MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1 - edk2 - Cross-platform firmware development environment

diff options

author	Ruiyu Ni <ruiyu.ni@intel.com>	2018-09-11 18:13:05 +0800
committer	Ruiyu Ni <ruiyu.ni@intel.com>	2018-10-17 11:03:55 +0800
commit	4f8b2f9d727d0035a2ca8d7371629418684bf80f (patch)
tree	8e6d34b2be10e3fb1de429874c4253041db8db64 /BaseTools/Source/Python/Ecc/CodeFragment.py
parent	e59db6a732dbbb064b1e39a288a25edc90adac5d (diff)
download	edk2-4f8b2f9d727d0035a2ca8d7371629418684bf80f.tar.gz edk2-4f8b2f9d727d0035a2ca8d7371629418684bf80f.tar.bz2 edk2-4f8b2f9d727d0035a2ca8d7371629418684bf80f.zip

MdeModulePkg/UsbMass: Fix integer overflow when BlockSize is 1

UsbBootReadWriteBlocks() and UsbBootReadWriteBlocks16() use a UINT16 local variable to hold the value of USB_BOOT_MAX_CARRY_SIZE (=0x10000) / BlockSize. When BlockSize is 1, the UINT16 local variable is set to 0x10000 but the high-16 bits are truncated resulting the final value be 0. It causes the while-loop in the two functions accesses 0 block in each loop, resulting the loop never ends. The patch fixes the two functions to make sure no integer overflow happens. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Steven Shi <steven.shi@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/Ecc/CodeFragment.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: