/*++\r
\r
-Copyright (c) 2004 - 2007, Intel Corporation \r
+Copyright (c) 2004 - 2009, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
BMP_COLOR_MAP *BmpColorMap;\r
EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer;\r
EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt;\r
- UINTN BltBufferSize;\r
+ UINT64 BltBufferSize;\r
UINTN Index;\r
UINTN Height;\r
UINTN Width;\r
Image = ((UINT8 *) BmpImage) + BmpHeader->ImageOffset;\r
ImageHeader = Image;\r
\r
- BltBufferSize = BmpHeader->PixelWidth * BmpHeader->PixelHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL);\r
+ BltBufferSize = MultU64x32 ((UINT64) BmpHeader->PixelWidth, BmpHeader->PixelHeight);\r
+ //\r
+ // Ensure the BltBufferSize * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) doesn't overflow\r
+ //\r
+ if (BltBufferSize > DivU64x32 ((UINTN) ~0, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), NULL)) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+ BltBufferSize = MultU64x32 (BltBufferSize, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL));\r
+\r
IsAllocated = FALSE;\r
if (*GopBlt == NULL) {\r
- *GopBltSize = BltBufferSize;\r
+ *GopBltSize = (UINTN) BltBufferSize;\r
*GopBlt = EfiLibAllocatePool (*GopBltSize);\r
IsAllocated = TRUE;\r
if (*GopBlt == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
} else {\r
- if (*GopBltSize < BltBufferSize) {\r
- *GopBltSize = BltBufferSize;\r
+ if (*GopBltSize < (UINTN) BltBufferSize) {\r
+ *GopBltSize = (UINTN) BltBufferSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
}\r
/*++\r
\r
-Copyright (c) 2004 - 2006, Intel Corporation \r
+Copyright (c) 2004 - 2009, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
BMP_COLOR_MAP *BmpColorMap;\r
EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer;\r
EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt;\r
- UINTN BltBufferSize;\r
+ UINT64 BltBufferSize;\r
UINTN Index;\r
UINTN Height;\r
UINTN Width;\r
Image = ((UINT8 *) BmpImage) + BmpHeader->ImageOffset;\r
ImageHeader = Image;\r
\r
- BltBufferSize = BmpHeader->PixelWidth * BmpHeader->PixelHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL);\r
+ BltBufferSize = MultU64x32 ((UINT64) BmpHeader->PixelWidth, BmpHeader->PixelHeight);\r
+ //\r
+ // Ensure the BltBufferSize * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) doesn't overflow\r
+ //\r
+ if (BltBufferSize > DivU64x32 ((UINTN) ~0, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), NULL)) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+ BltBufferSize = MultU64x32 (BltBufferSize, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL));\r
+\r
IsAllocated = FALSE;\r
if (*GopBlt == NULL) {\r
- *GopBltSize = BltBufferSize;\r
+ *GopBltSize = (UINTN) BltBufferSize;\r
*GopBlt = EfiLibAllocatePool (*GopBltSize);\r
IsAllocated = TRUE;\r
if (*GopBlt == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
} else {\r
- if (*GopBltSize < BltBufferSize) {\r
- *GopBltSize = BltBufferSize;\r
+ if (*GopBltSize < (UINTN) BltBufferSize) {\r
+ *GopBltSize = (UINTN) BltBufferSize;\r
return EFI_BUFFER_TOO_SMALL;\r
}\r
}\r
projects / mirror_edk2.git / commitdiff