tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PerformancePkg Dp_App: Resolve buffer size mismatch 

CHAR16 array mGaugeString[DP_GAUGE_STRING_LENGTH + 1] is pass into
function GetShortPdbFileName(). However, in this function it treats the
size of the input buffer as DXE_PERFORMANCE_STRING_SIZE.

Though DXE_PERFORMANCE_STRING_SIZE is smaller than DP_GAUGE_STRING_LENGTH
now, but this manner might introduce a potential risk of buffer overflow.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17746 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Hao Wu 2015-06-30 06:31:28 +00:00 committed by hwu1225
parent ecd58a2511
commit 269e0aebcf
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
PerformancePkg/Dp_App/DpUtilities.c
View File

@ -156,10 +156,10 @@ GetShortPdbFileName (
UINTN StartIndex;
UINTN EndIndex;
ZeroMem (UnicodeBuffer, DXE_PERFORMANCE_STRING_LENGTH * sizeof (CHAR16));
ZeroMem (UnicodeBuffer, (DP_GAUGE_STRING_LENGTH + 1) * sizeof (CHAR16));
if (PdbFileName == NULL) {
StrCpyS (UnicodeBuffer, DXE_PERFORMANCE_STRING_SIZE, L" ");
StrCpyS (UnicodeBuffer, DP_GAUGE_STRING_LENGTH + 1, L" ");
} else {
StartIndex = 0;
for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++)
@ -178,8 +178,8 @@ GetShortPdbFileName (
for (IndexA = StartIndex; IndexA < EndIndex; IndexA++) {
UnicodeBuffer[IndexU] = (CHAR16) PdbFileName[IndexA];
IndexU++;
if (IndexU >= DXE_PERFORMANCE_STRING_LENGTH) {
UnicodeBuffer[DXE_PERFORMANCE_STRING_LENGTH] = 0;
if (IndexU >= DP_GAUGE_STRING_LENGTH) {
UnicodeBuffer[DP_GAUGE_STRING_LENGTH] = 0;
break;
}
}