Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14044 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
index ba74d0f88f0a42bc08716e3274732e77af07d25c..6d2755ce36426b50ecec0a0867457a3e9a6448e6 100644 (file)
--- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
+++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
@@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting (
   UINT16                       Offset;\r
   UINT16                       Width;\r
   UINT64                       VarValue;\r
-  UINT64                       TmpValue;\r
+  EFI_IFR_TYPE_VALUE           TmpValue;\r
   LIST_ENTRY                   *Link;\r
   UINT8                        *VarBuffer;\r
   UINTN                        MaxBufferSize;\r
@@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting (
             //\r
             // Check current value is the value of one of option.\r
             //\r
-            TmpValue = 0;\r
+            ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64);\r
+            ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE));\r
             CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value));\r
-            if (VarValue == TmpValue) {\r
+            if (VarValue == TmpValue.u64) {\r
               //\r
               // The value is one of option value.\r
               // Set OpCode to Zero, don't need check again.\r