mirror of
https://github.com/acidanthera/audk.git
synced 2025-04-07 19:45:07 +02:00
004b811238
The issue was found when heap guard is turned on.
PrintLib somehow receives a non-null terminated string in var-arg.
When the PrintLib implementation reads the string it keeps
reading because no null-terminator is met, which triggers the page
fault set by the heap guard.
The issue is caused by a bug in FileBufferPrintLine().
When "edit" opens a binary file, in FileBufferPrintLine(),
the Line->Buffer may start with \x00 \x00, but the Line->Size is
larger than MainEditor.ScreenSize.Column, it causes the PrintLine is
set to an empty string by below call:
StrnCpyS (
PrintLine, BufLen/sizeof(CHAR16), Buffer,
MIN(Limit, MainEditor.ScreenSize.Column)
);
But since Limit (equals to Line->Size) is larger than
MainEditor.ScreenSize.Column, below for-loop doesn't successfully
set the whole PrintLine to all-empty-space.
for (; Limit < MainEditor.ScreenSize.Column; Limit++) {
PrintLine[Limit] = L' ';
}
So after the for-loop, PrintLine is still an empty string.
Later in below call, the PrintLine2 is created based on PrintLine.
ShellCopySearchAndReplace (
PrintLine, PrintLine2,
BufLen * 2, L"%", L"^%", FALSE, FALSE
);
But due to the implementation of ShellCopySearchAndReplace(),
PrintLine2 is untouched and INVALID_PARAMETER is returned.
Finally an uninitialized string is passed to ShellPrintEx()
which causes the #PF exception.
The fix is to reset Limit to StrLen(PrintLine) before for-loop.
So that PrintLine can be converted from an empty string to a
string containing all spaces.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Jian Wang <jian.j.wang@intel.com>
EDK II Project
A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.
Contributions to the EDK II open source project are covered by the TianoCore Contribution Agreement 1.1
The majority of the content in the EDK II open source project uses a BSD 2-Clause License. The EDK II open source project contains the following components that are covered by additional licenses:
- AppPkg/Applications/Python/Python-2.7.2/Tools/pybench
- AppPkg/Applications/Python/Python-2.7.2
- AppPkg/Applications/Python/Python-2.7.10
- BaseTools/Source/C/BrotliCompress
- MdeModulePkg/Library/BrotliCustomDecompressLib
- OvmfPkg
- CryptoPkg/Library/OpensslLib/openssl
The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.