diff options
| author | Long Qin <qin.long@intel.com> | 2017-11-01 16:10:04 +0800 |
|---|---|---|
| committer | Long Qin <qin.long@intel.com> | 2017-11-06 14:50:17 +0800 |
| commit | cf8197a39d07179027455421a182598bd6989999 (patch) | |
| tree | e84e54f0e272db3bcac08d4de9c3f008e734b718 /CryptoPkg/Include | |
| parent | f6f486e7bf7667ca7bcf50d808e056bd5ac7deaf (diff) | |
| download | edk2-cf8197a39d07179027455421a182598bd6989999.tar.gz edk2-cf8197a39d07179027455421a182598bd6989999.tar.bz2 edk2-cf8197a39d07179027455421a182598bd6989999.zip | |
CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
There is one long-standing problem in CRT realloc wrapper, which will
cause the obvious buffer overflow issue when re-allocating one bigger
memory block:
void *realloc (void *ptr, size_t size)
{
//
// BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr.
//
return ReallocatePool ((UINTN) size, (UINTN) size, ptr);
}
This patch introduces one extra header to record the memory buffer size
information when allocating memory block from malloc routine, and re-wrap
the realloc() and free() routines to remove this BUG.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Validated-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg/Include')
0 files changed, 0 insertions, 0 deletions