The traversing of a Memory Mapped FV can overflow the 4GB limit on a 32bit system
during the setting up a Linked List of FFS file inside the FV.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16527
6f19259b-4bc3-4df7-8a09-
765794883524
FfsHeader = (EFI_FFS_FILE_HEADER *) (FvDevice->CachedFv);\r
}\r
TopFvAddress = FvDevice->EndOfCachedFv;\r
- while ((UINT8 *) FfsHeader < TopFvAddress) {\r
+ while (((UINTN) FfsHeader >= (UINTN) FvDevice->CachedFv) && ((UINTN) FfsHeader <= (UINTN) ((UINTN) TopFvAddress - sizeof (EFI_FFS_FILE_HEADER)))) {\r
\r
if (FileCached) {\r
CoreFreePool (CacheFfsHeader);\r