From fda93fc4495ca0343d57f82b8df4583d3f877b8f Mon Sep 17 00:00:00 2001 From: ydong10 Date: Thu, 10 Jan 2013 03:01:16 +0000 Subject: [PATCH] Use EFI_IFR_TYPE_VALUE type variable instead of UINT64 to avoid buffer overflow. Signed-off-by: Eric Dong Reviewed-by: Liming Gao git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14044 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Library/UefiHiiLib/HiiLib.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c index ba74d0f88f..6d2755ce36 100644 --- a/MdeModulePkg/Library/UefiHiiLib/HiiLib.c +++ b/MdeModulePkg/Library/UefiHiiLib/HiiLib.c @@ -946,7 +946,7 @@ InternalHiiValidateCurrentSetting ( UINT16 Offset; UINT16 Width; UINT64 VarValue; - UINT64 TmpValue; + EFI_IFR_TYPE_VALUE TmpValue; LIST_ENTRY *Link; UINT8 *VarBuffer; UINTN MaxBufferSize; @@ -1511,9 +1511,10 @@ InternalHiiValidateCurrentSetting ( // // Check current value is the value of one of option. // - TmpValue = 0; + ASSERT (IfrOneOfOption->Type >= EFI_IFR_TYPE_NUM_SIZE_8 && IfrOneOfOption->Type <= EFI_IFR_TYPE_NUM_SIZE_64); + ZeroMem (&TmpValue, sizeof (EFI_IFR_TYPE_VALUE)); CopyMem (&TmpValue, &IfrOneOfOption->Value, IfrOneOfOption->Header.Length - OFFSET_OF (EFI_IFR_ONE_OF_OPTION, Value)); - if (VarValue == TmpValue) { + if (VarValue == TmpValue.u64) { // // The value is one of option value. // Set OpCode to Zero, don't need check again. -- 2.39.2