From: Hao Wu Date: Tue, 30 Jun 2015 06:31:28 +0000 (+0000) Subject: PerformancePkg Dp_App: Resolve buffer size mismatch X-Git-Tag: edk2-stable201903~9527 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=269e0aebcf978640f16361882f423c7b9593215c;p=mirror_edk2.git PerformancePkg Dp_App: Resolve buffer size mismatch CHAR16 array mGaugeString[DP_GAUGE_STRING_LENGTH + 1] is pass into function GetShortPdbFileName(). However, in this function it treats the size of the input buffer as DXE_PERFORMANCE_STRING_SIZE. Though DXE_PERFORMANCE_STRING_SIZE is smaller than DP_GAUGE_STRING_LENGTH now, but this manner might introduce a potential risk of buffer overflow. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Star Zeng git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17746 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/PerformancePkg/Dp_App/DpUtilities.c b/PerformancePkg/Dp_App/DpUtilities.c index 38d2293d85..38d7aa37f1 100644 --- a/PerformancePkg/Dp_App/DpUtilities.c +++ b/PerformancePkg/Dp_App/DpUtilities.c @@ -156,10 +156,10 @@ GetShortPdbFileName ( UINTN StartIndex; UINTN EndIndex; - ZeroMem (UnicodeBuffer, DXE_PERFORMANCE_STRING_LENGTH * sizeof (CHAR16)); + ZeroMem (UnicodeBuffer, (DP_GAUGE_STRING_LENGTH + 1) * sizeof (CHAR16)); if (PdbFileName == NULL) { - StrCpyS (UnicodeBuffer, DXE_PERFORMANCE_STRING_SIZE, L" "); + StrCpyS (UnicodeBuffer, DP_GAUGE_STRING_LENGTH + 1, L" "); } else { StartIndex = 0; for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++) @@ -178,8 +178,8 @@ GetShortPdbFileName ( for (IndexA = StartIndex; IndexA < EndIndex; IndexA++) { UnicodeBuffer[IndexU] = (CHAR16) PdbFileName[IndexA]; IndexU++; - if (IndexU >= DXE_PERFORMANCE_STRING_LENGTH) { - UnicodeBuffer[DXE_PERFORMANCE_STRING_LENGTH] = 0; + if (IndexU >= DP_GAUGE_STRING_LENGTH) { + UnicodeBuffer[DP_GAUGE_STRING_LENGTH] = 0; break; } }