MdeModulePkg: Fix use-after-free error in InstallConfigurationTable()

[mirror_edk2.git] / MdeModulePkg / Core / PiSmmCore / Dispatcher.c

diff --git a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
index 1bddaf13ae7cb0e4e7b0edd34bfa14e1f955466f..f32bbbd1b4b3da6abaadb2c504ef963039ce330e 100644 (file)
--- a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
+++ b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
@@ -28,7 +28,7 @@
   Depex - Dependency Expresion.\r
 \r
   Copyright (c) 2014, Hewlett-Packard Development Company, L.P.\r
-  Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
   This program and the accompanying materials are licensed and made available \r
   under the terms and conditions of the BSD License which accompanies this \r
   distribution.  The full text of the license may be found at        \r
@@ -183,8 +183,8 @@ CheckAndMarkFixLoadingMemoryUsageBitMap (
    //\r
    // Test if the memory is avalaible or not.\r
    // \r
-   BaseOffsetPageNumber = (UINTN)EFI_SIZE_TO_PAGES((UINT32)(ImageBase - SmmCodeBase));\r
-   TopOffsetPageNumber  = (UINTN)EFI_SIZE_TO_PAGES((UINT32)(ImageBase + ImageSize - SmmCodeBase));\r
+   BaseOffsetPageNumber = EFI_SIZE_TO_PAGES((UINT32)(ImageBase - SmmCodeBase));\r
+   TopOffsetPageNumber  = EFI_SIZE_TO_PAGES((UINT32)(ImageBase + ImageSize - SmmCodeBase));\r
    for (Index = BaseOffsetPageNumber; Index < TopOffsetPageNumber; Index ++) {\r
      if ((mSmmCodeMemoryRangeUsageBitMap[Index / 64] & LShiftU64(1, (Index % 64))) != 0) {\r
        //\r
@@ -234,12 +234,10 @@ GetPeCoffImageFixLoadingAssignedAddress(
   // Get PeHeader pointer\r
   //\r
   ImgHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((CHAR8* )ImageContext->Handle + ImageContext->PeCoffHeaderOffset);\r
-  SectionHeaderOffset = (UINTN)(\r
-                                 ImageContext->PeCoffHeaderOffset +\r
-                                 sizeof (UINT32) +\r
-                                 sizeof (EFI_IMAGE_FILE_HEADER) +\r
-                                 ImgHdr->Pe32.FileHeader.SizeOfOptionalHeader\r
-                                 );\r
+  SectionHeaderOffset = ImageContext->PeCoffHeaderOffset +\r
+                        sizeof (UINT32) +\r
+                        sizeof (EFI_IMAGE_FILE_HEADER) +\r
+                        ImgHdr->Pe32.FileHeader.SizeOfOptionalHeader;\r
   NumberOfSections = ImgHdr->Pe32.FileHeader.NumberOfSections;\r
 \r
   //\r
@@ -520,7 +518,7 @@ SmmLoadImage (
   // Align buffer on section boundary\r
   //\r
   ImageContext.ImageAddress += ImageContext.SectionAlignment - 1;\r
-  ImageContext.ImageAddress &= ~((EFI_PHYSICAL_ADDRESS)(ImageContext.SectionAlignment - 1));\r
+  ImageContext.ImageAddress &= ~((EFI_PHYSICAL_ADDRESS)ImageContext.SectionAlignment - 1);\r
 \r
   //\r
   // Load the image to our new buffer\r
@@ -598,7 +596,7 @@ SmmLoadImage (
   }\r
   CopyMem (DriverEntry->LoadedImage->FilePath, FilePath, GetDevicePathSize (FilePath));\r
 \r
-  DriverEntry->LoadedImage->ImageBase     = (VOID *)(UINTN)DriverEntry->ImageBuffer;\r
+  DriverEntry->LoadedImage->ImageBase     = (VOID *)(UINTN) ImageContext.ImageAddress;\r
   DriverEntry->LoadedImage->ImageSize     = ImageContext.ImageSize;\r
   DriverEntry->LoadedImage->ImageCodeType = EfiRuntimeServicesCode;\r
   DriverEntry->LoadedImage->ImageDataType = EfiRuntimeServicesData;\r
@@ -617,7 +615,7 @@ SmmLoadImage (
   }\r
   CopyMem (DriverEntry->SmmLoadedImage.FilePath, FilePath, GetDevicePathSize(FilePath));\r
 \r
-  DriverEntry->SmmLoadedImage.ImageBase = (VOID *)(UINTN)DriverEntry->ImageBuffer;\r
+  DriverEntry->SmmLoadedImage.ImageBase = (VOID *)(UINTN) ImageContext.ImageAddress;\r
   DriverEntry->SmmLoadedImage.ImageSize = ImageContext.ImageSize;\r
   DriverEntry->SmmLoadedImage.ImageCodeType = EfiRuntimeServicesCode;\r
   DriverEntry->SmmLoadedImage.ImageDataType = EfiRuntimeServicesData;\r