Add logic to validate variable before use it.

[mirror_edk2.git] / MdeModulePkg / Core / DxeIplPeim / DxeLoad.c

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
index e6836596d8c2a8b83af42e56304f327dd5ba1517..dea627e16282afc88bb9c5bb61c6c3d7468c4346 100644 (file)
--- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
@@ -124,6 +124,53 @@ PeimInitializeDxeIpl (
   return Status;\r
 }\r
 \r
+/**\r
+   Validate variable data for the MemoryTypeInformation. \r
+\r
+   @param MemoryData       Variable data.\r
+   @param MemoryDataSize   Variable data length.\r
+\r
+   @return TRUE            The variable data is valid.\r
+   @return FALSE           The variable data is invalid.\r
+\r
+**/\r
+BOOLEAN\r
+ValidateMemoryTypeInfoVariable (\r
+  IN EFI_MEMORY_TYPE_INFORMATION      *MemoryData,\r
+  IN UINTN                            MemoryDataSize\r
+  )\r
+{\r
+  UINTN                       Count;\r
+  UINTN                       Index;\r
+\r
+  // Check the input parameter.\r
+  if (MemoryData == NULL) {\r
+    return FALSE;\r
+  }\r
+\r
+  // Get Count\r
+  Count = MemoryDataSize / sizeof (*MemoryData);\r
+\r
+  // Check Size\r
+  if (Count * sizeof(*MemoryData) != MemoryDataSize) {\r
+    return FALSE;\r
+  }\r
+\r
+  // Check last entry type filed.\r
+  if (MemoryData[Count - 1].Type != EfiMaxMemoryType) {\r
+    return FALSE;\r
+  }\r
+\r
+  // Check the type filed.\r
+  for (Index = 0; Index < Count - 1; Index++) {\r
+    if (MemoryData[Index].Type >= EfiMaxMemoryType) {\r
+      return FALSE;\r
+    }\r
+  }\r
+\r
+  return TRUE;\r
+}\r
+\r
 /**\r
    Main entry point to last PEIM. \r
 \r
@@ -214,7 +261,7 @@ DxeLoadCore (
                          &DataSize,\r
                          &MemoryData\r
                          );\r
-    if (!EFI_ERROR (Status)) {\r
+    if (!EFI_ERROR (Status) && ValidateMemoryTypeInfoVariable(MemoryData, DataSize)) {\r
       //\r
       // Build the GUID'd HOB for DXE\r
       //\r
@@ -515,21 +562,32 @@ Decompress (
   UINT8                           *ScratchBuffer;\r
   UINT32                          DstBufferSize;\r
   UINT32                          ScratchBufferSize;\r
-  EFI_COMMON_SECTION_HEADER       *Section;\r
-  UINT32                          SectionLength;\r
+  VOID                            *CompressionSource;\r
+  UINT32                          CompressionSourceSize;\r
+  UINT32                          UncompressedLength;\r
+  UINT8                           CompressionType;\r
 \r
   if (CompressionSection->CommonHeader.Type != EFI_SECTION_COMPRESSION) {\r
     ASSERT (FALSE);\r
     return EFI_INVALID_PARAMETER;\r
   }\r
 \r
-  Section = (EFI_COMMON_SECTION_HEADER *) CompressionSection;\r
-  SectionLength = *(UINT32 *) (Section->Size) & 0x00ffffff;\r
+  if (IS_SECTION2 (CompressionSection)) {\r
+    CompressionSource = (VOID *) ((UINT8 *) CompressionSection + sizeof (EFI_COMPRESSION_SECTION2));\r
+    CompressionSourceSize = (UINT32) (SECTION2_SIZE (CompressionSection) - sizeof (EFI_COMPRESSION_SECTION2));\r
+    UncompressedLength = ((EFI_COMPRESSION_SECTION2 *) CompressionSection)->UncompressedLength;\r
+    CompressionType = ((EFI_COMPRESSION_SECTION2 *) CompressionSection)->CompressionType;\r
+  } else {\r
+    CompressionSource = (VOID *) ((UINT8 *) CompressionSection + sizeof (EFI_COMPRESSION_SECTION));\r
+    CompressionSourceSize = (UINT32) (SECTION_SIZE (CompressionSection) - sizeof (EFI_COMPRESSION_SECTION));\r
+    UncompressedLength = CompressionSection->UncompressedLength;\r
+    CompressionType = CompressionSection->CompressionType;\r
+  }\r
   \r
   //\r
   // This is a compression set, expand it\r
   //\r
-  switch (CompressionSection->CompressionType) {\r
+  switch (CompressionType) {\r
   case EFI_STANDARD_COMPRESSION:\r
     if (FeaturePcdGet(PcdDxeIplSupportUefiDecompress)) {\r
       //\r
@@ -537,8 +595,8 @@ Decompress (
       // For compressed data, decompress them to destination buffer.\r
       //\r
       Status = UefiDecompressGetInfo (\r
-                 (UINT8 *) ((EFI_COMPRESSION_SECTION *) Section + 1),\r
-                 SectionLength - sizeof (EFI_COMPRESSION_SECTION),\r
+                 CompressionSource,\r
+                 CompressionSourceSize,\r
                  &DstBufferSize,\r
                  &ScratchBufferSize\r
                  );\r
@@ -572,7 +630,7 @@ Decompress (
       // Call decompress function\r
       //\r
       Status = UefiDecompress (\r
-                  (CHAR8 *) ((EFI_COMPRESSION_SECTION *) Section + 1),\r
+                  CompressionSource,\r
                   DstBuffer,\r
                   ScratchBuffer\r
                   );\r
@@ -597,7 +655,7 @@ Decompress (
     //\r
     // Allocate destination buffer\r
     //\r
-    DstBufferSize = CompressionSection->UncompressedLength;\r
+    DstBufferSize = UncompressedLength;\r
     DstBuffer     = AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize) + 1);\r
     if (DstBuffer == NULL) {\r
       return EFI_OUT_OF_RESOURCES;\r
@@ -610,7 +668,7 @@ Decompress (
     //\r
     // stream is not actually compressed, just encapsulated.  So just copy it.\r
     //\r
-    CopyMem (DstBuffer, CompressionSection + 1, DstBufferSize);\r
+    CopyMem (DstBuffer, CompressionSource, DstBufferSize);\r
     break;\r
 \r
   default:\r