Enhance the check for RelocBase->SizeOfBlock before use it.

Signed-off-by: Dong Eric <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13973 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 6f056e519ef6739be54fa816670932c454fc713b..ffff0c14aa17c7a3f37dcc4a466c248747c09b19 100644 (file)
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -984,17 +984,16 @@ PeCoffLoaderRelocateImage (
     while (RelocBase < RelocBaseEnd) {\r
 \r
       Reloc     = (UINT16 *) ((CHAR8 *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));\r
-      RelocEnd  = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);\r
-      \r
       //\r
-      // Make sure RelocEnd is in the Image range.\r
+      // Add check for RelocBase->SizeOfBlock field.\r
       //\r
-      if ((CHAR8 *) RelocEnd < (CHAR8 *)((UINTN) ImageContext->ImageAddress) ||\r
-          (CHAR8 *) RelocEnd > (CHAR8 *)((UINTN)ImageContext->ImageAddress + (UINTN)ImageContext->ImageSize)) {\r
+      if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > RelocDir->Size)) {\r
         ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;\r
         return RETURN_LOAD_ERROR;\r
       }\r
 \r
+      RelocEnd  = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);\r
+\r
       if (!(ImageContext->IsTeImage)) {\r
         FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress);\r
         if (FixupBase == NULL) {\r