From 838c84ec7e27c4da5f56322791126b8fcacdafd7 Mon Sep 17 00:00:00 2001
From: mdkinney <mdkinney@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed, 29 Nov 2006 03:05:46 +0000
Subject: [PATCH] 1)	Fix buffer overflow in JUMP_BUFFER in the DXE Core
 StartImage()

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@2035 6f19259b-4bc3-4df7-8a09-765794883524
---
 EdkModulePkg/Core/Dxe/Image/Image.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/EdkModulePkg/Core/Dxe/Image/Image.c b/EdkModulePkg/Core/Dxe/Image/Image.c
index 9d585a94ea..a71c6f643a 100644
--- a/EdkModulePkg/Core/Dxe/Image/Image.c
+++ b/EdkModulePkg/Core/Dxe/Image/Image.c
@@ -953,12 +953,12 @@ Returns:
   // JumpContext must be aligned on a CPU specific boundary.
   // Overallocate the buffer and force the required alignment
   //
-  Image->JumpBuffer = CoreAllocateBootServicesPool (sizeof (*Image->JumpContext) + BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT);
+  Image->JumpBuffer = CoreAllocateBootServicesPool (sizeof (BASE_LIBRARY_JUMP_BUFFER) + BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT);
   if (Image->JumpBuffer == NULL) {
     PERF_END (ImageHandle, START_IMAGE_TOK, NULL, 0);
     return EFI_OUT_OF_RESOURCES;
   }
-  Image->JumpContext = (VOID *)((UINTN)(ALIGN_POINTER (Image->JumpBuffer, BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT)) + BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT);
+  Image->JumpContext = ALIGN_POINTER (Image->JumpBuffer, BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT);
 
   SetJumpFlag = SetJump (Image->JumpContext);
   //
-- 
2.39.2