Ray Ni 89910a39dc MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed (CVE-2018-12181) ... REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135 For 4bit BMP, there are only 2^4 = 16 colors in the palette. But when a corrupted BMP contains more than 16 colors in the palette, today's implementation wrongly copies all colors to the local PaletteValue[16] array which causes stack overflow. The similar issue also exists in the logic to handle 8bit BMP. The patch fixes the issue by only copies the first 16 or 256 colors in the palette depending on the BMP type. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ray Ni <ray.ni@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>		2019-03-08 23:44:59 +08:00
..
Acpi	MdeModulePkg/SmmS3SaveStateDxe: Change function parameter types	2019-02-14 15:38:44 +08:00
BdsDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
BootManagerPolicyDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
CapsulePei	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
CapsuleRuntimeDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
Console	MdeModulePkg: Avoid key notification called more than once	2018-09-14 10:18:31 +08:00
DebugPortDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
DebugSupportDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
DevicePathDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
Disk	MdeModulePkg/RamDiskDxe: Restrict on RAM disk size (CVE-2018-12180)	2019-02-28 08:15:51 +08:00
DisplayEngineDxe	MdeModulePkg/DisplayEngine: Remove useless NULL ptr check for NewPos	2018-11-21 13:01:02 +08:00
DriverHealthManagerDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
DriverSampleDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
EbcDxe	MdeModulePkg/EbcDebugger: Use AsciiCharToUpper and CharToUpper	2019-01-31 20:19:16 +08:00
EsrtDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
EsrtFmpDxe	MdeModulePkg: Remove trailing white space	2018-09-06 09:17:03 +08:00
FaultTolerantWriteDxe	MdeModulePkg: Fix coding style issues	2019-02-02 21:41:38 +08:00
FaultTolerantWritePei	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
FileExplorerDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
FvSimpleFileSystemDxe	MdeModulePkg FvSimpleFileSystemDxe: Fix memory leak in Read function	2018-07-27 08:54:40 +08:00
HiiDatabaseDxe	MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed (CVE-2018-12181)	2019-03-08 23:44:59 +08:00
HiiResourcesSampleDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
LegacyRegion2Dxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
LoadFileOnFv2	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
LockBox/SmmLockBox	MdeModulePkg/SmmLockBox: Update to consume SpeculationBarrier	2018-12-25 09:16:04 +08:00
MemoryTest	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
Metronome	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
MonotonicCounterRuntimeDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
Network	MdeModulePkg/Ip4Dxe: Uninstall protocols when error happen in Driver Binding Start.	2019-02-12 08:25:31 +08:00
PCD	MdeModulePkg PCD: Add DynamicEx PcdVpdBaseAddress64 for non SPI platform	2018-11-27 11:29:21 +08:00
PcatSingleSegmentPciCfg2Pei	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
PlatformDriOverrideDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
PrintDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
RegularExpressionDxe	MdeModulePkg: Remove the trailing space in three source files.	2018-11-02 22:15:52 +08:00
ReportStatusCodeRouter	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
ResetSystemPei	MdeModulePkg: Clean up source files	2018-06-28 11:19:45 +08:00
ResetSystemRuntimeDxe	MdeModulePkg: change the function name ResetSystem	2019-02-22 09:45:43 +08:00
SectionExtractionDxe	MdeModulePkg: Clean up source files	2018-06-28 11:19:45 +08:00
SectionExtractionPei	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
SecurityStubDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
SerialDxe	MdeModulePkg: Clean up source files	2018-06-28 11:19:45 +08:00
SetupBrowserDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
SmbiosDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
SmbiosMeasurementDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
SmmCommunicationBufferDxe	MdeModulePkg: Remove redundant library classes and GUIDs	2018-08-20 14:53:45 +08:00
StatusCodeHandler	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
TimestampDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00
Variable	MdeModulePkg: Remove EmuVariableRuntimeDxe	2019-02-19 17:36:11 +08:00
WatchdogTimerDxe	MdeModulePkg: Removing ipf which is no longer supported from edk2.	2018-09-06 15:25:16 +08:00