From 6893b16fb9f8afef71ae4e9e3dead6bb685f6994 Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Wed, 12 Apr 2017 16:36:11 +0800 Subject: [PATCH] NetworkPkg/HttpDxe: Fix HTTP download OS image over 4G size failure UINT32 integer overflow will happen once the download OS image over 4G size. This patch is to fix this issue. Cc: Ye Ting Cc: Fu Siyuan Cc: Zhang Lubo Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin Reviewed-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Sriram Subramanian --- NetworkPkg/HttpDxe/HttpProto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 3d61ba2ae1..3fda294be3 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -2031,8 +2031,8 @@ HttpTcpReceiveBody ( if (HttpInstance->LocalAddressIsIPv6) { Rx6Token = &Wrap->TcpWrap.Rx6Token; - Rx6Token ->Packet.RxData->DataLength = (UINT32) HttpMsg->BodyLength; - Rx6Token ->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) HttpMsg->BodyLength; + Rx6Token ->Packet.RxData->DataLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); + Rx6Token ->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); Rx6Token ->Packet.RxData->FragmentTable[0].FragmentBuffer = (VOID *) HttpMsg->Body; Rx6Token->CompletionToken.Status = EFI_NOT_READY; @@ -2043,8 +2043,8 @@ HttpTcpReceiveBody ( } } else { Rx4Token = &Wrap->TcpWrap.Rx4Token; - Rx4Token->Packet.RxData->DataLength = (UINT32) HttpMsg->BodyLength; - Rx4Token->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) HttpMsg->BodyLength; + Rx4Token->Packet.RxData->DataLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); + Rx4Token->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer = (VOID *) HttpMsg->Body; Rx4Token->CompletionToken.Status = EFI_NOT_READY; -- 2.39.2