Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.

[mirror_edk2.git] / MdeModulePkg / Library / UefiHiiLib / HiiLib.c

diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
index ba74d0f88f0a42bc08716e3274732e77af07d25c..6d2755ce36426b50ecec0a0867457a3e9a6448e6 100644 (file)
--- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
@@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting (
   UINT16                       Offset;\r
   UINT16                       Width;\r
   UINT64                       VarValue;\r
-  UINT64                       TmpValue;\r
+  EFI_IFR_TYPE_VALUE           TmpValue;\r
   LIST_ENTRY                   *Link;\r
   UINT8                        *VarBuffer;\r
   UINTN                        MaxBufferSize;\r
@@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting (
             //\r
             // Check current value is the value of one of option.\r
             //\r
-            TmpValue = 0;\r
+            ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);\r
+            ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));\r
             CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));\r
-            if (VarValue == TmpValue) {\r
+            if (VarValue == TmpValue.u64) {\r
               //\r
               // The value is one of option value.\r
               // Set OpCode to Zero, don't need check again.\r