+ Length = SmmFtwWriteHeader->Length;\r
+ PrivateDataSize = SmmFtwWriteHeader->PrivateDataSize;\r
+ if (((UINTN)(~0) - Length < OFFSET_OF (SMM_FTW_WRITE_HEADER, Data)) ||\r
+ ((UINTN)(~0) - PrivateDataSize < OFFSET_OF (SMM_FTW_WRITE_HEADER, Data) + Length)) {\r
+ //\r
+ // Prevent InfoSize overflow\r
+ //\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ }\r
+ InfoSize = OFFSET_OF (SMM_FTW_WRITE_HEADER, Data) + Length + PrivateDataSize;\r
+\r
+ //\r
+ // SMRAM range check already covered before\r
+ //\r
+ if (InfoSize > CommBufferPayloadSize) {\r
+ DEBUG ((EFI_D_ERROR, "Write: Data size exceed communication buffer size limit!\n"));\r
+ Status = EFI_ACCESS_DENIED;\r
+ break;\r
+ }\r
+\r
+ if (PrivateDataSize == 0) {\r