UINT16 Avail;\r
UINT16 NextCode;\r
UINT16 Mask;\r
+ UINT16 MaxTableLength;\r
\r
for (Index = 1; Index <= 16; Index++) {\r
Count[Index] = 0;\r
}\r
\r
for (Index = 0; Index < NumOfChar; Index++) {\r
+ if (BitLen[Index] > 16) {\r
+ return (UINT16) BAD_TABLE;\r
+ }\r
Count[BitLen[Index]]++;\r
}\r
\r
\r
Avail = NumOfChar;\r
Mask = (UINT16) (1U << (15 - TableBits));\r
+ MaxTableLength = (UINT16) (1U << TableBits);\r
\r
for (Char = 0; Char < NumOfChar; Char++) {\r
\r
if (Len <= TableBits) {\r
\r
for (Index = Start[Len]; Index < NextCode; Index++) {\r
+ if (Index >= MaxTableLength) {\r
+ return (UINT16) BAD_TABLE;\r
+ }\r
Table[Index] = Char;\r
}\r
\r
\r
BytesRemain--;\r
while ((INT16) (BytesRemain) >= 0) {\r
- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];\r
if (Sd->mOutBuf >= Sd->mOrigSize) {\r
return ;\r
}\r
+ if (DataIdx >= Sd->mOrigSize) {\r
+ Sd->mBadTableFlag = (UINT16) BAD_TABLE;\r
+ return ;\r
+ }\r
+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];\r
\r
BytesRemain--;\r
}\r
--*/\r
{\r
UINT8 *Src;\r
+ UINT32 CompSize;\r
\r
*ScratchSize = sizeof (SCRATCH_DATA);\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24);\r
*DstSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);\r
+\r
+ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
return EFI_SUCCESS;\r
}\r
\r
CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24);\r
OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);\r
\r
- if (SrcSize < CompSize + 8) {\r
+ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
SCRATCH_DATA *Scratch;\r
UINT8 *Src;\r
UINT32 OrigSize;\r
+ UINT32 CompSize;\r
\r
SetUtilityName(UTILITY_NAME);\r
\r
OutBuffer = NULL;\r
Scratch = NULL;\r
OrigSize = 0;\r
+ CompSize = 0;\r
InputLength = 0;\r
InputFileName = NULL;\r
OutputFileName = NULL;\r
}\r
fwrite(OutBuffer, (size_t)(DstSize), 1, OutputFile);\r
} else {\r
+ if (InputLength < 8){\r
+ Error (NULL, 0, 3000, "Invalid", "The input file %s is too small.", InputFileName);\r
+ goto ERROR;\r
+ }\r
//\r
// Get Compressed file original size\r
//\r
Src = (UINT8 *)FileBuffer;\r
OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);\r
+ CompSize = Src[0] + (Src[1] << 8) + (Src[2] <<16) + (Src[3] <<24);\r
\r
//\r
// Allocate OutputBuffer\r
//\r
+ if (InputLength < CompSize + 8 || (CompSize + 8) < 8) {\r
+ Error (NULL, 0, 3000, "Invalid", "The input file %s data is invalid.", InputFileName);\r
+ goto ERROR;\r
+ }\r
OutBuffer = (UINT8 *)malloc(OrigSize);\r
if (OutBuffer == NULL) {\r
Error (NULL, 0, 4001, "Resource:", "Memory cannot be allocated!");\r
UINT16 Mask;\r
UINT16 WordOfStart;\r
UINT16 WordOfCount;\r
+ UINT16 MaxTableLength;\r
\r
for (Index = 0; Index <= 16; Index++) {\r
Count[Index] = 0;\r
}\r
\r
for (Index = 0; Index < NumOfChar; Index++) {\r
+ if (BitLen[Index] > 16) {\r
+ return (UINT16) BAD_TABLE;\r
+ }\r
Count[BitLen[Index]]++;\r
}\r
\r
\r
Avail = NumOfChar;\r
Mask = (UINT16) (1U << (15 - TableBits));\r
+ MaxTableLength = (UINT16) (1U << TableBits);\r
\r
for (Char = 0; Char < NumOfChar; Char++) {\r
\r
if (Len <= TableBits) {\r
\r
for (Index = Start[Len]; Index < NextCode; Index++) {\r
+ if (Index >= MaxTableLength) {\r
+ return (UINT16) BAD_TABLE;\r
+ }\r
Table[Index] = Char;\r
}\r
\r
DataIdx = Sd->mOutBuf - DecodeP (Sd) - 1;\r
\r
BytesRemain--;\r
+\r
while ((INT16) (BytesRemain) >= 0) {\r
- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];\r
if (Sd->mOutBuf >= Sd->mOrigSize) {\r
goto Done ;\r
}\r
+ if (DataIdx >= Sd->mOrigSize) {\r
+ Sd->mBadTableFlag = (UINT16) BAD_TABLE;\r
+ goto Done ;\r
+ }\r
+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];\r
\r
BytesRemain--;\r
}\r
projects / mirror_edk2.git / commitdiff