tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/MdeModulePkg/Bus/Usb
History
Ruiyu Ni 4f8b2f9d72 MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1 
UsbBootReadWriteBlocks() and UsbBootReadWriteBlocks16() use a UINT16
local variable to hold the value of
USB_BOOT_MAX_CARRY_SIZE (=0x10000) / BlockSize.
When BlockSize is 1, the UINT16 local variable is set to 0x10000
but the high-16 bits are truncated resulting the final value be 0.

It causes the while-loop in the two functions accesses 0 block in
each loop, resulting the loop never ends.

The patch fixes the two functions to make sure no integer overflow
happens.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Steven Shi <steven.shi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
 		2018-10-17 11:03:55 +08:00
..
UsbBotPei MdeModulePkg: Removing ipf which is no longer supported from edk2. 2018-09-06 15:25:16 +08:00
UsbBusDxe MdeModulePkg: Removing ipf which is no longer supported from edk2. 2018-09-06 15:25:16 +08:00
UsbBusPei MdeModulePkg: Removing ipf which is no longer supported from edk2. 2018-09-06 15:25:16 +08:00
UsbKbDxe MdeModulePkg: Avoid key notification called more than once 2018-09-14 10:18:31 +08:00
UsbMassStorageDxe MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1 2018-10-17 11:03:55 +08:00
UsbMouseAbsolutePointerDxe MdeModulePkg: Removing ipf which is no longer supported from edk2. 2018-09-06 15:25:16 +08:00
UsbMouseDxe MdeModulePkg: Removing ipf which is no longer supported from edk2. 2018-09-06 15:25:16 +08:00