From bab5ad2fd14bf8d1e9e688327a11136c8bfb523e Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Tue, 11 Oct 2016 11:21:31 +0800 Subject: [PATCH] BaseTools/VfrCompile: Add checks for array access Cc: Liming Gao Cc: Yonghong Zhu Cc: Eric Dong Cc: Dandan Bi Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Liming Gao --- BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h | 3 +++ BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h index 37cac24f14..f15bff1187 100644 --- a/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h +++ b/BaseTools/Source/C/VfrCompile/Pccts/h/DLexer.h @@ -30,6 +30,8 @@ * 1989-2000 */ +#include + #define ZZINC {if ( track_columns ) (++_endcol);} #define ZZGETC {ch = input->nextChar(); cl = ZZSHIFT(ch);} @@ -114,6 +116,7 @@ more: state = dfa_base[automaton]; while (ZZNEWSTATE != DfaStates) { state = newstate; + assert(state <= sizeof(dfa)/sizeof(dfa[0])); ZZCOPY; ZZGETC; ZZINC; diff --git a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp index 1ab95bec0a..24b0bfa6fd 100644 --- a/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp +++ b/BaseTools/Source/C/VfrCompile/VfrUtilityLib.cpp @@ -1474,6 +1474,10 @@ CVfrDataStorage::GetFreeVarStoreId ( } } + if (Index == EFI_FREE_VARSTORE_ID_BITMAP_SIZE) { + return EFI_VARSTORE_ID_INVALID; + } + for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) { if ((mFreeVarStoreIdBitMap[Index] & Mask) == 0) { mFreeVarStoreIdBitMap[Index] |= Mask; @@ -2437,6 +2441,10 @@ CVfrQuestionDB::GetFreeQuestionId ( } } + if (Index == EFI_FREE_QUESTION_ID_BITMAP_SIZE) { + return EFI_QUESTION_ID_INVALID; + } + for (Offset = 0, Mask = 0x80000000; Mask != 0; Mask >>= 1, Offset++) { if ((mFreeQIdBitMap[Index] & Mask) == 0) { mFreeQIdBitMap[Index] |= Mask; -- 2.39.2