From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web10.1737.1599029689877949380 for ; Tue, 01 Sep 2020 23:54:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=QOMFRlrA; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599029689; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oXohc1kZvDMOegxqaXSUEzvLC4wozl7Fxu6q2WkNblA=; b=QOMFRlrAlB9okxEPpuWydguHP1tMX+C0P/MLOh2v8IZvaMLakf49vYrQDgSa2E44scSzDI xupnKVPIu6lFny9Sk7tg4WiKZsFngY9aRZ89IUnF678JKXUV6aOWQ6lfALtIxew43NiRa3 cQZX+gkQxyCZ1kbzbz//dbqY/F5Q2bg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-96-DTUZJAzdM9eId47IQlo8kg-1; Wed, 02 Sep 2020 02:54:43 -0400 X-MC-Unique: DTUZJAzdM9eId47IQlo8kg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E34AC189E609; Wed, 2 Sep 2020 06:54:41 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-14.ams2.redhat.com [10.36.113.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 928EE19C71; Wed, 2 Sep 2020 06:54:40 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH EDK2 v1 1/1] EmulatorPkg/host: fix overflow in Mult To: ray.ni@intel.com Cc: devel@edk2.groups.io, xiewenyi2@huawei.com, jordan.l.justen@intel.com, afish@apple.com, songdongkuang@huawei.com References: <1598957888-128729-1-git-send-email-xiewenyi2@huawei.com> <1598957888-128729-2-git-send-email-xiewenyi2@huawei.com> From: "Laszlo Ersek" Message-ID: Date: Wed, 2 Sep 2020 08:54:39 +0200 MIME-Version: 1.0 In-Reply-To: <1598957888-128729-2-git-send-email-xiewenyi2@huawei.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Ray, On 09/01/20 12:58, wenyi,xie via groups.io wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2947 > > When calculating memory regions and store the information in the > gSystemMemory in file WinHost.c, the code below will cause overflow, > because _wtoi (MemorySizeStr) return an int value and SIZE_1MB is > also an int value, if MemorySizeStr is lager for example 2048, then > result of multiplication will overflow. > > for (Index = 0, Done = FALSE; !Done; Index++) { > // > // Save the size of the memory and make a Unicode filename SystemMemory00 > // > gSystemMemory[Index].Size = _wtoi (MemorySizeStr) * SIZE_1MB; > > Cc: Jordan Justen > Cc: Andrew Fish > Cc: Ray Ni > Signed-off-by: Wenyi Xie > --- > EmulatorPkg/Win/Host/WinHost.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/EmulatorPkg/Win/Host/WinHost.c b/EmulatorPkg/Win/Host/WinHost.c > index 0838c56ddea8..876cb8d4be8b 100644 > --- a/EmulatorPkg/Win/Host/WinHost.c > +++ b/EmulatorPkg/Win/Host/WinHost.c > @@ -577,7 +577,7 @@ Returns: > // > // Save the size of the memory and make a Unicode filename SystemMemory00, ... > // > - gSystemMemory[Index].Size = _wtoi (MemorySizeStr) * SIZE_1MB; > + gSystemMemory[Index].Size = ((UINT64)_wtoi (MemorySizeStr)) * ((UINT64)SIZE_1MB); > > // > // Find the next region > if you'd like this fix to be in edk2-stable202008, then please approve the patch as soon as you can. Thanks! Laszlo