1. Update GetStringWorker() of HiiDataBaseDxe to only search in other language and not update the StringSize to avoid GetString() buffer overflow.

2. Update SetupBrowser to correctly handle ordered list option.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10041 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
lgao4 2010-02-22 06:30:41 +00:00
parent 1a395747fd
commit b86b413a96
3 changed files with 27 additions and 4 deletions

View File

@ -599,7 +599,7 @@ GetStringWorker (
IN HII_STRING_PACKAGE_INSTANCE *StringPackage, IN HII_STRING_PACKAGE_INSTANCE *StringPackage,
IN EFI_STRING_ID StringId, IN EFI_STRING_ID StringId,
OUT EFI_STRING String, OUT EFI_STRING String,
IN OUT UINTN *StringSize, IN OUT UINTN *StringSize, OPTIONAL
OUT EFI_FONT_INFO **StringFontInfo OPTIONAL OUT EFI_FONT_INFO **StringFontInfo OPTIONAL
) )
{ {
@ -610,7 +610,7 @@ GetStringWorker (
EFI_STATUS Status; EFI_STATUS Status;
UINT8 FontId; UINT8 FontId;
ASSERT (StringPackage != NULL && StringSize != NULL); ASSERT (StringPackage != NULL);
ASSERT (Private != NULL && Private->Signature == HII_DATABASE_PRIVATE_DATA_SIGNATURE); ASSERT (Private != NULL && Private->Signature == HII_DATABASE_PRIVATE_DATA_SIGNATURE);
// //
@ -629,6 +629,13 @@ GetStringWorker (
return Status; return Status;
} }
if (StringSize == NULL) {
//
// String text buffer is not requested
//
return EFI_SUCCESS;
}
// //
// Get the string text. // Get the string text.
// //
@ -1471,7 +1478,7 @@ HiiGetString (
Link = Link->ForwardLink Link = Link->ForwardLink
) { ) {
StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry, HII_STRING_PACKAGE_SIGNATURE); StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry, HII_STRING_PACKAGE_SIGNATURE);
Status = GetStringWorker (Private, StringPackage, StringId, String, StringSize, StringFontInfo); Status = GetStringWorker (Private, StringPackage, StringId, NULL, NULL, NULL);
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
return EFI_INVALID_LANGUAGE; return EFI_INVALID_LANGUAGE;
} }

View File

@ -590,6 +590,9 @@ DestroyStatement (
if (Statement->BlockName != NULL) { if (Statement->BlockName != NULL) {
FreePool (Statement->BlockName); FreePool (Statement->BlockName);
} }
if (Statement->BufferValue != NULL) {
FreePool (Statement->BufferValue);
}
} }
@ -1352,6 +1355,7 @@ ParseOpCodes (
CurrentStatement->MaxContainers = ((EFI_IFR_ORDERED_LIST *) OpCodeData)->MaxContainers; CurrentStatement->MaxContainers = ((EFI_IFR_ORDERED_LIST *) OpCodeData)->MaxContainers;
CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BUFFER; CurrentStatement->HiiValue.Type = EFI_IFR_TYPE_BUFFER;
CurrentStatement->BufferValue = NULL;
if (Scope != 0) { if (Scope != 0) {
SuppressForOption = TRUE; SuppressForOption = TRUE;

View File

@ -2,7 +2,7 @@
Implementation for handling the User Interface option processing. Implementation for handling the User Interface option processing.
Copyright (c) 2004 - 2009, Intel Corporation Copyright (c) 2004 - 2010, Intel Corporation
All rights reserved. This program and the accompanying materials All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -421,6 +421,12 @@ ProcessOptions (
switch (Question->Operand) { switch (Question->Operand) {
case EFI_IFR_ORDERED_LIST_OP: case EFI_IFR_ORDERED_LIST_OP:
//
// Check whether there are Options of this OrderedList
//
if (IsListEmpty (&Question->OptionListHead)) {
break;
}
// //
// Initialize Option value array // Initialize Option value array
// //
@ -508,6 +514,12 @@ ProcessOptions (
break; break;
case EFI_IFR_ONE_OF_OP: case EFI_IFR_ONE_OF_OP:
//
// Check whether there are Options of this OneOf
//
if (IsListEmpty (&Question->OptionListHead)) {
break;
}
if (Selected) { if (Selected) {
// //
// Go ask for input // Go ask for input