Fix the potential address overflow issue when checking PE signature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
index 48bc38ca547cbb6fa1eb47477c23962899bde3b1..f3da983946d6b66c6b6b849af387149b5ecf15d0 100644 (file)
--- a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
+++ b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c
@@ -214,10 +214,12 @@ FindAndReportModuleImageInfo (
     if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
       //\r
       // DOS image header is present, so read the PE header after the DOS image header.\r
-      // Check if address overflow firstly.\r
       //\r
-      if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) {\r
-        Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew));\r
+      Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));\r
+      //\r
+      // Make sure PE header address does not overflow and is less than the initial address.\r
+      //\r
+      if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) {\r
         if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {\r
           //\r
           // It's PE image.\r

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
index c075d5f168dde4b4e5f9a05de5f0804aedef44aa..0754aa983201939a081c26147e5bdf1a6e866aa3 100644 (file)
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
@@ -1,7 +1,7 @@
 /** @file\r
   CPU Exception Hanlder Library common functions.\r
 \r
-  Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>\r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
   which accompanies this distribution.  The full text of the license may be found at\r
@@ -90,13 +90,18 @@ FindModuleImageBase (
       // DOS image header is present, so read the PE header after the DOS image header.\r
       //\r
       Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));\r
-      if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {\r
-        //\r
-        // It's PE image.\r
-        //\r
-        InternalPrintMessage ("!!!! Find PE image ");\r
-        *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);\r
-        break;\r
+      //\r
+      // Make sure PE header address does not overflow and is less than the initial address.\r
+      //\r
+      if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < CurrentEip)) {\r
+        if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {\r
+          //\r
+          // It's PE image.\r
+          //\r
+          InternalPrintMessage ("!!!! Find PE image ");\r
+          *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);\r
+          break;\r
+        }\r
       }\r
     } else {\r
       //\r