Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.

Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14044 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-10 03:01:16 +00:00 · 2013-01-10 03:01:16 +00:00 · fda93fc449
parent 724f26a9d0
commit fda93fc449
1 changed files with 4 additions and 3 deletions
--- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting (
  UINT16                       Offset;
  UINT16                       Width;
  UINT64                       VarValue;
-  UINT64                       TmpValue;
+  EFI_IFR_TYPE_VALUE           TmpValue;
  LIST_ENTRY                   *Link;
  UINT8                        *VarBuffer;
  UINTN                        MaxBufferSize;
@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting (
            //
            // Check current value is the value of one of option.
            //
-            TmpValue = 0;
+            ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);
+            ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));
            CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));
-            if (VarValue == TmpValue) {
+            if (VarValue == TmpValue.u64) {
              //
              // The value is one of option value.
              // Set OpCode to Zero, don't need check again.