From 88cbb6be4e68f50673cfaede8814b669957f51c8 Mon Sep 17 00:00:00 2001 From: Ruiyu Ni Date: Wed, 9 Sep 2015 05:43:44 +0000 Subject: [PATCH] MdeModulePkg: Fix a performance data buffer overrun issue The mBmPerfHeader.Count isn't reset to 0 in BmWriteBootToOsPerformanceData() so when the actual performance data entry count exceeds the LimitCount, the performance data collection breaks on condition if (mBmPerfHeader.Count == LimitCount), but 2nd time calling this function will not break on condition if (mBmPerfHeader.Count == LimitCount) because the mBmPerfHeader.Count always bigger than LimitCount, which results buffer overrun. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni Reviewed-by: Star Zeng git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18417 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Library/UefiBootManagerLib/BmPerformance.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmPerformance.c b/MdeModulePkg/Library/UefiBootManagerLib/BmPerformance.c index 7b13ec663c..e45c0bd23a 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmPerformance.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmPerformance.c @@ -185,6 +185,11 @@ BmWriteBootToOsPerformanceData ( // PERF_END(NULL, "BDS", NULL, 0); + // + // Reset the entry count + // + mBmPerfHeader.Count = 0; + // // Retrieve time stamp count as early as possible //