CHAR16 array mGaugeString[DP_GAUGE_STRING_LENGTH + 1] is pass into
function GetShortPdbFileName(). However, in this function it treats the
size of the input buffer as DXE_PERFORMANCE_STRING_SIZE.
Though DXE_PERFORMANCE_STRING_SIZE is smaller than DP_GAUGE_STRING_LENGTH
now, but this manner might introduce a potential risk of buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17746
6f19259b-4bc3-4df7-8a09-
765794883524
UINTN StartIndex;\r
UINTN EndIndex;\r
\r
UINTN StartIndex;\r
UINTN EndIndex;\r
\r
- ZeroMem (UnicodeBuffer, DXE_PERFORMANCE_STRING_LENGTH * sizeof (CHAR16));\r
+ ZeroMem (UnicodeBuffer, (DP_GAUGE_STRING_LENGTH + 1) * sizeof (CHAR16));\r
\r
if (PdbFileName == NULL) {\r
\r
if (PdbFileName == NULL) {\r
- StrCpyS (UnicodeBuffer, DXE_PERFORMANCE_STRING_SIZE, L" ");\r
+ StrCpyS (UnicodeBuffer, DP_GAUGE_STRING_LENGTH + 1, L" ");\r
} else {\r
StartIndex = 0;\r
for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++)\r
} else {\r
StartIndex = 0;\r
for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++)\r
for (IndexA = StartIndex; IndexA < EndIndex; IndexA++) {\r
UnicodeBuffer[IndexU] = (CHAR16) PdbFileName[IndexA];\r
IndexU++;\r
for (IndexA = StartIndex; IndexA < EndIndex; IndexA++) {\r
UnicodeBuffer[IndexU] = (CHAR16) PdbFileName[IndexA];\r
IndexU++;\r
- if (IndexU >= DXE_PERFORMANCE_STRING_LENGTH) {\r
- UnicodeBuffer[DXE_PERFORMANCE_STRING_LENGTH] = 0;\r
+ if (IndexU >= DP_GAUGE_STRING_LENGTH) {\r
+ UnicodeBuffer[DP_GAUGE_STRING_LENGTH] = 0;\r