ClusterCount = 0;\r
\r
while (!FAT_END_OF_FAT_CHAIN (Cluster)) {\r
- if (Cluster == FAT_CLUSTER_FREE || Cluster >= FAT_CLUSTER_SPECIAL) {\r
+ if (Cluster < FAT_MIN_CLUSTER || Cluster > Volume->MaxCluster + 1) {\r
\r
DEBUG (\r
(EFI_D_INIT | EFI_D_ERROR,\r
goto Done;\r
}\r
\r
+ if (NewCluster < FAT_MIN_CLUSTER || NewCluster > Volume->MaxCluster + 1) {
+ Status = EFI_VOLUME_CORRUPTED;
+ goto Done;
+ }
+
if (LastCluster != 0) {\r
FatSetFatEntry (Volume, LastCluster, NewCluster);\r
} else {\r
\r
LastCluster = NewCluster;\r
CurSize += 1;\r
+\r
+ //\r
+ // Terminate the cluster list\r
+ //\r
+ // Note that we must do this EVERY time we allocate a cluster, because\r
+ // FatAllocateCluster scans the FAT looking for a free cluster and\r
+ // "LastCluster" is no longer free! Usually, FatAllocateCluster will\r
+ // start looking with the cluster after "LastCluster"; however, when\r
+ // there is only one free cluster left, it will find "LastCluster"\r
+ // a second time. There are other, less predictable scenarios\r
+ // where this could happen, as well.\r
+ //\r
+ FatSetFatEntry (Volume, LastCluster, (UINTN) FAT_CLUSTER_LAST);\r
+ OFile->FileLastCluster = LastCluster;\r
}\r
- //\r
- // Terminate the cluster list\r
- //\r
- FatSetFatEntry (Volume, LastCluster, (UINTN) FAT_CLUSTER_LAST);\r
- OFile->FileLastCluster = LastCluster;\r
}\r
\r
OFile->FileSize = (UINTN) NewSizeInBytes;\r
Cluster = FatGetFatEntry (Volume, Cluster);\r
}\r
\r
- if (Cluster < FAT_MIN_CLUSTER) {\r
+ if (Cluster < FAT_MIN_CLUSTER || Cluster > Volume->MaxCluster + 1) {\r
return EFI_VOLUME_CORRUPTED;\r
}\r
\r