From da7c72740f7f7172ffa0e62a512ad291ea0f4f87 Mon Sep 17 00:00:00 2001 From: Feng Tian Date: Tue, 26 Apr 2016 15:16:26 +0800 Subject: [PATCH] MdeModulePkg/NvmExpress: Fix bug of handling not null-terminated strings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In EnumerateNvmeDevNamespace(), when Private->ControllerData->Sn and/or Private->ControllerData->Mn are NOT null-terminated strings, UnicodeSPrintAsciiFormat(…) may generate unexpected (garbage) output string. Cc: Simon (Xiang) Lian-SSI Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian Reviewed-by: Simon (Xiang) Lian-SSI Reviewed-by: Star Zeng --- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c | 8 +++++++- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c | 13 ++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c index 54d637e7d0..49a73c4f91 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpress.c @@ -74,6 +74,8 @@ EnumerateNvmeDevNamespace ( UINT32 Lbads; UINT32 Flbas; UINT32 LbaFmtIdx; + UINT8 Sn[21]; + UINT8 Mn[41]; NewDevicePathNode = NULL; DevicePath = NULL; @@ -265,7 +267,11 @@ EnumerateNvmeDevNamespace ( // // Build controller name for Component Name (2) protocol. // - UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Private->ControllerData->Sn, Private->ControllerData->Mn, NamespaceData->Eui64); + CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn)); + Sn[20] = 0; + CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn)); + Mn[40] = 0; + UnicodeSPrintAsciiFormat (Device->ModelName, sizeof (Device->ModelName), "%a-%a-%x", Sn, Mn, NamespaceData->Eui64); AddUnicodeString2 ( "eng", diff --git a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c index 60b06b45e6..009ad7c43d 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressHci.c @@ -785,7 +785,8 @@ NvmeControllerInit ( NVME_AQA Aqa; NVME_ASQ Asq; NVME_ACQ Acq; - + UINT8 Sn[21]; + UINT8 Mn[41]; // // Save original PCI attributes and enable this controller. // @@ -943,13 +944,15 @@ NvmeControllerInit ( // // Dump NvmExpress Identify Controller Data // - Private->ControllerData->Sn[19] = 0; - Private->ControllerData->Mn[39] = 0; + CopyMem (Sn, Private->ControllerData->Sn, sizeof (Private->ControllerData->Sn)); + Sn[20] = 0; + CopyMem (Mn, Private->ControllerData->Mn, sizeof (Private->ControllerData->Mn)); + Mn[40] = 0; DEBUG ((EFI_D_INFO, " == NVME IDENTIFY CONTROLLER DATA ==\n")); DEBUG ((EFI_D_INFO, " PCI VID : 0x%x\n", Private->ControllerData->Vid)); DEBUG ((EFI_D_INFO, " PCI SSVID : 0x%x\n", Private->ControllerData->Ssvid)); - DEBUG ((EFI_D_INFO, " SN : %a\n", (CHAR8 *)(Private->ControllerData->Sn))); - DEBUG ((EFI_D_INFO, " MN : %a\n", (CHAR8 *)(Private->ControllerData->Mn))); + DEBUG ((EFI_D_INFO, " SN : %a\n", Sn)); + DEBUG ((EFI_D_INFO, " MN : %a\n", Mn)); DEBUG ((EFI_D_INFO, " FR : 0x%x\n", *((UINT64*)Private->ControllerData->Fr))); DEBUG ((EFI_D_INFO, " RAB : 0x%x\n", Private->ControllerData->Rab)); DEBUG ((EFI_D_INFO, " IEEE : 0x%x\n", *(UINT32*)Private->ControllerData->Ieee_oui));