summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
a3c9617)
This commit will resolve the issue brought by r17737.
HelpString = AllocateCopyPool (HelpSize, L"Device Path : ");
The above using of AllocateCopyPool() will read contents out of the scope
of the constant string. Potential risk for the constant string allocated
at the boundary of memory region.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17932
6f19259b-4bc3-4df7-8a09-
765794883524
\r
TempStr = DevicePathToStr (Option->DevicePath);\r
HelpSize = StrSize (TempStr) + StrSize (L"Device Path : ");\r
\r
TempStr = DevicePathToStr (Option->DevicePath);\r
HelpSize = StrSize (TempStr) + StrSize (L"Device Path : ");\r
- HelpString = AllocateCopyPool (HelpSize, L"Device Path : ");\r
+ HelpString = AllocateZeroPool (HelpSize);\r
ASSERT (HelpString != NULL);\r
ASSERT (HelpString != NULL);\r
+ StrCatS (HelpString, HelpSize / sizeof (CHAR16), L"Device Path : ");\r
StrCatS (HelpString, HelpSize / sizeof (CHAR16), TempStr);\r
\r
HelpToken = HiiSetString (HiiHandle, 0, HelpString, NULL);\r
StrCatS (HelpString, HelpSize / sizeof (CHAR16), TempStr);\r
\r
HelpToken = HiiSetString (HiiHandle, 0, HelpString, NULL);\r