MdePkg/SafeString: Fix potential out-of-bound memory access - edk2 - Cross-platform firmware development environment

diff options

author	Ruiyu Ni <ruiyu.ni@intel.com>	2018-02-02 18:47:18 +0800
committer	Ruiyu Ni <ruiyu.ni@intel.com>	2018-02-06 17:31:08 +0800
commit	56658c22a674062e46f5bfd2d4da71a88bf3c0e5 (patch)
tree	9bf11a637bb849b218d480d1e96a037900939e35 /BaseTools/Source/Python/Common
parent	7162fdb037fb9385f6bd7d0dc55d54029b810de2 (diff)
download	edk2-56658c22a674062e46f5bfd2d4da71a88bf3c0e5.tar.gz edk2-56658c22a674062e46f5bfd2d4da71a88bf3c0e5.tar.bz2 edk2-56658c22a674062e46f5bfd2d4da71a88bf3c0e5.zip

MdePkg/SafeString: Fix potential out-of-bound memory access

Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS calls StrnLenS () to get the length of source string but supplies the destination buffer size as max size. It's a bug that may cause out-of-bound memory access. For example: StrnCpyS (Dest[10], 10, "hello", 6) -> StrnLenS ("hello", 10) //< cause out-of bound memory access In a pool guard enabled environment, when using shell to edit an existing file which contains empty line, the page fault is met. The patch fixes the four library functions to avoid such out-of-bound memory access. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/Common')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: