REF: https://bugzilla.tianocore.org/show_bug.cgi?id=690
Within function EfiShellGetDevicePathFromFilePath(), when the input
parameter 'Path' string is like:
"FS0:"
It is possible for the below statement:
"if (*(Path+StrLen(MapName)+1) == CHAR_NULL) {"
to read the content 1 byte beyond the string boundary (both 'Path' and
'MapName' will be FS0: in this case).
This commit adds additional checks to avoid this.
Cc: Steven Shi <steven.shi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
//\r
// build the full device path\r
//\r
- if (*(Path+StrLen(MapName)+1) == CHAR_NULL) {\r
+ if ((*(Path+StrLen(MapName)) != CHAR_NULL) &&\r
+ (*(Path+StrLen(MapName)+1) == CHAR_NULL)) {\r
DevicePathForReturn = FileDevicePath(Handle, L"\\");\r
} else {\r
DevicePathForReturn = FileDevicePath(Handle, Path+StrLen(MapName));\r