tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 15:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

BaseTools/VfrCompile: Fix memory issues

Browse Source 
Using GCC 13.3.0 discovers an out of bounds memory access in VfrCompile
when building DriverSampleDxe. This is also discoverable with ASan.
The issue here is that EFI_IFR_TYPE_VALUE is a flexible type and
when passed by value for string types only the header part is accessible.
Assuming the remainder is zero seems to be ok as gZeroEfiIfrTypeValue
is used as a variable source.

This change also fixes a warning for new[]/delete[] mismatch
discovered by ASan.

Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
This commit is contained in:
Vitaly Cheptsov 2025-04-28 18:09:39 +03:00 committed by Vitaly Cheptsov
parent 9e8d89ff38
commit 0e5812812d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
View File

@ -80,6 +80,12 @@ SConfigInfo::SConfigInfo (
return; return;
} }
memset (mValue, 0, mWidth);
if (mWidth > sizeof(EFI_IFR_TYPE_VALUE)) {
mWidth = sizeof(EFI_IFR_TYPE_VALUE);
}
switch (Type) { switch (Type) {
case EFI_IFR_TYPE_NUM_SIZE_8 : case EFI_IFR_TYPE_NUM_SIZE_8 :
memcpy (mValue, &Value.u8, mWidth); memcpy (mValue, &Value.u8, mWidth);
@ -2380,7 +2386,7 @@ CVfrDefaultStore::ReRegisterDefaultStoreById (
} }
if (RefName != NULL) { if (RefName != NULL) {
delete pNode->mRefName; delete [] pNode->mRefName;
pNode->mRefName = new CHAR8[strlen (RefName) + 1]; pNode->mRefName = new CHAR8[strlen (RefName) + 1];
if (pNode->mRefName != NULL) { if (pNode->mRefName != NULL) {
strcpy (pNode->mRefName, RefName); strcpy (pNode->mRefName, RefName);