X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=DuetPkg%2FPciBusNoEnumerationDxe%2FPciRomTable.c;h=5085431b08a2328fe1c32fe5847a5a0e802310e5;hb=fc504fdea7fe92bfa88e15f50e64b4d76d4f75fd;hp=15426ecd926eef037ad88769b02b4191361efad2;hpb=d8bee43ce44db3012de2274b135ede6d06106f7d;p=mirror_edk2.git diff --git a/DuetPkg/PciBusNoEnumerationDxe/PciRomTable.c b/DuetPkg/PciBusNoEnumerationDxe/PciRomTable.c index 15426ecd92..5085431b08 100644 --- a/DuetPkg/PciBusNoEnumerationDxe/PciRomTable.c +++ b/DuetPkg/PciBusNoEnumerationDxe/PciRomTable.c @@ -1,7 +1,7 @@ /*++ -Copyright (c) 2005 - 2007, Intel Corporation -All rights reserved. This program and the accompanying materials +Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -31,13 +31,12 @@ typedef struct { UINT8 Func; } EFI_PCI_ROM_IMAGE_MAPPING; -static UINTN mNumberOfPciRomImages = 0; -static UINTN mMaxNumberOfPciRomImages = 0; -static EFI_PCI_ROM_IMAGE_MAPPING *mRomImageTable = NULL; +UINTN mNumberOfPciRomImages = 0; +UINTN mMaxNumberOfPciRomImages = 0; +EFI_PCI_ROM_IMAGE_MAPPING *mRomImageTable = NULL; -static CHAR16 mHexDigit[17] = L"0123456789ABCDEF"; +CHAR16 mHexDigit[17] = L"0123456789ABCDEF"; -static VOID PciRomAddImageMapping ( IN EFI_HANDLE ImageHandle, @@ -77,7 +76,6 @@ PciRomAddImageMapping ( mNumberOfPciRomImages++; } -static VOID HexToString ( CHAR16 *String, @@ -135,6 +133,7 @@ Returns: VOID *DecompressedImageBuffer; UINT32 ImageLength; EFI_DECOMPRESS_PROTOCOL *Decompress; + UINT32 InitializationSize; RomBar = (VOID *) (UINTN) PciOptionRomDescriptor->RomAddress; RomSize = (UINTN) PciOptionRomDescriptor->RomLength; @@ -153,24 +152,44 @@ Returns: EfiRomHeader = (EFI_PCI_EXPANSION_ROM_HEADER *) (UINTN) RomBarOffset; - if (EfiRomHeader->Signature != 0xaa55) { + + if (EfiRomHeader->Signature != PCI_EXPANSION_ROM_HEADER_SIGNATURE) { return retStatus; } + // + // If the pointer to the PCI Data Structure is invalid, no further images can be located. + // The PCI Data Structure must be DWORD aligned. + // + if (EfiRomHeader->PcirOffset == 0 || + (EfiRomHeader->PcirOffset & 3) != 0 || + RomBarOffset - (UINTN)RomBar + EfiRomHeader->PcirOffset + sizeof (PCI_DATA_STRUCTURE) > RomSize) { + break; + } Pcir = (PCI_DATA_STRUCTURE *) (UINTN) (RomBarOffset + EfiRomHeader->PcirOffset); + // + // If a valid signature is not present in the PCI Data Structure, no further images can be located. + // + if (Pcir->Signature != PCI_DATA_STRUCTURE_SIGNATURE) { + break; + } ImageSize = Pcir->ImageLength * 512; + if (RomBarOffset - (UINTN)RomBar + ImageSize > RomSize) { + break; + } if ((Pcir->CodeType == PCI_CODE_TYPE_EFI_IMAGE) && - (EfiRomHeader->EfiSignature == EFI_PCI_EXPANSION_ROM_HEADER_EFISIGNATURE) ) { + (EfiRomHeader->EfiSignature == EFI_PCI_EXPANSION_ROM_HEADER_EFISIGNATURE) && + ((EfiRomHeader->EfiSubsystem == EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) || + (EfiRomHeader->EfiSubsystem == EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER))) { - if ((EfiRomHeader->EfiSubsystem == EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) || - (EfiRomHeader->EfiSubsystem == EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER) ) { + ImageOffset = EfiRomHeader->EfiImageHeaderOffset; + InitializationSize = EfiRomHeader->InitializationSize * 512; - ImageOffset = EfiRomHeader->EfiImageHeaderOffset; - ImageSize = EfiRomHeader->InitializationSize * 512; + if (InitializationSize <= ImageSize && ImageOffset < InitializationSize) { ImageBuffer = (VOID *) (UINTN) (RomBarOffset + ImageOffset); - ImageLength = ImageSize - ImageOffset; + ImageLength = InitializationSize - ImageOffset; DecompressedImageBuffer = NULL; // @@ -310,7 +329,7 @@ Returns: return Status; } - PciGetBusRange (Descriptors, &MinBus, &MaxBus, NULL); + PciGetBusRange (&Descriptors, &MinBus, &MaxBus, NULL); if ((MinBus <= PciOptionRomDescriptor->Bus) && (PciOptionRomDescriptor->Bus <= MaxBus)) { Status = PciRomLoadEfiDriversFromRomImage (This, PciOptionRomDescriptor); PciOptionRomDescriptor->DontLoadEfiRom |= 2;