Enhance the check for some fields in the PE image before use it.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao<jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13665 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 15 insertions, 0 deletions

diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 014eb22dc8..a51320b037 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1435,6 +1435,12 @@ PeCoffLoaderLoadImage (
 

         for (Index = 0; Index < ResourceDirectory->NumberOfNamedEntries; Index++) {

           if (ResourceDirectoryEntry->u1.s.NameIsString) {

+            //

+            // Check the ResourceDirectoryEntry->u1.s.NameOffset before use it.

+            //

+            if (ResourceDirectoryEntry->u1.s.NameOffset >= DirectoryEntry->Size) {

+              continue;

+            }

             ResourceDirectoryString = (EFI_IMAGE_RESOURCE_DIRECTORY_STRING *) (Base + ResourceDirectoryEntry->u1.s.NameOffset);

             String = &ResourceDirectoryString->String[0];

 

@@ -1610,6 +1616,15 @@ PeCoffLoaderRelocateImageForRuntime (
   //

   FixupData = RelocationData;

   while (RelocBase < RelocBaseEnd) {

+    //

+    // Add check for RelocBase->SizeOfBlock field.

+    //

+    if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > RelocDir->Size)) {

+      //

+      // Data invalid, cannot continue to relocate the image, just return.

+      //

+      return;

+    }

 

     Reloc     = (UINT16 *) ((UINT8 *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));

     RelocEnd  = (UINT16 *) ((UINT8 *) RelocBase + RelocBase->SizeOfBlock);