UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid

[mirror_edk2.git] / UefiCpuPkg / Library / MpInitLib / Microcode.c

diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c b/UefiCpuPkg/Library/MpInitLib/Microcode.c
index 4763dcfebe35ff4a6ba2c2e0278696e40bc4efab..199b1f23ce35c1ae335dafe8d3432160b7b6fad8 100644 (file)
--- a/UefiCpuPkg/Library/MpInitLib/Microcode.c
+++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c
@@ -1,7 +1,7 @@
 /** @file\r
   Implementation of loading microcode on processors.\r
 \r
-  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>\r
   SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -167,9 +167,15 @@ MicrocodeDetect (
     }\r
 \r
     ///\r
-    /// Check overflow and whether TotalSize is aligned with 4 bytes.\r
+    /// 0x0       MicrocodeBegin  MicrocodeEntry  MicrocodeEnd      0xffffffff\r
+    /// |--------------|---------------|---------------|---------------|\r
+    ///                                 valid TotalSize\r
+    /// TotalSize is only valid between 0 and (MicrocodeEnd - MicrocodeEntry).\r
+    /// And it should be aligned with 4 bytes.\r
+    /// If the TotalSize is invalid, skip 1KB to check next entry.\r
     ///\r
-    if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||\r
+    if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||\r
+         ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||\r
          (TotalSize & 0x3) != 0\r
        ) {\r
       MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB);\r