ShellPkg: Fix misuses of AllocateCopyPool
authorJian J Wang <jian.j.wang@intel.com>
Wed, 8 Nov 2017 02:09:19 +0000 (10:09 +0800)
committerStar Zeng <star.zeng@intel.com>
Wed, 8 Nov 2017 09:13:04 +0000 (17:13 +0800)
commit2a6ede28fd8efd3051794e1f2727a692d2725fe9
tree14bb98ce4091c54c426800c54f4e90066fe627ae
parent469293f8ee406f2b0bad2cf3bbbc510b2a1364eb
ShellPkg: Fix misuses of AllocateCopyPool

AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.

One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.

Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
ShellPkg/Application/Shell/Shell.c
ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.c