diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2017-03-23 10:16:23 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2017-04-14 13:16:05 +0800 |
| commit | 458cd568b64a0e4159f85a31809e55657db23792 (patch) | |
| tree | 8a75fa2135623c4aef699cd1e8f671db0066e61d /MdePkg/Include | |
| parent | 1860cb00c18c6f0c58336ea15a63889dabd31d15 (diff) | |
| download | edk2-458cd568b64a0e4159f85a31809e55657db23792.tar.gz edk2-458cd568b64a0e4159f85a31809e55657db23792.tar.bz2 edk2-458cd568b64a0e4159f85a31809e55657db23792.zip | |
MdePkg/UefiLib: Avoid mis-calculate of graphic console size
The commit adds check in function InternalPrintGraphic() to ensure that
the expression:
Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)
will not overflow in the UINTN range.
The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:
Blt->Width * Blt->Height
Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'MdePkg/Include')
0 files changed, 0 insertions, 0 deletions