MdeModulePkg/Ps2Mouse: Fix potential buffer overflow issue.

Count is initially 1 but is assigned to 2 in case PS2_READ_DATA_BYTE.
Though the state machine doesn't go back from PS2_READ_DATA_BYTE to
PS2_READ_BYTE_ONE (not a true bug), force assign Count to 1 to avoid
potential buffer overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>

diff --git a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
index 7539c3217a06294e8c2d2b23dc353c8fd51b967e..0c0a1f48d9f64952a70be707404ca4b2af3e563f 100644 (file)
--- a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
+++ b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
@@ -343,7 +343,6 @@ PS2MouseGetPacket (
   BOOLEAN     RButton;\r
 \r
   KeyboardEnable  = FALSE;\r
-  Count           = 1;\r
   State           = PS2_READ_BYTE_ONE;\r
 \r
   //\r
@@ -357,6 +356,7 @@ PS2MouseGetPacket (
       // Read mouse first byte data, if failed, immediately return\r
       //\r
       KbcDisableAux ();\r
+      Count  = 1;\r
       Status = PS2MouseRead (&Data, &Count, State);\r
       if (EFI_ERROR (Status)) {\r
         KbcEnableAux ();\r