fixed overflow issue when reading BMP file.

[mirror_edk2.git] / IntelFrameworkModulePkg / Library / GenericBdsLib / BdsConsole.c

diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
index 6f3addb2f25cf6e5f13cca48a4b0bcf8b54cb956..ef0198df5c11c0692cf691b74c640e3eb6a371d6 100644 (file)
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
@@ -587,7 +587,7 @@ ConvertBmpToGopBlt (
   BMP_COLOR_MAP                 *BmpColorMap;\r
   EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer;\r
   EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt;\r
-  UINTN                         BltBufferSize;\r
+  UINT64                        BltBufferSize;\r
   UINTN                         Index;\r
   UINTN                         Height;\r
   UINTN                         Width;\r
@@ -623,12 +623,19 @@ ConvertBmpToGopBlt (
   // Calculate the BltBuffer needed size.\r
   //\r
   BltBufferSize = BmpHeader->PixelWidth * BmpHeader->PixelHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL);\r
+  if (BltBufferSize >= SIZE_4GB) {\r
+    //\r
+    // If the BMP resolution is too large\r
+    //\r
+    return EFI_UNSUPPORTED;\r
+  }\r
+  \r
   IsAllocated   = FALSE;\r
   if (*GopBlt == NULL) {\r
     //\r
     // GopBlt is not allocated by caller.\r
     //\r
-    *GopBltSize = BltBufferSize;\r
+    *GopBltSize = (UINTN) BltBufferSize;\r
     *GopBlt     = AllocatePool (*GopBltSize);\r
     IsAllocated = TRUE;\r
     if (*GopBlt == NULL) {\r
@@ -639,7 +646,7 @@ ConvertBmpToGopBlt (
     // GopBlt has been allocated by caller.\r
     //\r
     if (*GopBltSize < BltBufferSize) {\r
-      *GopBltSize = BltBufferSize;\r
+      *GopBltSize = (UINTN) BltBufferSize;\r
       return EFI_BUFFER_TOO_SMALL;\r
     }\r
   }\r