diff options
| author | Star Zeng <star.zeng@intel.com> | 2014-12-17 00:39:51 +0000 |
|---|---|---|
| committer | lzeng14 <lzeng14@Edk2> | 2014-12-17 00:39:51 +0000 |
| commit | fd8a2eb062678ea4f286974137bb2aec259e7321 (patch) | |
| tree | 309e9a15237e8b6b9226875589c605f362f828a0 | |
| parent | 2c23ddaa00e68f63b1934cd864790a5aff04ad74 (diff) | |
| download | edk2-fd8a2eb062678ea4f286974137bb2aec259e7321.tar.gz edk2-fd8a2eb062678ea4f286974137bb2aec259e7321.tar.bz2 edk2-fd8a2eb062678ea4f286974137bb2aec259e7321.zip | |
MdeModulePkg DxeCore: Fix potential FV overflow of 4GB boundary on a 32-bit systems.
The traversing of a Memory Mapped FV can overflow the 4GB limit on a 32bit system
during the setting up a Linked List of FFS file inside the FV.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16527 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | MdeModulePkg/Core/Dxe/FwVol/FwVol.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c index f4a6179188..0ca765d691 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c @@ -482,7 +482,7 @@ FvCheck ( FfsHeader = (EFI_FFS_FILE_HEADER *) (FvDevice->CachedFv);
}
TopFvAddress = FvDevice->EndOfCachedFv;
- while ((UINT8 *) FfsHeader < TopFvAddress) {
+ while (((UINTN) FfsHeader >= (UINTN) FvDevice->CachedFv) && ((UINTN) FfsHeader <= (UINTN) ((UINTN) TopFvAddress - sizeof (EFI_FFS_FILE_HEADER)))) {
if (FileCached) {
CoreFreePool (CacheFfsHeader);
|