MdeModulePkg/NvmExpress: Fix bug of handling not null-terminated strings

In EnumerateNvmeDevNamespace(), when Private->ControllerData->Sn and/or Private->ControllerData->Mn are NOT null-terminated strings, UnicodeSPrintAsciiFormat(…) may generate unexpected (garbage) output string. Cc: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com> Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Simon (Xiang) Lian-SSI <simon.lian@ssi.samsung.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-04-26 15:16:26 +08:00 · 2016-04-26 15:16:26 +08:00 · da7c72740f
parent ac231001f5
commit da7c72740f
2 changed files with 15 additions and 6 deletions
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c
@ -74,6 +74,8 @@ EnumerateNvmeDevNamespace (
  UINT32                                Lbads;
  UINT32                                Flbas;
  UINT32                                LbaFmtIdx;
+  UINT8                                 Sn[21];
+  UINT8                                 Mn[41];

  NewDevicePathNode = NULL;
  DevicePath        = NULL;
@ -265,7 +267,11 @@ EnumerateNvmeDevNamespace (
    //
    // Build controller name for Component Name (2) protocol.
    //
-    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Private->ControllerData->Sn, Private->ControllerData->Mn, NamespaceData->Eui64);
+    CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn));
+    Sn[20] = 0;
+    CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn));
+    Mn[40] = 0;
+    UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Sn, Mn, NamespaceData->Eui64);

    AddUnicodeString2 (
      "eng",
--- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c
@ -785,7 +785,8 @@ NvmeControllerInit (
  NVME_AQA                        Aqa;
  NVME_ASQ                        Asq;
  NVME_ACQ                        Acq;
-
+  UINT8                           Sn[21];
+  UINT8                           Mn[41];
  //
  // Save original PCI attributes and enable this controller.
  //
@ -943,13 +944,15 @@ NvmeControllerInit (
  //
  // Dump NvmExpress Identify Controller Data
  //
-  Private->ControllerData->Sn[19] = 0;
-  Private->ControllerData->Mn[39] = 0;
+  CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn));
+  Sn[20] = 0;
+  CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn));
+  Mn[40] = 0;
  DEBUG ((EFI_D_INFO, " == NVME IDENTIFY CONTROLLER DATA ==\n"));
  DEBUG ((EFI_D_INFO, "    PCI VID   : 0x%x\n", Private->ControllerData->Vid));
  DEBUG ((EFI_D_INFO, "    PCI SSVID : 0x%x\n", Private->ControllerData->Ssvid));
-  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   (CHAR8 *)(Private->ControllerData->Sn)));
-  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   (CHAR8 *)(Private->ControllerData->Mn)));
+  DEBUG ((EFI_D_INFO, "    SN        : %a\n",   Sn));
+  DEBUG ((EFI_D_INFO, "    MN        : %a\n",   Mn));
  DEBUG ((EFI_D_INFO, "    FR        : 0x%x\n", *((UINT64*)Private->ControllerData->Fr)));
  DEBUG ((EFI_D_INFO, "    RAB       : 0x%x\n", Private->ControllerData->Rab));
  DEBUG ((EFI_D_INFO, "    IEEE      : 0x%x\n", *(UINT32*)Private->ControllerData->Ieee_oui));