From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255])
 by mx.groups.io with SMTP id smtpd.web09.6653.1627545664023656215
 for <devel@edk2.groups.io>;
 Thu, 29 Jul 2021 01:01:04 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: huawei.com, ip: 45.249.212.255, mailfrom: xiewenyi2@huawei.com)
Received: from dggemv711-chm.china.huawei.com (unknown [172.30.72.55])
	by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4Gb2r75GNXz1CQ3Y;
	Thu, 29 Jul 2021 15:55:03 +0800 (CST)
Received: from dggpemm000003.china.huawei.com (7.185.36.128) by
 dggemv711-chm.china.huawei.com (10.1.198.66) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2176.2; Thu, 29 Jul 2021 16:01:00 +0800
Received: from [10.174.253.58] (10.174.253.58) by
 dggpemm000003.china.huawei.com (7.185.36.128) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2176.2; Thu, 29 Jul 2021 16:01:00 +0800
Subject: Re: [PATCH EDK2 v2 1/1] SecurityPkg/FvReportPei: remove redundant sizeof
To: <devel@edk2.groups.io>, <jian.j.wang@intel.com>, <hao.a.wu@intel.com>
CC: <songdongkuang@huawei.com>, Jiewen Yao <jiewen.yao@intel.com>, "Laszlo
 Ersek" <lersek@redhat.com>
References: <1627544728-82453-1-git-send-email-xiewenyi2@huawei.com>
 <1627544728-82453-2-git-send-email-xiewenyi2@huawei.com>
From: "wenyi,xie" <xiewenyi2@huawei.com>
Message-ID: <b7870266-1911-5070-8910-e7dd30442a75@huawei.com>
Date: Thu, 29 Jul 2021 16:00:55 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.0.1
MIME-Version: 1.0
In-Reply-To: <1627544728-82453-2-git-send-email-xiewenyi2@huawei.com>
X-Originating-IP: [10.174.253.58]
X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To
 dggpemm000003.china.huawei.com (7.185.36.128)
X-CFilter-Loop: Reflected
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

Execuse me, I made a mistake and sent the wrong patch. Please ignore it.

Thanks
Wenyi

On 2021/7/29 15:45, Wenyi Xie wrote:
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D3333
>=20
> In function InstallPreHashFvPpi, when calculating the size
> of struct HASH_INFO=EF=BC=8Csizeof is used twice. This bug does
> not lead to buffer overflow, "sizeof (HASH_INFO)" is 4,
> whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8.
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  SecurityPkg/FvReportPei/FvReportPei.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvRepo=
rtPei/FvReportPei.c
> index d709760ea3ce..e82413e090c0 100644
> --- a/SecurityPkg/FvReportPei/FvReportPei.c
> +++ b/SecurityPkg/FvReportPei/FvReportPei.c
> @@ -67,7 +67,7 @@ InstallPreHashFvPpi (
>    HASH_INFO                                         *HashInfo;
> =20
>    PpiSize =3D sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI)
> -            + sizeof (sizeof (HASH_INFO))
> +            + sizeof (HASH_INFO)
>              + HashSize;
> =20
>    PreHashedFvPpi =3D AllocatePool (PpiSize);
>=20