From aab04141dc13f2a0a6423c859c29fd3ef8761595 Mon Sep 17 00:00:00 2001
From: Ruiyu Ni <ruiyu.ni@intel.com>
Date: Wed, 13 Apr 2016 14:11:38 +0800
Subject: [PATCH] MdeModulePkg/Ps2Mouse: Fix potential buffer overflow issue.

Count is initially 1 but is assigned to 2 in case PS2_READ_DATA_BYTE.
Though the state machine doesn't go back from PS2_READ_DATA_BYTE to
PS2_READ_BYTE_ONE (not a true bug), force assign Count to 1 to avoid
potential buffer overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Shumin Qiu <shumin.qiu@intel.com>
---
 MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
index 7539c3217a..0c0a1f48d9 100644
--- a/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
+++ b/MdeModulePkg/Bus/Isa/Ps2MouseDxe/CommPs2.c
@@ -343,7 +343,6 @@ PS2MouseGetPacket (
   BOOLEAN     RButton;
 
   KeyboardEnable  = FALSE;
-  Count           = 1;
   State           = PS2_READ_BYTE_ONE;
 
   //
@@ -357,6 +356,7 @@ PS2MouseGetPacket (
       // Read mouse first byte data, if failed, immediately return
       //
       KbcDisableAux ();
+      Count  = 1;
       Status = PS2MouseRead (&Data, &Count, State);
       if (EFI_ERROR (Status)) {
         KbcEnableAux ();
-- 
2.39.2