From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web08.8879.1618319807907764097 for ; Tue, 13 Apr 2021 06:16:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JvSAmdbG; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618319807; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TXoNTeAIcgzsRomD3AkNPlnrmiOMU4fyjP6264DiNO8=; b=JvSAmdbGQ/Q/g2hUJSm5M9JCJQYQkX9XLnyC04593hsZIecXyZmeFrEZxiNqcoBy2a9Key 91FsBJL0ToBPq9bePHM6ahH58Uah6kvE7q8ytBcAyHeF3DMrQ0jVkDaQLckf1vnturc8gu wu0ddohc7jatW2eYpMrf/RecygHrRd8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-321-qLxFwbEPP2WeVddGmalIlw-1; Tue, 13 Apr 2021 09:16:43 -0400 X-MC-Unique: qLxFwbEPP2WeVddGmalIlw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 750A4814336; Tue, 13 Apr 2021 13:16:41 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-199.ams2.redhat.com [10.36.115.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D34B5B4B3; Tue, 13 Apr 2021 13:16:39 +0000 (UTC) Subject: Re: [PATCH EDK2 v1 1/1] SecurityPkg/FvReportPei: remove redundant sizeof To: Wenyi Xie , devel@edk2.groups.io, jiewen.yao@intel.com, jian.j.wang@intel.com Cc: songdongkuang@huawei.com References: <1618317217-112644-1-git-send-email-xiewenyi2@huawei.com> <1618317217-112644-2-git-send-email-xiewenyi2@huawei.com> From: "Laszlo Ersek" Message-ID: Date: Tue, 13 Apr 2021 15:16:39 +0200 MIME-Version: 1.0 In-Reply-To: <1618317217-112644-2-git-send-email-xiewenyi2@huawei.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 04/13/21 14:33, Wenyi Xie wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333 > > In function InstallPreHashFvPpi, when calculatuing the size (1) s/calculatuing/calculating/ (2) I suggest remarking, in the commit message, that this bug does not lead to buffer overflow, given that "sizeof (HASH_INFO)" is 4, whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8. > of struct HASH_INFOļ¼Œsizeof is used twice. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Laszlo Ersek > Signed-off-by: Wenyi Xie > --- > SecurityPkg/FvReportPei/FvReportPei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c > index d709760ea3ce..e82413e090c0 100644 > --- a/SecurityPkg/FvReportPei/FvReportPei.c > +++ b/SecurityPkg/FvReportPei/FvReportPei.c > @@ -67,7 +67,7 @@ InstallPreHashFvPpi ( > HASH_INFO *HashInfo; > > PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) > - + sizeof (sizeof (HASH_INFO)) > + + sizeof (HASH_INFO) > + HashSize; > > PreHashedFvPpi = AllocatePool (PpiSize); > >>From my perspective: Reviewed-by: Laszlo Ersek