MdeModulePkg DxeCapsuleLibFmp: Fix wrong Index is used

[mirror_edk2.git] / MdeModulePkg / Library / DxeCapsuleLibFmp / DxeCapsuleLib.c

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
index 56c8e98b8400a33298e89e2ec42f1c58d2e324c2..05fcd92deb00a9aaf1002653fed7d52439313564 100644 (file)
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
@@ -250,7 +250,7 @@ ValidateFmpCapsule (
     //\r
     if (Index > 0) {\r
       if (ItemOffsetList[Index] <= ItemOffsetList[Index - 1]) {\r
-        DEBUG((DEBUG_ERROR, "ItemOffsetList[%d](0x%lx) < ItemOffsetList[%d](0x%x)\n", Index, ItemOffsetList[Index], Index, ItemOffsetList[Index - 1]));\r
+        DEBUG((DEBUG_ERROR, "ItemOffsetList[%d](0x%lx) < ItemOffsetList[%d](0x%x)\n", Index, ItemOffsetList[Index], Index - 1, ItemOffsetList[Index - 1]));\r
         return EFI_INVALID_PARAMETER;\r
       }\r
     }\r
@@ -330,8 +330,25 @@ DisplayCapsuleImage (
   UINTN                         Width;\r
   EFI_GRAPHICS_OUTPUT_PROTOCOL  *GraphicsOutput;\r
 \r
-  ImagePayload = (DISPLAY_DISPLAY_PAYLOAD *)(CapsuleHeader + 1);\r
-  PayloadSize = CapsuleHeader->CapsuleImageSize - sizeof(EFI_CAPSULE_HEADER);\r
+  //\r
+  // UX capsule doesn't have extended header entries.\r
+  //\r
+  if (CapsuleHeader->HeaderSize != sizeof (EFI_CAPSULE_HEADER)) {\r
+    return EFI_UNSUPPORTED;\r
+  }\r
+  ImagePayload = (DISPLAY_DISPLAY_PAYLOAD *)((UINTN) CapsuleHeader + CapsuleHeader->HeaderSize);\r
+  //\r
+  // (CapsuleImageSize > HeaderSize) is guaranteed by IsValidCapsuleHeader().\r
+  //\r
+  PayloadSize = CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize;\r
+\r
+  //\r
+  // Make sure the image payload at least contain the DISPLAY_DISPLAY_PAYLOAD header.\r
+  // Further size check is performed by the logic translating BMP to GOP BLT.\r
+  //\r
+  if (PayloadSize <= sizeof (DISPLAY_DISPLAY_PAYLOAD)) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
 \r
   if (ImagePayload->Version != 1) {\r
     return EFI_UNSUPPORTED;\r
@@ -1190,7 +1207,6 @@ IsNestedFmpCapsule (
   )\r
 {\r
   EFI_STATUS                 Status;\r
-  EFI_SYSTEM_RESOURCE_TABLE  *Esrt;\r
   EFI_SYSTEM_RESOURCE_ENTRY  *EsrtEntry;\r
   UINTN                      Index;\r
   BOOLEAN                    EsrtGuidFound;\r
@@ -1198,6 +1214,8 @@ IsNestedFmpCapsule (
   UINTN                      NestedCapsuleSize;\r
   ESRT_MANAGEMENT_PROTOCOL   *EsrtProtocol;\r
   EFI_SYSTEM_RESOURCE_ENTRY  Entry;\r
+  EFI_HANDLE                 *HandleBuffer;\r
+  UINTN                      NumberOfHandles;\r
 \r
   EsrtGuidFound = FALSE;\r
   if (mIsVirtualAddrConverted) {\r
@@ -1223,19 +1241,21 @@ IsNestedFmpCapsule (
     }\r
 \r
     //\r
-    // Check ESRT configuration table\r
+    // Check Firmware Management Protocols\r
     //\r
     if (!EsrtGuidFound) {\r
-      Status = EfiGetSystemConfigurationTable(&gEfiSystemResourceTableGuid, (VOID **)&Esrt);\r
+      HandleBuffer = NULL;\r
+      Status = GetFmpHandleBufferByType (\r
+                 &CapsuleHeader->CapsuleGuid,\r
+                 0,\r
+                 &NumberOfHandles,\r
+                 &HandleBuffer\r
+                 );\r
       if (!EFI_ERROR(Status)) {\r
-        ASSERT (Esrt != NULL);\r
-        EsrtEntry = (VOID *)(Esrt + 1);\r
-        for (Index = 0; Index < Esrt->FwResourceCount; Index++, EsrtEntry++) {\r
-          if (CompareGuid(&EsrtEntry->FwClass, &CapsuleHeader->CapsuleGuid)) {\r
-            EsrtGuidFound = TRUE;\r
-            break;\r
-          }\r
-        }\r
+        EsrtGuidFound = TRUE;\r
+      }\r
+      if (HandleBuffer != NULL) {\r
+        FreePool (HandleBuffer);\r
       }\r
     }\r
   }\r