Google Git
Sign in
android / device / linaro / bootloader / edk2 / b3520ab^! / .
commitb3520abde896e5e3f251054092f084580bfcdc37[log] [tgz]
authorHao Wu <hao.a.wu@intel.com>Tue Sep 27 13:28:33 2016 +0800
committerHao Wu <hao.a.wu@intel.com>Tue Nov 08 16:37:01 2016 +0800
tree48a8ffc0ff2cefbbecfb084e37c1254b03e74f1a
parentf45b5a760530752bd6ea8125416cb6620a375468 [diff]
BaseTools/C/Common: Add checks for array access

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/BaseTools/Source/C/Common/CommonLib.c b/BaseTools/Source/C/Common/CommonLib.c
index 2d07dfc..2f0aecf 100644
--- a/BaseTools/Source/C/Common/CommonLib.c
+++ b/BaseTools/Source/C/Common/CommonLib.c

@@ -1,7 +1,7 @@
 /** @file

 Common basic Library Functions

 

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials                          

 are licensed and made available under the terms and conditions of the BSD License         

 which accompanies this distribution.  The full text of the license may be found at        

@@ -652,7 +652,11 @@
     //

     // Construct the full file path

     //

-    strcat (mCommonLibFullPath, FileName);

+    if (strlen (mCommonLibFullPath) + strlen (FileName) > MAX_LONG_FILE_PATH - 1) {

+      Error (NULL, 0, 2000, "Invalid parameter", "FileName %s is too long!", FileName);

+      return NULL;

+    }

+    strncat (mCommonLibFullPath, FileName, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);

     

     //

     // Convert directory separator '/' to '\\'


diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c
index d266b6f..77df89f 100644
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c

@@ -2,7 +2,7 @@
 Decompressor. Algorithm Ported from OPSD code (Decomp.asm) for Efi and Tiano 

 compress algorithm.

 

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -15,6 +15,7 @@
 

 #include <stdlib.h>

 #include <string.h>

+#include <assert.h>

 #include "Decompress.h"

 

 //

@@ -240,7 +241,7 @@
   for (Char = 0; Char < NumOfChar; Char++) {

 

     Len = BitLen[Char];

-    if (Len == 0) {

+    if (Len == 0 || Len >= 17) {

       continue;

     }

 

@@ -373,6 +374,8 @@
   UINT16  Index;

   UINT32  Mask;

 

+  assert (nn <= NPT);

+

   Number = (UINT16) GetBits (Sd, nbit);

 

   if (Number == 0) {