From 58356e9478d62811746db283bce3e751c6206006 Mon Sep 17 00:00:00 2001
From: Hao Wu <hao.a.wu@intel.com>
Date: Thu, 30 Nov 2017 14:29:25 +0800
Subject: BaseTools/C/Common: Add checks for array access

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 BaseTools/Source/C/Common/Decompress.c        |  8 ++++----
 BaseTools/Source/C/Common/SimpleFileParsing.c | 12 +++++-------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c
index b2049bd01c..8f1afb4e40 100644
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c
@@ -2,7 +2,7 @@
 Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano 
 compress algorithm.
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -394,7 +394,7 @@ Returns:
 
   Index = 0;
 
-  while (Index < Number) {
+  while (Index < Number && Index < NPT) {
 
     CharC = (UINT16) (Sd->mBitBuf >> (BITBUFSIZ - 3));
 
@@ -413,14 +413,14 @@ Returns:
     if (Index == Special) {
       CharC = (UINT16) GetBits (Sd, 2);
       CharC--;
-      while ((INT16) (CharC) >= 0) {
+      while ((INT16) (CharC) >= 0 && Index < NPT) {
         Sd->mPTLen[Index++] = 0;
         CharC--;
       }
     }
   }
 
-  while (Index < nn) {
+  while (Index < nn && Index < NPT) {
     Sd->mPTLen[Index++] = 0;
   }
 
diff --git a/BaseTools/Source/C/Common/SimpleFileParsing.c b/BaseTools/Source/C/Common/SimpleFileParsing.c
index 868c6b794b..209a0954b3 100644
--- a/BaseTools/Source/C/Common/SimpleFileParsing.c
+++ b/BaseTools/Source/C/Common/SimpleFileParsing.c
@@ -1,7 +1,7 @@
 /** @file
 Generic but simple file parsing routines.
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@@ -1232,12 +1232,10 @@ GetHexChars (
 {
   UINT32  Len;
   Len = 0;
-  while (!EndOfFile (&mGlobals.SourceFile) && (BufferLen > 0)) {
+  while (!EndOfFile (&mGlobals.SourceFile) && (Len < BufferLen)) {
     if (isxdigit ((int)mGlobals.SourceFile.FileBufferPtr[0])) {
-      *Buffer = mGlobals.SourceFile.FileBufferPtr[0];
-      Buffer++;
+      Buffer[Len] = mGlobals.SourceFile.FileBufferPtr[0];
       Len++;
-      BufferLen--;
       mGlobals.SourceFile.FileBufferPtr++;
     } else {
       break;
@@ -1246,8 +1244,8 @@ GetHexChars (
   //
   // Null terminate if we can
   //
-  if ((Len > 0) && (BufferLen > 0)) {
-    *Buffer = 0;
+  if ((Len > 0) && (Len < BufferLen)) {
+    Buffer[Len] = 0;
   }
 
   return Len;
-- 
cgit v1.2.3