summaryrefslogtreecommitdiffstats
path: root/MdeModulePkg
diff options
context:
space:
mode:
authorerictian <erictian@6f19259b-4bc3-4df7-8a09-765794883524>2012-11-14 05:12:40 +0000
committererictian <erictian@6f19259b-4bc3-4df7-8a09-765794883524>2012-11-14 05:12:40 +0000
commit467cacbf77ef0bebd912ac4c7767b61c8820c52c (patch)
treeb94ac3252a9229e251a61ee3843d747292e915e2 /MdeModulePkg
parent5f6aee0f72dc29b42b133a6ccf81ba369ad0f3c0 (diff)
downloadedk2-467cacbf77ef0bebd912ac4c7767b61c8820c52c.tar.gz
edk2-467cacbf77ef0bebd912ac4c7767b61c8820c52c.tar.bz2
edk2-467cacbf77ef0bebd912ac4c7767b61c8820c52c.zip
MdeModulePkg/AtaAtapiPassThru: fix buffer overflow issue introduced by previous patch(r13932).
Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13941 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
-rw-r--r--MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
index 1c45312712..190ab799f1 100644
--- a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
+++ b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
@@ -1908,6 +1908,7 @@ AhciCreateTransferDescriptor (
VOID *Buffer;
UINT32 Capability;
+ UINT32 PortImplementBitMap;
UINT8 MaxPortNumber;
UINT8 MaxCommandSlotNumber;
BOOLEAN Support64Bit;
@@ -1923,12 +1924,20 @@ AhciCreateTransferDescriptor (
// Collect AHCI controller information
//
Capability = AhciReadReg(PciIo, EFI_AHCI_CAPABILITY_OFFSET);
- MaxPortNumber = (UINT8) ((Capability & 0x1F) + 1);
//
// Get the number of command slots per port supported by this HBA.
//
MaxCommandSlotNumber = (UINT8) (((Capability & 0x1F00) >> 8) + 1);
Support64Bit = (BOOLEAN) (((Capability & BIT31) != 0) ? TRUE : FALSE);
+
+ PortImplementBitMap = AhciReadReg(PciIo, EFI_AHCI_PI_OFFSET);
+ //
+ // Get the highest bit of implemented ports which decides how many bytes are allocated for recived FIS.
+ //
+ MaxPortNumber = (UINT8)(UINTN)(HighBitSet32(PortImplementBitMap) + 1);
+ if (MaxPortNumber == 0) {
+ return EFI_DEVICE_ERROR;
+ }
MaxReceiveFisSize = MaxPortNumber * sizeof (EFI_AHCI_RECEIVED_FIS);
Status = PciIo->AllocateBuffer (