize !=3D 0) { @@ -449,13 +449,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + si= zeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Dat= aDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENT + RY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum = + sizeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader= .DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY + _ENTRY_SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { @@ -474,13 +474,13 @@ HashPeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory= [EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) = (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders -=20 + ((UINTN) HashBase - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirec= tory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UIN= TN) (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders -=20 + ((UINTN) HashBase - (UINTN) mImageBase); } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.= c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index 52bf582..8167a21 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -15,7 +15,7 @@ TcgMeasureGptTable() function will receive untrusted GPT partition table= , and parse partition data carefully. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -443,13 +4= 43,13 @@ TcgMeasurePeImage ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)=20 + HashBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) -=20 + (UINTN) HashBase; } =20 HashStatus =3D Sha1Update (Sha1Ctx, HashBase, HashSize); @@ -494,13 +494= ,13 @@ TcgMeasurePeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SEC + URITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY + _SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Li= brary/Tpm2CommandLib/Tpm2Help.c index 64d3c53..180f360 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 help. =20 -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -141,7 +14= 1,7 @@ CopyAuthSessionCommand ( Buffer +=3D sizeof(UINT16); } =20 - return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionOut); + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut); } =20 /** @@ -186,7 +186,7 @@ CopyAuthSessionResponse ( CopyMem (AuthSessionOut->hmac.buffer, Buffer, AuthSessionOut->hmac.size)= ; Buffer +=3D AuthSessionOut->hmac.size; =20 - return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionIn); + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionIn); } =20 /** diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= Tcg2Dxe/MeasureBootPeCoff.c index de55ed9..8ee34a7 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c @@ -6,7 +6,7 @@ This external input must be validated carefully to avoid security issue = like buffer overflow, integer overflow. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -206,13 +2= 06,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)=20 + HashBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) -=20 + (UINTN) HashBase; } =20 Status =3D HashUpdate (HashHandle, HashBase, HashSize); @@ -257,13 +257,= 13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SEC + URITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY + _SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= TrEEDxe/MeasureBootPeCoff.c index b20fc70..a7de588 100644 --- a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c @@ -6,7 +6,7 @@ This external input must be validated carefully to avoid security issue = like buffer overflow, integer overflow. =20 -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -206,13 +2= 06,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)=20 + HashBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) -=20 + (UINTN) HashBase; } =20 Status =3D HashUpdate (HashHandle, HashBase, HashSize); @@ -257,13 +257,= 13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SEC + URITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY + _SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index 6f58729..52804dd 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.c @@ -1837,12 +1837,12 @@ HashPeImage ( // // Use PE32 offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Check= Sum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) -=20 + (UINTN) HashBase; } else { // // Use PE32+ offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.C= heckSum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) -= =20 + (UINTN) HashBase; } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); @@ -= 1859,13 +1859,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataD= irectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENT + RY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + = sizeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.D= ataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN)=20 + (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY + _ENTRY_SECURITY]) - (UINTN) HashBase; } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); @@ -= 1881,13 +1881,13 @@ HashPeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[E= FI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((= UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY= _ENTRY_SECURITY + 1]) - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)=20 + (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENT + RY_SECURITY + 1]) - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirecto= ry[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN= ) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_D= IRECTORY_ENTRY_SECURITY + 1]) - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders -=20 + ((UINTN)=20 + (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY + _ENTRY_SECURITY + 1]) - (UINTN) mImageBase); } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); -- 1.9.5.msysgit.0