From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=fZPEL+lN; spf=pass (domain: arm.com, ip: 40.107.7.81, mailfrom: krzysztof.koch@arm.com) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.81]) by groups.io with SMTP; Mon, 05 Aug 2019 01:21:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cvArxIoipXozTdN1ihy4Fq4FqCPirQFoLfw423Hk6Uw=; b=fZPEL+lNP6JaC5BN+6WUs+7suIcYv+CTEs206a9eVBQ9vVHaGtzqtZ4eEnzvAKiugr5lFqQ/W2VjTz13w2YXXa8fWh+Q9334Yrt3OeecXaNpSfrVJlojisAG3Jv3ETmvhDrogEC618evvOGbCHGLO5Jivj21DUKKwTH//aElnkE= Received: from DB6PR0801CA0058.eurprd08.prod.outlook.com (2603:10a6:4:2b::26) by AM6PR08MB4952.eurprd08.prod.outlook.com (2603:10a6:20b:e1::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.17; Mon, 5 Aug 2019 08:21:18 +0000 Received: from AM5EUR03FT054.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::202) by DB6PR0801CA0058.outlook.office365.com (2603:10a6:4:2b::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2136.13 via Frontend Transport; Mon, 5 Aug 2019 08:21:18 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT054.mail.protection.outlook.com (10.152.16.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Mon, 5 Aug 2019 08:21:16 +0000 Received: ("Tessian outbound 40a263b748b4:v26"); Mon, 05 Aug 2019 08:21:15 +0000 X-CR-MTA-TID: 64aa7808 Received: from 87674ec98c06.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.6.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2C3B3BA2-951E-4276-8BA8-090F20C074A4.1; Mon, 05 Aug 2019 08:21:10 +0000 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02lp2057.outbound.protection.outlook.com [104.47.6.57]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 87674ec98c06.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 05 Aug 2019 08:21:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gJiYMuBAtpKPX6tWJ9y7Ibokypny4N0u8VVovq8S/i9jYkgzNcBp5qZ8hnkI05G4onOkhXoesNZq/+r+iUc/KUdnWF+Hng9jdZKmtqqVb1mXhakQyDEwhLDwiAPW44TScqDLNGR04sjuwJQw7l60wBc6FU6VAaHchjb8n+5ebsZh3MrmpiHWfa//91TwAEOH671TvK9bvF/GiMX31a110fqwvC8fPhT6I08MFF/fQHQfwl+b0A+Q12bR8sgJ3c1cL1EGZskKPFEHY8pQnWkXEdlQbyPSrLv26CBDXDkkUc4vV/f0mKoNRfHh2f7fyuIBGCdecebk96NHHfc+a0keIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cvArxIoipXozTdN1ihy4Fq4FqCPirQFoLfw423Hk6Uw=; b=ldfw792CREUhXIh3CA07mrsoW5Qahl74fCyQvvQGcEqJue1od1VyWdotd1uBgejtuLbbqUWsr1fMgaIHvhMj8/rEsaxJl7NUDKdhNcHFvL5BZ37peDwEovA0BnFMBWodg723cKatDG0kdc6OkLI1aqa85LWYaZVobxLQbcztjtcRn14EbfBgsOVNj8P+KZZO6gyZVuqi7dG46G47KFlTTiXW6Dfe0+Kd7mLrN92KN1rAUlyFpXqgNsqhoO2RGNRlxQPO/RegWp8UdMsn0+L2NLq1icZpu2rbaohX4en9t3q9VgTvhNr/UMkI03tMTeRC2dgQujxrWx1AjxT017a3iQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cvArxIoipXozTdN1ihy4Fq4FqCPirQFoLfw423Hk6Uw=; b=fZPEL+lNP6JaC5BN+6WUs+7suIcYv+CTEs206a9eVBQ9vVHaGtzqtZ4eEnzvAKiugr5lFqQ/W2VjTz13w2YXXa8fWh+Q9334Yrt3OeecXaNpSfrVJlojisAG3Jv3ETmvhDrogEC618evvOGbCHGLO5Jivj21DUKKwTH//aElnkE= Received: from VE1PR08MB4783.eurprd08.prod.outlook.com (10.255.114.16) by VE1PR08MB4702.eurprd08.prod.outlook.com (10.255.114.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.15; Mon, 5 Aug 2019 08:21:07 +0000 Received: from VE1PR08MB4783.eurprd08.prod.outlook.com ([fe80::f4e3:f22c:4d38:a698]) by VE1PR08MB4783.eurprd08.prod.outlook.com ([fe80::f4e3:f22c:4d38:a698%7]) with mapi id 15.20.2136.018; Mon, 5 Aug 2019 08:21:07 +0000 From: "Krzysztof Koch" To: "Gao, Zhichao" , "devel@edk2.groups.io" CC: "Carsey, Jaben" , "Ni, Ray" , Sami Mujawar , Matteo Carlini , nd Subject: Re: [PATCH v1 1/6] ShellPkg: acpiview: DBG2: Prevent buffer overruns Thread-Topic: [PATCH v1 1/6] ShellPkg: acpiview: DBG2: Prevent buffer overruns Thread-Index: AQHVS1nIILzUpR0jg0qeVieikZWPi6bsLD4A Date: Mon, 5 Aug 2019 08:21:07 +0000 Message-ID: References: <20190801084407.48712-1-krzysztof.koch@arm.com> <20190801084407.48712-2-krzysztof.koch@arm.com> <3CE959C139B4C44DBEA1810E3AA6F9000B81EA99@SHSMSX101.ccr.corp.intel.com> In-Reply-To: <3CE959C139B4C44DBEA1810E3AA6F9000B81EA99@SHSMSX101.ccr.corp.intel.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 4cbd87be-590f-4290-838e-aa2becad03b6.1 x-checkrecipientchecked: true Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; x-originating-ip: [217.140.106.50] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: 3dab09b2-7def-4554-5edf-08d7197de327 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:VE1PR08MB4702; X-MS-TrafficTypeDiagnostic: VE1PR08MB4702:|AM6PR08MB4952: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:913;OLM:913; x-forefront-prvs: 01208B1E18 X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(396003)(376002)(366004)(136003)(39860400002)(346002)(199004)(189003)(13464003)(9686003)(68736007)(53936002)(446003)(11346002)(99286004)(6436002)(186003)(4326008)(55016002)(25786009)(486006)(476003)(54906003)(110136005)(316002)(7696005)(102836004)(5660300002)(52536014)(66066001)(71190400001)(71200400001)(14444005)(256004)(86362001)(26005)(478600001)(14454004)(74316002)(76176011)(66446008)(2906002)(45080400002)(64756008)(6116002)(229853002)(3846002)(66946007)(66476007)(66556008)(76116006)(2501003)(8936002)(6246003)(33656002)(7736002)(6506007)(8676002)(81156014)(81166006)(53546011)(305945005);DIR:OUT;SFP:1101;SCL:1;SRVR:VE1PR08MB4702;H:VE1PR08MB4783.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: zmoWuAZURRS4c2kWb3H3C8Ujp9Ej//GBheACvCy3UOA+1M4U5m//nWWZ1H96J7lA+DiKzxZcZWLg9B1KwfHmJxFzYmrRXaOns6smrEOdEd1L3QuacdOxho4CUYxRL97Ye8tOxetAfvjCSeB71yksheITreKrq+wvaIgxJChiIsEtwjT3Wns2JtsAYcQ81DnIhZOJzRO6UQCCfZwTOK0+bioM8rmOEQrg0lnlAeQOuETBniN8Ne1DvYy7+SvqMXWPQNn6AJv4uA5xaoBgpmE+pgh5u+XYSYVBR525LL+E+sWGDkLMlzkc54u5LnHTnRGEtGVXoAtenEMaHSG704B9BSvSN3Q0CKWL+m9vLx+y0D6a2kpZQY2sHZ12E8K/LSzWXNOMH40IAKkDh+JT/rtHdnMLkaZPD/+Tan3RjOu1obk= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4702 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; Return-Path: Krzysztof.Koch@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT054.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(376002)(346002)(136003)(396003)(2980300002)(13464003)(199004)(189003)(6246003)(6506007)(33656002)(53546011)(23726003)(97756001)(46406003)(52536014)(2906002)(478600001)(45080400002)(102836004)(50466002)(30864003)(81166006)(8746002)(8936002)(81156014)(5660300002)(14454004)(25786009)(305945005)(7736002)(86362001)(4326008)(74316002)(8676002)(14444005)(6116002)(3846002)(99286004)(70206006)(70586007)(186003)(54906003)(110136005)(356004)(316002)(22756006)(9686003)(63370400001)(2501003)(7696005)(11346002)(446003)(476003)(486006)(76176011)(63350400001)(55016002)(126002)(26005)(47776003)(66066001)(36906005)(336012)(229853002);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR08MB4952;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 8a362b62-d121-4617-701a-08d7197ddd9b X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:AM6PR08MB4952; NoDisclaimer: True X-Forefront-PRVS: 01208B1E18 X-Microsoft-Antispam-Message-Info: +EnSYQH+ISHnN6xe7Uox0dZ2MlxddxkGxH2M0I8ZAHAUjxLS+sjYyOKQtXY7vxAAfK0T+TMTUCyXNQ3RhEQWGQluHfTGIWpTZwcyZVGybcLP8y0rxiceLtyzFDmpg/bxln6fQZyoRwLu7PColLwVCb2iE/+qS/Vk4L9FnHhxJxwCAqClf3tIl+OMdptyHd6lwBQgjFP6ZGowgro9RbHuB0dxGC3Rg3pyTm4lFdUfqQAksVn5boNVyjXUBeq3Kn8Rz71Ss6klUjdTVh52KfoMBkaqxu8w8jALa0pZN9nJmMHwDzjLS83f+GpvmoMCpCoidFpCXXQhDDY/fzjX7pwEU5us0wYQCZ/xr1Tq3kM94W/yDR0VTSnZ1bomhxLDUNeOxdVJQBf+bIWFnsS+uG8IExac8iZCFPflvYYC1M5k/2M= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2019 08:21:16.7938 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3dab09b2-7def-4554-5edf-08d7197de327 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4952 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Zhichao, The reason why processing of the Debug Device Information Structure is spli= t into: 1. loading the header 2. dumping the entire structure Is because we want to let the users control how much of the structure is du= mped. This is important for backward compatibility of the acpiview tool wit= h the ACPI specification (and other specs). New ACPI table fields are appended at the end of structures/tables. If, for= example, we are asked to parse an old version of Debug Device Information = Structure, the 'Length' field will tell us to ignore some of the newly adde= d fields. These fields do not make sense in the context of an old version o= f the corresponding spec. The following code in Dbg2Parser.c: // Make sure the Debug Device Information structure lies inside the tab= le. if ((Offset + *DbgDevInfoLen) > AcpiTableLength) { IncrementErrorCount (); Print ( L"ERROR: Invalid Debug Device Information structure length. " \ L"DbgDevInfoLen =3D %d. RemainingTableBufferLength =3D %d. " \ L"DBG2 parsing aborted.\n", *DbgDevInfoLen, AcpiTableLength - Offset ); return; } Makes sure that the user-provided structure length won't result in a buffer= overrun with respect to the DBG2 table buffer. This way we allow users to = specify how much of the structure they want to parse while still preventing= buffer overruns. In short, I'm not sure if getting rid of DbgDevInfoHeaderParser would work = as you assume that the remaining table buffer length should be passed to Pa= rseAcpi() as an argument, not the length of the Debug Device Information St= ructure. What do you think? Kind regards, Krzysztof -----Original Message----- From: Gao, Zhichao =20 Sent: Monday, August 5, 2019 7:48 To: Krzysztof Koch ; devel@edk2.groups.io Cc: Carsey, Jaben ; Ni, Ray ; Sam= i Mujawar ; Matteo Carlini ; = nd Subject: RE: [PATCH v1 1/6] ShellPkg: acpiview: DBG2: Prevent buffer overru= ns About DbgDevInfoHeaderParser and DbgDevInfoParser. This patch would parse same DbgDevInfo twice, one for getting length, the o= ther for dumping structure info. How about the following? Add one parameter for DumpDbgDeviceInfo STATIC VOID EFIAPI DumpDbgDeviceInfo ( IN UINT8* Ptr, OUT UINT32* Length ) =3D=3D> STATIC VOID EFIAPI DumpDbgDeviceInfo ( IN UINT8* Ptr, IN UINT32* Length // remain length of acpi struct to parse to make sur= e all operation is in a valid scope OUT UINT16* DbgDevInfoLength // return pointer dbgdevinfo length ) Then we would not need an anditional DbgDevInfoHeaderParser and the header = would be parsed for only once. Any better comments, please let me know. Thanks, Zhichao > -----Original Message----- > From: Krzysztof Koch [mailto:krzysztof.koch@arm.com] > Sent: Thursday, August 1, 2019 4:44 PM > To: devel@edk2.groups.io > Cc: Carsey, Jaben ; Ni, Ray=20 > ; Gao, Zhichao ;=20 > Sami.Mujawar@arm.com; Matteo.Carlini@arm.com; nd@arm.com > Subject: [PATCH v1 1/6] ShellPkg: acpiview: DBG2: Prevent buffer=20 > overruns >=20 > Modify the DBG2 table parsing logic to prevent reading past the ACPI=20 > buffer lengths provided. >=20 > Modify the signature of the DumpDbgDeviceInfo() function to make it=20 > consistent with the ACPI structure processing functions in other=20 > acpiview parsers. Now, the length of the Debug Device Information=20 > Structure is read before the entire structure is dumped. >=20 > This refactoring change makes it easier to stop reading beyond the > DBG2 table buffer if the Debug Device Information Structure Buffer=20 > does not fit in the DBG2 buffer. >=20 > For processing the first two fields of the Debug Device Information=20 > Structure (to get the length) a new ACPI_PARSER array is defined. >=20 > References: > - Microsoft Debug Port Table 2 (DBG2), December 10, 2015 >=20 > Signed-off-by: Krzysztof Koch > --- >=20 > Notes: > v1: > - Prevent buffer overruns in DBG2 acpiview parser [Krzysztof] >=20 >=20 > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c > | 141 +++++++++++++------- > 1 file changed, 92 insertions(+), 49 deletions(-) >=20 > diff --git > a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parse > r.c > b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parse > r.c > index > c6929695a1032c57761ef85002d6c51b7800ce23..869e700b9beda4886bf7bc5ae > 4ced3ab9a59efa3 100644 > --- > a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parse > r.c > +++ > b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Pars > +++ er.c > @@ -64,10 +64,17 @@ STATIC CONST ACPI_PARSER Dbg2Parser[] =3D { > (VOID**)&NumberDbgDeviceInfo, NULL, NULL} }; >=20 > +/// An ACPI_PARSER array describing the debug device information=20 > +structure /// header. > +STATIC CONST ACPI_PARSER DbgDevInfoHeaderParser[] =3D { > + {L"Revision", 1, 0, L"0x%x", NULL, NULL, NULL, NULL}, > + {L"Length", 2, 1, L"%d", NULL, (VOID**)&DbgDevInfoLen, NULL, NULL}=20 > +}; > + > /// An ACPI_PARSER array describing the debug device information. > STATIC CONST ACPI_PARSER DbgDevInfoParser[] =3D { > {L"Revision", 1, 0, L"0x%x", NULL, NULL, NULL, NULL}, > - {L"Length", 2, 1, L"%d", NULL, (VOID**)&DbgDevInfoLen, NULL, NULL}, > + {L"Length", 2, 1, L"%d", NULL, NULL, NULL, NULL}, >=20 > {L"Generic Address Registers Count", 1, 3, L"0x%x", NULL, > (VOID**)&GasCount, NULL, NULL}, > @@ -93,76 +100,91 @@ STATIC CONST ACPI_PARSER DbgDevInfoParser[] =3D { > /** > This function parses the debug device information structure. >=20 > - @param [in] Ptr Pointer to the start of the buffer. > - @param [out] Length Pointer in which the length of the debug > - device information is returned. > + @param [in] Ptr Pointer to the start of the buffer. > + @param [in] Length Length of the debug device information structure. > **/ > STATIC > VOID > EFIAPI > DumpDbgDeviceInfo ( > - IN UINT8* Ptr, > - OUT UINT32* Length > + IN UINT8* Ptr, > + IN UINT16 Length > ) > { > UINT16 Index; > - UINT8* DataPtr; > - UINT32* AddrSize; > - > - // Parse the debug device info to get the Length > - ParseAcpi ( > - FALSE, > - 0, > - "Debug Device Info", > - Ptr, > - 3, // Length is 2 bytes starting at offset 1 > - PARSER_PARAMS (DbgDevInfoParser) > - ); > + UINT16 Offset; >=20 > ParseAcpi ( > TRUE, > 2, > "Debug Device Info", > Ptr, > - *DbgDevInfoLen, > + Length, > PARSER_PARAMS (DbgDevInfoParser) > ); >=20 > - // GAS and Address Size > + // GAS > Index =3D 0; > - DataPtr =3D Ptr + (*BaseAddrRegOffset); > - AddrSize =3D (UINT32*)(Ptr + (*AddrSizeOffset)); > - while (Index < (*GasCount)) { > + Offset =3D *BaseAddrRegOffset; > + while ((Index++ < *GasCount) && > + (Offset < Length)) { > PrintFieldName (4, L"BaseAddressRegister"); > - DumpGasStruct (DataPtr, 4, GAS_LENGTH); > + Offset +=3D (UINT16)DumpGasStruct ( > + Ptr + Offset, > + 4, > + Length - Offset > + ); > + } > + > + // Make sure the array of address sizes corresponding to each GAS=20 > + fit in the // Debug Device Information structure if=20 > + ((*AddrSizeOffset + (*GasCount * sizeof (UINT32))) > Length) { > + IncrementErrorCount (); > + Print ( > + L"ERROR: Invalid GAS count. GasCount =3D %d.=20 > + RemainingBufferLength > =3D %d. " \ > + L"Parsing of the Debug Device Information structure aborted.\n", > + *GasCount, > + Length - *AddrSizeOffset > + ); > + return; > + } > + > + // Address Size > + Index =3D 0; > + Offset =3D *AddrSizeOffset; > + while ((Index++ < *GasCount) && > + (Offset < Length)) { > PrintFieldName (4, L"Address Size"); > - Print (L"0x%x\n", AddrSize[Index]); > - DataPtr +=3D GAS_LENGTH; > - Index++; > + Print (L"0x%x\n", *((UINT32*)(Ptr + Offset))); > + Offset +=3D sizeof (UINT32); > } >=20 > // NameSpace String > Index =3D 0; > - DataPtr =3D Ptr + (*NameSpaceStringOffset); > + Offset =3D *NameSpaceStringOffset; > PrintFieldName (4, L"NameSpace String"); > - while (Index < (*NameSpaceStringLength)) { > - Print (L"%c", DataPtr[Index++]); > + while ((Index++ < *NameSpaceStringLength) && > + (Offset < Length)) { > + Print (L"%c", *(Ptr + Offset)); > + Offset++; > } > Print (L"\n"); >=20 > // OEM Data > - Index =3D 0; > - DataPtr =3D Ptr + (*OEMDataOffset); > - PrintFieldName (4, L"OEM Data"); > - while (Index < (*OEMDataLength)) { > - Print (L"%x ", DataPtr[Index++]); > - if ((Index & 7) =3D=3D 0) { > - Print (L"\n%-*s ", OUTPUT_FIELD_COLUMN_WIDTH, L""); > + if (*OEMDataOffset !=3D 0) { > + Index =3D 0; > + Offset =3D *OEMDataOffset; > + PrintFieldName (4, L"OEM Data"); > + while ((Index++ < *OEMDataLength) && > + (Offset < Length)) { > + Print (L"%x ", *(Ptr + Offset)); > + if ((Index & 7) =3D=3D 0) { > + Print (L"\n%-*s ", OUTPUT_FIELD_COLUMN_WIDTH, L""); > + } > + Offset++; > } > + Print (L"\n"); > } > - Print (L"\n"); > - > - *Length =3D *DbgDevInfoLen; > } >=20 > /** > @@ -187,8 +209,7 @@ ParseAcpiDbg2 ( > ) > { > UINT32 Offset; > - UINT32 DbgDeviceInfoLength; > - UINT8* DevInfoPtr; > + UINT32 Index; >=20 > if (!Trace) { > return; > @@ -202,14 +223,36 @@ ParseAcpiDbg2 ( > AcpiTableLength, > PARSER_PARAMS (Dbg2Parser) > ); > - DevInfoPtr =3D Ptr + Offset; >=20 > - while (Offset < AcpiTableLength) { > - DumpDbgDeviceInfo ( > - DevInfoPtr, > - &DbgDeviceInfoLength > + Offset =3D *OffsetDbgDeviceInfo; > + Index =3D 0; > + > + while (Index++ < *NumberDbgDeviceInfo) { > + > + // Parse the Debug Device Information Structure header to obtain Len= gth > + ParseAcpi ( > + FALSE, > + 0, > + NULL, > + Ptr + Offset, > + AcpiTableLength - Offset, > + PARSER_PARAMS (DbgDevInfoHeaderParser) > ); > - Offset +=3D DbgDeviceInfoLength; > - DevInfoPtr +=3D DbgDeviceInfoLength; > + > + // Make sure the Debug Device Information structure lies inside the = table. > + if ((Offset + *DbgDevInfoLen) > AcpiTableLength) { > + IncrementErrorCount (); > + Print ( > + L"ERROR: Invalid Debug Device Information structure length. " \ > + L"DbgDevInfoLen =3D %d. RemainingTableBufferLength =3D %d. " \ > + L"DBG2 parsing aborted.\n", > + *DbgDevInfoLen, > + AcpiTableLength - Offset > + ); > + return; > + } > + > + DumpDbgDeviceInfo (Ptr + Offset, (*DbgDevInfoLen)); > + Offset +=3D (*DbgDevInfoLen); > } > } > -- > 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' >=20