BaseTools/VfrCompile: Add checks for array access

author Hao Wu <hao.a.wu@intel.com>

Tue, 11 Oct 2016 03:21:31 +0000 (11:21 +0800)

committer Hao Wu <hao.a.wu@intel.com>

Tue, 8 Nov 2016 08:37:07 +0000 (16:37 +0800)
author Hao Wu <hao.a.wu@intel.com>
Tue, 11 Oct 2016 03:21:31 +0000 (11:21 +0800)
committer Hao Wu <hao.a.wu@intel.com>
Tue, 8 Nov 2016 08:37:07 +0000 (16:37 +0800)
diff --git a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h

index 37cac24f141d2983ffc2506761534acb583e29e1..f15bff118762bbfcb0f5d774ef515cebc547d782 100644 (file)
--- a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
+++ b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h
@@ -30,6 +30,8 @@
   * 1989-2000\r
   */\r
  \r
+#include <assert.h>\r
+\r
  #define ZZINC {if ( track_columns ) (++_endcol);}\r
  \r
  #define ZZGETC {ch = input->nextChar(); cl = ZZSHIFT(ch);}\r
@@ -114,6 +116,7 @@ more:
                 state = dfa_base[automaton];\r
                 while (ZZNEWSTATE != DfaStates) {\r
                         state = newstate;\r
+            assert(state <= sizeof(dfa)/sizeof(dfa[0]));\r
                         ZZCOPY;\r
                         ZZGETC;\r
                         ZZINC;\r
diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp

index 1ab95bec0acbeae3e24f7f808daaec3fcaa40126..24b0bfa6fd9a0aee4b679781a27b5049b8bb500c 100644 (file)
--- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
+++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp
@@ -1474,6 +1474,10 @@ CVfrDataStorage::GetFreeVarStoreId (
      }\r
    }\r
  \r
+  if (Index == EFI_FREE_VARSTORE_ID_BITMAP_SIZE) {\r
+    return EFI_VARSTORE_ID_INVALID;\r
+  }\r
+\r
    for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {\r
      if ((mFreeVarStoreIdBitMap[Index] & Mask) == 0) {\r
        mFreeVarStoreIdBitMap[Index] |= Mask;\r
@@ -2437,6 +2441,10 @@ CVfrQuestionDB::GetFreeQuestionId (
      }\r
    }\r
  \r
+  if (Index == EFI_FREE_QUESTION_ID_BITMAP_SIZE) {\r
+    return EFI_QUESTION_ID_INVALID;\r
+  }\r
+\r
    for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) {\r
      if ((mFreeQIdBitMap[Index] & Mask) == 0) {\r
        mFreeQIdBitMap[Index] |= Mask;\r
author	Hao Wu <hao.a.wu@intel.com>
	Tue, 11 Oct 2016 03:21:31 +0000 (11:21 +0800)
committer	Hao Wu <hao.a.wu@intel.com>
	Tue, 8 Nov 2016 08:37:07 +0000 (16:37 +0800)
BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h		patch \| blob \| blame \| history
BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp		patch \| blob \| blame \| history