diff options
| author | Heyi Guo <heyi.guo@linaro.org> | 2017-10-30 13:47:52 +0800 |
|---|---|---|
| committer | Star Zeng <star.zeng@intel.com> | 2017-11-08 12:52:04 +0800 |
| commit | 710d9e69fae6753a1a826aa18dd37bcadd3e0c3e (patch) | |
| tree | 8838d146c3736f3753f32b9e45e766ce2823f078 /MdeModulePkg/Bus | |
| parent | 400a59737fc3d14b0acc0b0a66a294bb6db894b6 (diff) | |
| download | edk2-710d9e69fae6753a1a826aa18dd37bcadd3e0c3e.tar.gz edk2-710d9e69fae6753a1a826aa18dd37bcadd3e0c3e.tar.bz2 edk2-710d9e69fae6753a1a826aa18dd37bcadd3e0c3e.zip | |
MdeModulePkg/NonDiscoverable: fix memory override bug
For PciIoPciRead interface, memory prior to Buffer would be written
with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which
would cause serious system exception.
So we add a pre-check branch to avoid memory override.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Diffstat (limited to 'MdeModulePkg/Bus')
| -rw-r--r-- | MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index c836ad6a91..0e42ae4bf6 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c @@ -465,6 +465,11 @@ PciIoPciRead ( Address = (UINT8 *)&Dev->ConfigSpace + Offset;
Length = Count << ((UINTN)Width & 0x3);
+ if (Offset >= sizeof (Dev->ConfigSpace)) {
+ ZeroMem (Buffer, Length);
+ return EFI_SUCCESS;
+ }
+
if (Offset + Length > sizeof (Dev->ConfigSpace)) {
//
// Read all zeroes for config space accesses beyond the first
|