tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow issue in Consplitter. 

Signed-off-by: Li Elvin <elvin.li@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13857 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
li-elvin 2012-10-17 06:07:27 +00:00
parent 1a6fdcb009
commit 24ee1ccaf8
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitter.c
View File

@ -2109,6 +2109,8 @@ ConSplitterGrowMapTable (
INT32 *OldTextOutModeMap;
INT32 *SrcAddress;
INT32 Index;
UINTN OldStepSize;
UINTN NewStepSize;
NewSize = Private->TextOutListCount * sizeof (INT32);
OldTextOutModeMap = Private->TextOutModeMap;
@ -2146,14 +2148,26 @@ ConSplitterGrowMapTable (
Size = Private->CurrentNumberOfConsoles * sizeof (INT32);
Index = 0;
SrcAddress = OldTextOutModeMap;
NewStepSize = NewSize / sizeof(INT32);
// If Private->CurrentNumberOfConsoles is not zero and OldTextOutModeMap
// is not NULL, it indicates that the original TextOutModeMap is not enough
// for the new console devices and has been enlarged by CONSOLE_SPLITTER_ALLOC_UNIT columns.
//
OldStepSize = NewStepSize - CONSOLE_SPLITTER_ALLOC_UNIT;
//
// Copy the old data to the new one
//
while (Index < Private->TextOutMode.MaxMode) {
CopyMem (TextOutModeMap, SrcAddress, Size);
TextOutModeMap += NewSize;
SrcAddress += Size;
//
// Go to next row of new TextOutModeMap.
//
TextOutModeMap += NewStepSize;
//
// Go to next row of old TextOutModeMap.
//
SrcAddress += OldStepSize;
Index++;
}
//