From d5cbc27b005522a4c0f40c0b14c32def8e1bae9c Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Tue, 30 Jun 2015 06:26:20 +0000 Subject: [PATCH] IntelFrameworkModulePkg PeiDxeDebugLib: Use safe string functions Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Jeff Fan Reviewed-by: Jaben Carsey git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17734 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/PeiDxeDebugLibReportStatusCode/DebugLib.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c index 68c1a5570b..cfdd2f50d5 100644 --- a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c +++ b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c @@ -56,6 +56,7 @@ DebugPrint ( UINT64 Buffer[(EFI_STATUS_CODE_DATA_MAX_SIZE / sizeof (UINT64)) + 1]; EFI_DEBUG_INFO *DebugInfo; UINTN TotalSize; + UINTN DestBufferSize; VA_LIST VaListMarker; BASE_LIST BaseListMarker; CHAR8 *FormatString; @@ -115,7 +116,13 @@ DebugPrint ( // // Copy the Format string into the record // - AsciiStrCpy (FormatString, Format); + // According to the content structure of Buffer shown above, the size of + // the FormatString buffer is the size of Buffer minus the Padding + // (4 bytes), minus the size of EFI_DEBUG_INFO, minus the size of + // variable arguments (12 * sizeof (UINT64)). + // + DestBufferSize = sizeof (Buffer) - 4 - sizeof (EFI_DEBUG_INFO) - 12 * sizeof (UINT64); + AsciiStrCpyS (FormatString, DestBufferSize / sizeof (CHAR8), Format); // // The first 12 * sizeof (UINT64) bytes following EFI_DEBUG_INFO are for variable arguments -- 2.39.2