tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/Core: Fix potential array overflow 

In the method DumpGuardedMemoryBitmap() and SetAllGuardPages(), the code
didn't check if the global mMapLevel is legal value or not, which leaves
a logic hole causing potential array overflow in code followed.

This patch adds sanity check before any array reference in those methods.

Cc: Wu Hao <hao.a.wu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Wu Hao <hao.a.wu@intel.com>
This commit is contained in:
Jian J Wang 2017-11-23 08:56:46 +08:00 committed by Hao Wu
parent 938d2456fc
commit c6c501654e
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
View File

@ -1110,7 +1110,9 @@ DumpGuardedMemoryBitmap (
CHAR8 *Ruler1;
CHAR8 *Ruler2;
if (mGuardedMemoryMap == 0) {
if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return;
}

8
MdeModulePkg/Core/PiSmmCore/HeapGuard.c
View File

@ -1170,7 +1170,9 @@ SetAllGuardPages (
UINTN Index;
BOOLEAN OnGuarding;
if (mGuardedMemoryMap == 0) {
if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return;
}
@ -1329,7 +1331,9 @@ DumpGuardedMemoryBitmap (
CHAR8 *Ruler1;
CHAR8 *Ruler2;
if (mGuardedMemoryMap == 0) {
if (mGuardedMemoryMap == 0 ||
mMapLevel == 0 ||
mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
return;
}