//\r
CorrectMicrocode = FALSE;\r
\r
- //\r
- // Save an in-complete CheckSum32 from CheckSum Part1 for common parts.\r
- //\r
if (MicrocodeEntryPoint->DataSize == 0) {\r
- InCompleteCheckSum32 = CalculateSum32 (\r
- (UINT32 *) MicrocodeEntryPoint,\r
- sizeof (CPU_MICROCODE_HEADER) + 2000\r
- );\r
+ TotalSize = sizeof (CPU_MICROCODE_HEADER) + 2000;\r
} else {\r
- InCompleteCheckSum32 = CalculateSum32 (\r
- (UINT32 *) MicrocodeEntryPoint,\r
- sizeof (CPU_MICROCODE_HEADER) + MicrocodeEntryPoint->DataSize\r
- );\r
+ TotalSize = sizeof (CPU_MICROCODE_HEADER) + MicrocodeEntryPoint->DataSize;\r
}\r
+\r
+ ///\r
+ /// Check overflow and whether TotalSize is aligned with 4 bytes.\r
+ ///\r
+ if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||\r
+ (TotalSize & 0x3) != 0\r
+ ) {\r
+ MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB);\r
+ continue;\r
+ }\r
+\r
+ //\r
+ // Save an in-complete CheckSum32 from CheckSum Part1 for common parts.\r
+ //\r
+ InCompleteCheckSum32 = CalculateSum32 (\r
+ (UINT32 *) MicrocodeEntryPoint,\r
+ TotalSize\r
+ );\r
InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorSignature.Uint32;\r
InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorFlags;\r
InCompleteCheckSum32 -= MicrocodeEntryPoint->Checksum;\r