]> git.proxmox.com Git - mirror_edk2.git/blobdiff - MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MdeModulePkg: Fix potential integer overflow issue
[mirror_edk2.git] / MdeModulePkg / Library / SmmCorePerformanceLib / SmmCorePerformanceLib.c
diff --git a/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c b/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c
index f28b657c94ddba3fb012296f8721b44b264f8c76..e59cc28d537fa8b1db93443a3ec06b6371dc20d6 100644 (file)
--- a/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c
+++ b/MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.c
@@ -482,7 +482,8 @@ SmmPerformanceHandlerEx (
   EFI_STATUS                Status;\r
   SMM_PERF_COMMUNICATE_EX   *SmmPerfCommData;\r
   GAUGE_DATA_ENTRY_EX       *GaugeEntryExArray;\r
   EFI_STATUS                Status;\r
   SMM_PERF_COMMUNICATE_EX   *SmmPerfCommData;\r
   GAUGE_DATA_ENTRY_EX       *GaugeEntryExArray;\r
-  UINTN                     DataSize;\r
+  UINT64                    DataSize;\r
+  UINTN                     Index;\r
   GAUGE_DATA_ENTRY_EX       *GaugeDataEx;\r
   UINTN                     NumberOfEntries;\r
   UINTN                     LogEntryKey;\r
   GAUGE_DATA_ENTRY_EX       *GaugeDataEx;\r
   UINTN                     NumberOfEntries;\r
   UINTN                     LogEntryKey;\r
@@ -521,7 +522,7 @@ SmmPerformanceHandlerEx (
       NumberOfEntries = SmmPerfCommData->NumberOfEntries;\r
       LogEntryKey = SmmPerfCommData->LogEntryKey;\r
        if (GaugeDataEx == NULL || NumberOfEntries == 0 || LogEntryKey > mGaugeData->NumberOfEntries ||\r
       NumberOfEntries = SmmPerfCommData->NumberOfEntries;\r
       LogEntryKey = SmmPerfCommData->LogEntryKey;\r
        if (GaugeDataEx == NULL || NumberOfEntries == 0 || LogEntryKey > mGaugeData->NumberOfEntries ||\r
-           NumberOfEntries > mGaugeData->NumberOfEntries || (LogEntryKey + NumberOfEntries) > mGaugeData->NumberOfEntries) {\r
+           NumberOfEntries > mGaugeData->NumberOfEntries || LogEntryKey > (mGaugeData->NumberOfEntries - NumberOfEntries)) {\r
          Status = EFI_INVALID_PARAMETER;\r
          break;\r
        }\r
          Status = EFI_INVALID_PARAMETER;\r
          break;\r
        }\r
@@ -529,19 +530,22 @@ SmmPerformanceHandlerEx (
        //\r
        // Sanity check\r
        //\r
        //\r
        // Sanity check\r
        //\r
-       DataSize = NumberOfEntries * sizeof(GAUGE_DATA_ENTRY_EX);\r
-       if (!SmmIsBufferOutsideSmmValid ((UINTN)GaugeDataEx, DataSize)) {\r
+       DataSize = MultU64x32 (NumberOfEntries, sizeof(GAUGE_DATA_ENTRY_EX));\r
+       if (!SmmIsBufferOutsideSmmValid ((UINTN) GaugeDataEx, DataSize)) {\r
          DEBUG ((EFI_D_ERROR, "SmmPerformanceHandlerEx: SMM Performance Data buffer in SMRAM or overflow!\n"));\r
          Status = EFI_ACCESS_DENIED;\r
          break;\r
        }\r
 \r
        GaugeEntryExArray = (GAUGE_DATA_ENTRY_EX *) (mGaugeData + 1);\r
          DEBUG ((EFI_D_ERROR, "SmmPerformanceHandlerEx: SMM Performance Data buffer in SMRAM or overflow!\n"));\r
          Status = EFI_ACCESS_DENIED;\r
          break;\r
        }\r
 \r
        GaugeEntryExArray = (GAUGE_DATA_ENTRY_EX *) (mGaugeData + 1);\r
-       CopyMem(\r
-         (UINT8 *) GaugeDataEx,\r
-         (UINT8 *) &GaugeEntryExArray[LogEntryKey],\r
-         DataSize\r
-         );\r
+\r
+       for (Index = 0; Index < NumberOfEntries; Index++) {\r
+         CopyMem (\r
+           (UINT8 *) &GaugeDataEx[Index],\r
+           (UINT8 *) &GaugeEntryExArray[LogEntryKey++],\r
+           sizeof (GAUGE_DATA_ENTRY_EX)\r
+           );\r
+       }\r
        Status = EFI_SUCCESS;\r
        break;\r
 \r
        Status = EFI_SUCCESS;\r
        break;\r
 \r
@@ -590,7 +594,7 @@ SmmPerformanceHandler (
   EFI_STATUS            Status;\r
   SMM_PERF_COMMUNICATE  *SmmPerfCommData;\r
   GAUGE_DATA_ENTRY_EX   *GaugeEntryExArray;\r
   EFI_STATUS            Status;\r
   SMM_PERF_COMMUNICATE  *SmmPerfCommData;\r
   GAUGE_DATA_ENTRY_EX   *GaugeEntryExArray;\r
-  UINT                DataSize;\r
+  UINT64                DataSize;\r
   UINTN                 Index;\r
   GAUGE_DATA_ENTRY      *GaugeData;\r
   UINTN                 NumberOfEntries;\r
   UINTN                 Index;\r
   GAUGE_DATA_ENTRY      *GaugeData;\r
   UINTN                 NumberOfEntries;\r
@@ -630,7 +634,7 @@ SmmPerformanceHandler (
        NumberOfEntries = SmmPerfCommData->NumberOfEntries;\r
        LogEntryKey = SmmPerfCommData->LogEntryKey;\r
        if (GaugeData == NULL || NumberOfEntries == 0 || LogEntryKey > mGaugeData->NumberOfEntries ||\r
        NumberOfEntries = SmmPerfCommData->NumberOfEntries;\r
        LogEntryKey = SmmPerfCommData->LogEntryKey;\r
        if (GaugeData == NULL || NumberOfEntries == 0 || LogEntryKey > mGaugeData->NumberOfEntries ||\r
-           NumberOfEntries > mGaugeData->NumberOfEntries || (LogEntryKey + NumberOfEntries) > mGaugeData->NumberOfEntries) {\r
+           NumberOfEntries > mGaugeData->NumberOfEntries || LogEntryKey > (mGaugeData->NumberOfEntries - NumberOfEntries)) {\r
          Status = EFI_INVALID_PARAMETER;\r
          break;\r
        }\r
          Status = EFI_INVALID_PARAMETER;\r
          break;\r
        }\r
@@ -638,8 +642,8 @@ SmmPerformanceHandler (
        //\r
        // Sanity check\r
        //\r
        //\r
        // Sanity check\r
        //\r
-       DataSize = NumberOfEntries * sizeof(GAUGE_DATA_ENTRY);\r
-       if (!SmmIsBufferOutsideSmmValid ((UINTN)GaugeData, DataSize)) {\r
+       DataSize = MultU64x32 (NumberOfEntries, sizeof(GAUGE_DATA_ENTRY));\r
+       if (!SmmIsBufferOutsideSmmValid ((UINTN) GaugeData, DataSize)) {\r
          DEBUG ((EFI_D_ERROR, "SmmPerformanceHandler: SMM Performance Data buffer in SMRAM or overflow!\n"));\r
          Status = EFI_ACCESS_DENIED;\r
          break;\r
          DEBUG ((EFI_D_ERROR, "SmmPerformanceHandler: SMM Performance Data buffer in SMRAM or overflow!\n"));\r
          Status = EFI_ACCESS_DENIED;\r
          break;\r
@@ -648,7 +652,7 @@ SmmPerformanceHandler (
        GaugeEntryExArray = (GAUGE_DATA_ENTRY_EX *) (mGaugeData + 1);\r
 \r
        for (Index = 0; Index < NumberOfEntries; Index++) {\r
        GaugeEntryExArray = (GAUGE_DATA_ENTRY_EX *) (mGaugeData + 1);\r
 \r
        for (Index = 0; Index < NumberOfEntries; Index++) {\r
-         CopyMem(\r
+         CopyMem (\r
            (UINT8 *) &GaugeData[Index],\r
            (UINT8 *) &GaugeEntryExArray[LogEntryKey++],\r
            sizeof (GAUGE_DATA_ENTRY)\r
            (UINT8 *) &GaugeData[Index],\r
            (UINT8 *) &GaugeEntryExArray[LogEntryKey++],\r
            sizeof (GAUGE_DATA_ENTRY)\r
EFI Development Kit II mirror for PVE