Google Git
Sign in
android / device / linaro / bootloader / edk2 / bab5ad2^! / .
commitbab5ad2fd14bf8d1e9e688327a11136c8bfb523e[log] [tgz]
authorHao Wu <hao.a.wu@intel.com>Tue Oct 11 11:21:31 2016 +0800
committerHao Wu <hao.a.wu@intel.com>Tue Nov 08 16:37:07 2016 +0800
treedcc42ad99b7d0b167cce1ef8b3b8d37a13a4e89c
parent5acc8d3cdd280f00ab316023e1f77dbce6025eb4 [diff]
BaseTools/VfrCompile: Add checks for array access

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
index 37cac24..f15bff1 100644
--- a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
+++ b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h

@@ -30,6 +30,8 @@
  * 1989-2000

  */

 

+#include <assert.h>

+

 #define ZZINC {if ( track_columns ) (++_endcol);}

 

 #define ZZGETC {ch = input->nextChar(); cl = ZZSHIFT(ch);}

@@ -114,6 +116,7 @@
 		state = dfa_base[automaton];

 		while (ZZNEWSTATE != DfaStates) {

 			state = newstate;

+            assert(state <= sizeof(dfa)/sizeof(dfa[0]));

 			ZZCOPY;

 			ZZGETC;

 			ZZINC;


diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
index 1ab95be..24b0bfa 100644
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp

@@ -1474,6 +1474,10 @@
     }

   }

 

+  if (Index == EFI_FREE_VARSTORE_ID_BITMAP_SIZE) {

+    return EFI_VARSTORE_ID_INVALID;

+  }

+

   for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {

     if ((mFreeVarStoreIdBitMap[Index] & Mask) == 0) {

       mFreeVarStoreIdBitMap[Index] |= Mask;

@@ -2437,6 +2441,10 @@
     }

   }

 

+  if (Index == EFI_FREE_QUESTION_ID_BITMAP_SIZE) {

+    return EFI_QUESTION_ID_INVALID;

+  }

+

   for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {

     if ((mFreeQIdBitMap[Index] & Mask) == 0) {

       mFreeQIdBitMap[Index] |= Mask;