diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2019-04-12 14:03:23 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2019-04-24 17:30:54 +0200 |
| commit | fc76bbd94df7f5a7f1f3939c7e93a113a6d36270 (patch) | |
| tree | 5b5a86292281403a06ad030e37876e04bbdeb26c /BaseTools/Source/Python/AutoGen/GenVar.py | |
| parent | d976f09d99b738d3e0de173e3c77fceb0735cc69 (diff) | |
| download | edk2-fc76bbd94df7f5a7f1f3939c7e93a113a6d36270.tar.gz edk2-fc76bbd94df7f5a7f1f3939c7e93a113a6d36270.tar.bz2 edk2-fc76bbd94df7f5a7f1f3939c7e93a113a6d36270.zip | |
MdePkg/PiFirmwareFile: fix undefined behavior in SECTION_SIZE
RH covscan justifiedly reports that accessing
"EFI_COMMON_SECTION_HEADER.Size", which is of type UINT8[3], through a
(UINT32*), is undefined behavior:
> Error: OVERRUN (CWE-119):
> edk2-89910a39dcfd/OvmfPkg/Sec/SecMain.c:178: overrun-local: Overrunning
> array of 3 bytes at byte offset 3 by dereferencing pointer
> "(UINT32 *)((EFI_COMMON_SECTION_HEADER *)(UINTN)Section)->Size".
> # 176| Section = (EFI_COMMON_SECTION_HEADER*)(UINTN) CurrentAddress;
> # 177|
> # 178|-> Size = SECTION_SIZE (Section);
> # 179| if (Size < sizeof (*Section)) {
> # 180| return EFI_VOLUME_CORRUPTED;
Fix this by accessing the array elements individually.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710
Issue: scan-1007.txt
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Diffstat (limited to 'BaseTools/Source/Python/AutoGen/GenVar.py')
0 files changed, 0 insertions, 0 deletions