Skip to content
Commit a7d8e28b authored by Kun Qin's avatar Kun Qin Committed by mergify[bot]
Browse files

UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3283



Current SMM Save State routine does not check the number of bytes to be
read, when it comse to read IO_INFO, before casting the incoming buffer
to EFI_SMM_SAVE_STATE_IO_INFO. This could potentially cause memory
corruption due to extra bytes are written out of buffer boundary.

This change adds a width check before copying IoInfo into output buffer.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: default avatarKun Qin <kuqin12@gmail.com>
Reviewed-by: default avatarRay Ni <ray.ni@intel.com>
Reviewed-by: default avatarLaszlo Ersek <lersek@redhat.com>
Message-Id: <20210406195254.1018-2-kuqin12@gmail.com>
parent 2072c22a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment