git.proxmox.com Git - mirror_edk2.git/commit - MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c

author	Jian J Wang <jian.j.wang@intel.com>
	Wed, 1 Nov 2017 15:18:34 +0000 (23:18 +0800)
committer	Star Zeng <star.zeng@intel.com>
	Wed, 8 Nov 2017 09:13:03 +0000 (17:13 +0800)
commit	469293f8ee406f2b0bad2cf3bbbc510b2a1364eb
tree	fb99a6f8e8f0dd2b6a9f9c6108cd51fb7e3fe952	tree
parent	cc05c72ef84e03d43a0244b8639e8c08336af066	commit \| diff

MdeModulePkg: Fix misuses of AllocateCopyPool

AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.

One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>

MdeModulePkg/Application/UiApp/FrontPageCustomizedUiSupport.c		diff \| blob \| blame \| history
MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManagerCustomizedUiSupport.c		diff \| blob \| blame \| history
MdeModulePkg/Library/DeviceManagerUiLib/DeviceManager.c		diff \| blob \| blame \| history
MdeModulePkg/Library/UefiHiiLib/HiiLib.c		diff \| blob \| blame \| history
MdeModulePkg/Universal/FvSimpleFileSystemDxe/FvSimpleFileSystem.c		diff \| blob \| blame \| history
MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c		diff \| blob \| blame \| history