mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-24 22:24:37 +02:00
BaseTools/VfrCompile: Fix memory issues
Using GCC 13.3.0 discovers an out of bounds memory access in VfrCompile when building DriverSampleDxe. This is also discoverable with ASan. The issue here is that EFI_IFR_TYPE_VALUE is a flexible type and when passed by value for string types only the header part is accessible. Assuming the remainder is zero seems to be ok as gZeroEfiIfrTypeValue is used as a variable source. This change also fixes a warning for new[]/delete[] mismatch discovered by ASan. Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
This commit is contained in:
parent
9e8d89ff38
commit
0e5812812d
@ -80,6 +80,12 @@ SConfigInfo::SConfigInfo (
|
||||
return;
|
||||
}
|
||||
|
||||
memset (mValue, 0, mWidth);
|
||||
|
||||
if (mWidth > sizeof(EFI_IFR_TYPE_VALUE)) {
|
||||
mWidth = sizeof(EFI_IFR_TYPE_VALUE);
|
||||
}
|
||||
|
||||
switch (Type) {
|
||||
case EFI_IFR_TYPE_NUM_SIZE_8 :
|
||||
memcpy (mValue, &Value.u8, mWidth);
|
||||
@ -2380,7 +2386,7 @@ CVfrDefaultStore::ReRegisterDefaultStoreById (
|
||||
}
|
||||
|
||||
if (RefName != NULL) {
|
||||
delete pNode->mRefName;
|
||||
delete [] pNode->mRefName;
|
||||
pNode->mRefName = new CHAR8[strlen (RefName) + 1];
|
||||
if (pNode->mRefName != NULL) {
|
||||
strcpy (pNode->mRefName, RefName);
|
||||
|
Loading…
x
Reference in New Issue
Block a user