MdeModulePkg/BDS: Fix a buffer overflow bug
authorRuiyu Ni <ruiyu.ni@intel.com>
Wed, 17 May 2017 11:38:35 +0000 (19:38 +0800)
committerRuiyu Ni <ruiyu.ni@intel.com>
Mon, 22 May 2017 01:43:47 +0000 (09:43 +0800)
commit7320b8ed1879b31657a8d6a62e6cd0ff1f645754
tree9977c8cc4fa5168c27f03710a62ef927a4156f50
parenta9fb7b7803763e045bd626ec7df3ce4900e3e927
MdeModulePkg/BDS: Fix a buffer overflow bug

KeyOption points to a buffer holding the content of Key####.
So its size is smaller than EFI_BOOT_MANAGER_KEY_OPTION.
Old code to assign value to KeyOption->OptionNumber modifies
the memory outside of the KeyOption buffer.

The patch fixes this bug.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Steven Shi <steven.shi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c