mirror of
https://github.com/acidanthera/audk.git
synced 2025-04-07 19:45:07 +02:00
889c7ca1b5
From what I can see this bug dates back to the commit from 2011 where support for this was added: 2cf4b60895f8a The first problem is that PopulateLevel2PageTable overflows the translation table buffer because it doesn't verify that the size actually fits within one level 2 page table. The second problem is that the loop in FillTranslationTable doesn't care about the PhysicalBase or the RemainLength and always substracts one section size from RemainLength. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>