This patch fixes this issue.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@2207
6f19259b-4bc3-4df7-8a09-
765794883524
-Copyright (c) 2004, Intel Corporation \r
+Copyright (c) 2004 - 2006, Intel Corporation \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
All rights reserved. This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
//\r
// Verify file is in this FV.\r
//\r
//\r
// Verify file is in this FV.\r
//\r
- if ((UINTN) CurrentFile >= (UINTN) mFvHeader + mFvLength - sizeof (EFI_FFS_FILE_HEADER)) {\r
+ if ((UINTN) CurrentFile + GetLength (CurrentFile->Size) > (UINTN) mFvHeader + mFvLength) {\r
*NextFile = NULL;\r
return EFI_SUCCESS;\r
}\r
*NextFile = NULL;\r
return EFI_SUCCESS;\r
}\r
//\r
// Verify current file is in range\r
//\r
//\r
// Verify current file is in range\r
//\r
- if (((UINTN) CurrentFile < (UINTN) mFvHeader + sizeof (EFI_FIRMWARE_VOLUME_HEADER)) ||\r
- ((UINTN) CurrentFile >= (UINTN) mFvHeader + mFvLength - sizeof (EFI_FIRMWARE_VOLUME_HEADER))\r
- ) {\r
+ if (((UINTN) CurrentFile < (UINTN) mFvHeader + mFvHeader->HeaderLength) ||\r
+ ((UINTN) CurrentFile + GetLength (CurrentFile->Size) > (UINTN) mFvHeader + mFvLength)\r
+ ) {\r
return EFI_INVALID_PARAMETER;\r
}\r
//\r
return EFI_INVALID_PARAMETER;\r
}\r
//\r
//\r
// Verify file is in this FV.\r
//\r
//\r
// Verify file is in this FV.\r
//\r
- if ((UINTN) *NextFile >= (UINTN) mFvHeader + mFvLength - sizeof (EFI_FFS_FILE_HEADER)) {\r
+ if (((UINTN) *NextFile + sizeof (EFI_FFS_FILE_HEADER) >= (UINTN) mFvHeader + mFvLength) ||\r
+ ((UINTN) *NextFile + GetLength ((*NextFile)->Size) > (UINTN) mFvHeader + mFvLength)\r
+ ) {\r
*NextFile = NULL;\r
return EFI_SUCCESS;\r
}\r
*NextFile = NULL;\r
return EFI_SUCCESS;\r
}\r