BaseTools/C/Common: Add checks for array access

Cc: Liming Gao <liming.gao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-09-27 13:28:33 +08:00 · 2016-09-27 13:28:33 +08:00 · b3520abde8
parent f45b5a7605
commit b3520abde8
2 changed files with 11 additions and 4 deletions
--- a/BaseTools/Source/C/Common/CommonLib.c
+++ b/BaseTools/Source/C/Common/CommonLib.c
@ -1,7 +1,7 @@
 /** @file
 Common basic Library Functions

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@ -652,7 +652,11 @@ Returns:
    //
    // Construct the full file path
    //
-    strcat (mCommonLibFullPath, FileName);
+    if (strlen (mCommonLibFullPath) + strlen (FileName) > MAX_LONG_FILE_PATH - 1) {
+      Error (NULL, 0, 2000, "Invalid parameter", "FileName %s is too long!", FileName);
+      return NULL;
+    }
+    strncat (mCommonLibFullPath, FileName, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
    
    //
    // Convert directory separator '/' to '\\'
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c
@ -2,7 +2,7 @@
 Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano 
 compress algorithm.

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -15,6 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

 #include <stdlib.h>
 #include <string.h>
+#include <assert.h>
 #include "Decompress.h"

 //
@ -240,7 +241,7 @@ Returns:
  for (Char = 0; Char < NumOfChar; Char++) {

    Len = BitLen[Char];
-    if (Len == 0) {
+    if (Len == 0 || Len >= 17) {
      continue;
    }

@ -373,6 +374,8 @@ Returns:
  UINT16  Index;
  UINT32  Mask;

+  assert (nn <= NPT);
+
  Number = (UINT16) GetBits (Sd, nbit);

  if (Number == 0) {