On 30 October 2017 at 05:47, Heyi Guo heyi.guo@linaro.org wrote:
For PciIoPciRead interface, memory prior to Buffer would be written with zeros if Offset was larger than sizeof (Dev->ConfigSpace), which would cause serious system exception.
So we add a pre-check branch to avoid memory override.
Cc: Star Zeng star.zeng@intel.com Cc: Eric Dong eric.dong@intel.com Cc: Ard Biesheuvel ard.biesheuvel@linaro.org Cc: Ruiyu Ni ruiyu.ni@intel.com Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Heyi Guo heyi.guo@linaro.org
Reviewed-by: Ard Biesheuvel ard.biesheuvel@linaro.org
.../Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c index c836ad6..0e42ae4 100644 --- a/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c +++ b/MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/NonDiscoverablePciDeviceIo.c @@ -465,6 +465,11 @@ PciIoPciRead ( Address = (UINT8 *)&Dev->ConfigSpace + Offset; Length = Count << ((UINTN)Width & 0x3);
- if (Offset >= sizeof (Dev->ConfigSpace)) {
- ZeroMem (Buffer, Length);
- return EFI_SUCCESS;
- }
- if (Offset + Length > sizeof (Dev->ConfigSpace)) { // // Read all zeroes for config space accesses beyond the first
-- 1.9.1