+ Magic = PeCoffLoaderGetPeHeaderMagicValue (Hdr);\r
+\r
+ if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ //\r
+ // 1. Check FileHeader.SizeOfOptionalHeader filed.\r
+ //\r
+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes) {\r
+ return RETURN_UNSUPPORTED;\r
+ }\r
+\r
+ //\r
+ // 2. Check the OptionalHeader.SizeOfHeaders field.\r
+ // This field will be use like the following mode, so just compare the result.\r
+ // The DataDirectory array begin with 1, not 0, so here use < to compare not <=.\r
+ //\r
+ if (EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1 < Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes) {\r
+ if (Hdr.Pe32->OptionalHeader.SizeOfHeaders < (UINT32)((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINT8 *) &Hdr)) {\r
+ return RETURN_UNSUPPORTED;\r
+ }\r
+ }\r
+\r
+ //\r
+ // Read Hdr.Pe32.OptionalHeader.SizeOfHeaders data from file\r
+ //\r
+ Size = 1;\r
+ Status = ImageContext->ImageRead (\r
+ ImageContext->Handle,\r
+ Hdr.Pe32->OptionalHeader.SizeOfHeaders - 1,\r
+ &Size,\r
+ &BufferData\r
+ );\r
+ if (RETURN_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Check the EFI_IMAGE_DIRECTORY_ENTRY_SECURITY data.\r
+ // Read the last byte to make sure the data is in the image region.\r
+ // The DataDirectory array begin with 1, not 0, so here use < to compare not <=.\r
+ //\r
+ if (EFI_IMAGE_DIRECTORY_ENTRY_SECURITY < Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes) {\r
+ if (Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size != 0) {\r
+ //\r
+ // Check the member data to avoid overflow.\r
+ //\r
+ if ((UINT32) (~0) - Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress <\r
+ Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) {\r
+ return RETURN_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Read section header from file\r
+ //\r
+ Size = 1;\r
+ Status = ImageContext->ImageRead (\r
+ ImageContext->Handle,\r
+ Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress +\r
+ Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - 1,\r
+ &Size,\r
+ &BufferData\r
+ );\r
+ if (RETURN_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+ }\r
+\r