tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg DxeCore: Address boundary check for Type AllocateAddress 

Check for Type AllocateAddress,
if NumberOfPages is 0 or
if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or
if (Start + NumberOfBytes) rolls over 0 or
if Start is above MAX_ADDRESS or
if End is above MAX_ADDRESS,
return EFI_NOT_FOUND.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Star Zeng 2016-03-18 09:52:44 +08:00
parent f0459afe91
commit c2a07a10b1
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
MdeModulePkg/Core/Dxe/Mem/Page.c
View File

@ -1201,6 +1201,8 @@ CoreInternalAllocatePages (
{
EFI_STATUS Status;
UINT64 Start;
UINT64 NumberOfBytes;
UINT64 End;
UINT64 MaxAddress;
UINTN Alignment;
@ -1246,6 +1248,30 @@ CoreInternalAllocatePages (
//
MaxAddress = MAX_ADDRESS;
//
// Check for Type AllocateAddress,
// if NumberOfPages is 0 or
// if (NumberOfPages << EFI_PAGE_SHIFT) is above MAX_ADDRESS or
// if (Start + NumberOfBytes) rolls over 0 or
// if Start is above MAX_ADDRESS or
// if End is above MAX_ADDRESS,
// return EFI_NOT_FOUND.
//
if (Type == AllocateAddress) {
if ((NumberOfPages == 0) ||
(NumberOfPages > RShiftU64 (MaxAddress, EFI_PAGE_SHIFT))) {
return EFI_NOT_FOUND;
}
NumberOfBytes = LShiftU64 (NumberOfPages, EFI_PAGE_SHIFT);
End = Start + NumberOfBytes - 1;
if ((Start >= End) ||
(Start > MaxAddress) ||
(End > MaxAddress)) {
return EFI_NOT_FOUND;
}
}
if (Type == AllocateMaxAddress) {
MaxAddress = Start;
}