From 1f14fe27a543d3d2bf6e22017d0dbc93b6117c47 Mon Sep 17 00:00:00 2001 From: Savva Mitrofanov Date: Wed, 26 Oct 2022 00:00:46 +0600 Subject: [PATCH] RedfishPkg/BaseUcs2Utf8Lib: Fix out of bounds shift in UTF8ToUCS2Char MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Missing masks leads to shift out of bounds. Also there is no need to construct CHAR16 using cast to CHAR8 buffer, better to use native endian by assigning data directly into Ucs2Char variable Signed-off-by: Savva Mitrofanov Reviewed-by: Marvin Häuser --- .../Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.c b/RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.c index 42839f5139..03356e2446 100644 --- a/RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.c +++ b/RedfishPkg/Library/BaseUcs2Utf8Lib/BaseUcs2Utf8Lib.c @@ -173,14 +173,12 @@ UTF8ToUCS2Char ( ) { UINT8 Utf8Size; - CHAR8 *Ucs2Buffer; CHAR8 TempChar1; CHAR8 TempChar2; CHAR8 TempChar3; ASSERT (Utf8Buffer != NULL && Ucs2Char != NULL); - ZeroMem (Ucs2Char, sizeof (CHAR16)); - Ucs2Buffer = (CHAR8 *)Ucs2Char; + *Ucs2Char = 0; Utf8Size = GetUTF8SizeForUCS2 (Utf8Buffer); switch (Utf8Size) { @@ -194,8 +192,7 @@ UTF8ToUCS2Char ( return EFI_INVALID_PARAMETER; } - *Ucs2Buffer = TempChar1; - *(Ucs2Buffer + 1) = 0; + *Ucs2Char = (CHAR16)TempChar1; break; case 2: @@ -213,8 +210,7 @@ UTF8ToUCS2Char ( return EFI_INVALID_PARAMETER; } - *Ucs2Buffer = (TempChar1 << 6) + (TempChar2 & 0x3F); - *(Ucs2Buffer + 1) = (TempChar1 >> 2) & 0x07; + *Ucs2Char = (TempChar1 & 0x1F) << 6 | (TempChar2 & 0x3F); break; case 3: @@ -237,9 +233,7 @@ UTF8ToUCS2Char ( return EFI_INVALID_PARAMETER; } - *Ucs2Buffer = (TempChar2 << 6) + (TempChar3 & 0x3F); - *(Ucs2Buffer + 1) = (TempChar1 << 4) + ((TempChar2 >> 2) & 0x0F); - + *Ucs2Char = (TempChar1 & 0x0F) << 12 | (TempChar2 & 0x3F) << 6 | (TempChar3 & 0x3F); break; default: