MdeModulePkg PiSmmCore: Enhance SMM FreePool to catch buffer overflow

[mirror_edk2.git] / MdeModulePkg / Core / PiSmmCore / PiSmmCore.h

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
index c12805a2dd964c49df44f640ef017ed92fd56ef3..b6f815c68da0d1fc8e0f8e8fa065293358421980 100644 (file)
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
@@ -1196,12 +1196,28 @@ extern LIST_ENTRY  mSmmMemoryMap;
 //\r
 #define MAX_POOL_INDEX  (MAX_POOL_SHIFT - MIN_POOL_SHIFT + 1)\r
 \r
+#define POOL_HEAD_SIGNATURE   SIGNATURE_32('p','h','d','0')\r
+\r
 typedef struct {\r
-  UINTN           Size;\r
-  BOOLEAN         Available;\r
-  EFI_MEMORY_TYPE Type;\r
+  UINT32            Signature;\r
+  BOOLEAN           Available;\r
+  EFI_MEMORY_TYPE   Type;\r
+  UINTN             Size;\r
 } POOL_HEADER;\r
 \r
+#define POOL_TAIL_SIGNATURE   SIGNATURE_32('p','t','a','l')\r
+\r
+typedef struct {\r
+  UINT32            Signature;\r
+  UINT32            Reserved;\r
+  UINTN             Size;\r
+} POOL_TAIL;\r
+\r
+#define POOL_OVERHEAD (sizeof(POOL_HEADER) + sizeof(POOL_TAIL))\r
+\r
+#define HEAD_TO_TAIL(a)   \\r
+  ((POOL_TAIL *) (((CHAR8 *) (a)) + (a)->Size - sizeof(POOL_TAIL)));\r
+\r
 typedef struct {\r
   POOL_HEADER  Header;\r
   LIST_ENTRY   Link;\r