1. Use the max string size to compare password string.

2. Check whether the local variable is valid as the array index.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10473 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c b/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
index 14ac72fe1dcc7fd8f6892f3f8915c85bfc4d2bbf..ff9e4b21799ad864f3f5b01f0a17956f993feb1c 100644 (file)
--- a/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
+++ b/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
@@ -187,7 +187,7 @@ ValidatePassword (
   ASSERT (EncodedPassword != NULL);\r
   StrnCpy (EncodedPassword, Password, StrLen (Password));\r
   EncodePassword (EncodedPassword, StrLen (EncodedPassword) * sizeof (CHAR16));\r
-  if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, StrLen (EncodedPassword) * sizeof (CHAR16)) != 0) {\r
+  if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, PasswordMaxSize) != 0) {\r
     //\r
     // Old password mismatch, return EFI_NOT_READY to prompt for error message\r
     //\r
@@ -355,7 +355,7 @@ LoadNameValueNames (
 \r
   @retval EFI_SUCCESS            The Results is filled with the requested values.\r
   @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.\r
-  @retval EFI_INVALID_PARAMETER  Request is NULL, illegal syntax, or unknown name.\r
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.\r
   @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
                                  driver.\r
 \r

diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
index 4f68d98e6b88158d6471c989c567133741b1e835..38812f92f23eeed981486bf191591ac1b6cf1273 100644 (file)
--- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
+++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
@@ -661,7 +661,7 @@ UpdateBindingDriverSelectPage (
   // Switch the item callback key value to its NO. in mDevicePathHandleBuffer\r
   //\r
   mSelectedCtrIndex = KeyValue - KEY_VALUE_DEVICE_OFFSET;\r
-  ASSERT (mSelectedCtrIndex < MAX_CHOICE_NUM);\r
+  ASSERT (mSelectedCtrIndex >= 0 && mSelectedCtrIndex < MAX_CHOICE_NUM);\r
 \r
   mLastSavedDriverImageNum = 0;\r
 \r
@@ -1145,7 +1145,7 @@ CommintChanges (
 \r
   @retval EFI_SUCCESS            The Results is filled with the requested values.\r
   @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.\r
-  @retval EFI_INVALID_PARAMETER  Request is NULL, illegal syntax, or unknown name.\r
+  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.\r
   @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this driver.\r
 \r
 **/\r

diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c b/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c
index 2541743f4f25e6865eac424cfbe5e2b8ee421a35..2905006856ac62573e589ecbe49c070a7234ff1c 100644 (file)
--- a/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/InputHandler.c
@@ -464,16 +464,20 @@ TheKey2:
             }\r
 \r
             if (MenuOption->Sequence == 0) {\r
+              ASSERT (EraseLen >= 2);\r
               FormattedNumber[EraseLen - 2] = DATE_SEPARATOR;\r
             } else if (MenuOption->Sequence == 1) {\r
+              ASSERT (EraseLen >= 1);\r
               FormattedNumber[EraseLen - 1] = DATE_SEPARATOR;\r
             }\r
           } else if (Question->Operand == EFI_IFR_TIME_OP) {\r
             UnicodeSPrint (FormattedNumber, 21 * sizeof (CHAR16), L"%02d", (UINT8) EditValue);\r
 \r
             if (MenuOption->Sequence == 0) {\r
+              ASSERT (EraseLen >= 2);\r
               FormattedNumber[EraseLen - 2] = TIME_SEPARATOR;\r
             } else if (MenuOption->Sequence == 1) {\r
+              ASSERT (EraseLen >= 1);\r
               FormattedNumber[EraseLen - 1] = TIME_SEPARATOR;\r
             }\r
           } else {\r