1. Use the max string size to compare password string.

2. Check whether the local variable is valid as the array index.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10473 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c

@@ -187,7 +187,7 @@ ValidatePassword (
   ASSERT (EncodedPassword != NULL);
   StrnCpy (EncodedPassword, Password, StrLen (Password));
   EncodePassword (EncodedPassword, StrLen (EncodedPassword) * sizeof (CHAR16));
-  if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, StrLen (EncodedPassword) * sizeof (CHAR16)) != 0) {
+  if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, PasswordMaxSize) != 0) {
     //
     // Old password mismatch, return EFI_NOT_READY to prompt for error message
     //
@@ -355,7 +355,7 @@ LoadNameValueNames (
 
   @retval EFI_SUCCESS            The Results is filled with the requested values.
   @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.
-  @retval EFI_INVALID_PARAMETER  Request is NULL, illegal syntax, or unknown name.
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.
   @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this
                                  driver.
 

MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c

@@ -661,7 +661,7 @@ UpdateBindingDriverSelectPage (
   // Switch the item callback key value to its NO. in mDevicePathHandleBuffer
   //
   mSelectedCtrIndex = KeyValue - KEY_VALUE_DEVICE_OFFSET;
-  ASSERT (mSelectedCtrIndex < MAX_CHOICE_NUM);
+  ASSERT (mSelectedCtrIndex >= 0 && mSelectedCtrIndex < MAX_CHOICE_NUM);
 
   mLastSavedDriverImageNum = 0;
 
@@ -1145,7 +1145,7 @@ CommintChanges (
 
   @retval EFI_SUCCESS            The Results is filled with the requested values.
   @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.
-  @retval EFI_INVALID_PARAMETER  Request is NULL, illegal syntax, or unknown name.
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.
   @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this driver.
 
 **/

MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c

@@ -464,16 +464,20 @@ TheKey2:
             }
 
             if (MenuOption->Sequence == 0) {
+              ASSERT (EraseLen >= 2);
               FormattedNumber[EraseLen - 2] = DATE_SEPARATOR;
             } else if (MenuOption->Sequence == 1) {
+              ASSERT (EraseLen >= 1);
               FormattedNumber[EraseLen - 1] = DATE_SEPARATOR;
             }
           } else if (Question->Operand == EFI_IFR_TIME_OP) {
             UnicodeSPrint (FormattedNumber, 21 * sizeof (CHAR16), L"%02d", (UINT8) EditValue);
 
             if (MenuOption->Sequence == 0) {
+              ASSERT (EraseLen >= 2);
               FormattedNumber[EraseLen - 2] = TIME_SEPARATOR;
             } else if (MenuOption->Sequence == 1) {
+              ASSERT (EraseLen >= 1);
               FormattedNumber[EraseLen - 1] = TIME_SEPARATOR;
             }
           } else {