git.proxmox.com Git - mirror_edk2.git/commit - IntelFrameworkPkg/Library/FrameworkUefiLib/UefiLibPrint.c

author	Hao Wu <hao.a.wu@intel.com>
	Thu, 23 Mar 2017 02:45:44 +0000 (10:45 +0800)
committer	Hao Wu <hao.a.wu@intel.com>
	Fri, 14 Apr 2017 05:16:12 +0000 (13:16 +0800)
commit	9c0e4db3db8d102812ca57f6225290c7ba079ad8
tree	6fec0eb26b9e8e27a2b3e80fef595fbdfa424a90	tree
parent	458cd568b64a0e4159f85a31809e55657db23792	commit \| diff

IntelFrameworkPkg/UefiLib: Avoid mis-calculate of graphic console size

The commit adds check in function InternalPrintGraphic() to ensure that
the expression:

Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)

will not overflow in the UINTN range.

The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:

Blt->Width * Blt->Height

Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>