diff options
author | Hao Wu <hao.a.wu@intel.com> | 2015-07-13 01:22:21 +0000 |
---|---|---|
committer | hwu1225 <hwu1225@Edk2> | 2015-07-13 01:22:21 +0000 |
commit | 885c3060c193c9f4c3e3430c82c8c3e8fc574398 (patch) | |
tree | 4a5efa78157094146ef9f2a0129f3dadec294cbb /IntelFrameworkModulePkg | |
parent | d5b5b8f8aa956266289ad9c523a410419fea87f8 (diff) | |
download | edk2-885c3060c193c9f4c3e3430c82c8c3e8fc574398.tar.gz edk2-885c3060c193c9f4c3e3430c82c8c3e8fc574398.tar.bz2 edk2-885c3060c193c9f4c3e3430c82c8c3e8fc574398.zip |
IntelFrameworkModulePkg GenericBdsLib: Potential read over memory boudary
This commit will resolve the issue brought by r17733.
StringBuffer1 = AllocateCopyPool (
MAX_STRING_LEN * sizeof (CHAR16),
L"Configuration changed. Reset to apply it Now."
);
The above using of AllocateCopyPool() will read contents out of the scope
of the constant string. Potential risk for the constant string allocated
at the boundary of memory region.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17929 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'IntelFrameworkModulePkg')
-rw-r--r-- | IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c index b5be63140f..24c1998a14 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c @@ -1127,16 +1127,20 @@ SetupResetReminder ( if (IsResetReminderFeatureEnable ()) {
if (IsResetRequired ()) {
- StringBuffer1 = AllocateCopyPool (
- MAX_STRING_LEN * sizeof (CHAR16),
- L"Configuration changed. Reset to apply it Now."
- );
+ StringBuffer1 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
ASSERT (StringBuffer1 != NULL);
- StringBuffer2 = AllocateCopyPool (
- MAX_STRING_LEN * sizeof (CHAR16),
- L"Press ENTER to reset"
- );
+ StringBuffer2 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
ASSERT (StringBuffer2 != NULL);
+ StrCpyS (
+ StringBuffer1,
+ MAX_STRING_LEN,
+ L"Configuration changed. Reset to apply it Now."
+ );
+ StrCpyS (
+ StringBuffer2,
+ MAX_STRING_LEN,
+ L"Press ENTER to reset"
+ );
//
// Popup a menu to notice user
//
|