diff options
| author | Pedro Falcato <pedro.falcato@gmail.com> | 2022-11-03 09:11:49 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-11-07 01:57:09 +0000 |
| commit | 35043a5ec05db6aa86b1b380416923fd1c3506e6 (patch) | |
| tree | b1329ff38fd3abb6162bbbeff136ab0f4c6da1f5 /MdePkg/Library/BaseMemoryLibRepStr | |
| parent | b556f2445c251adf405ac966b48c237d20c0d46c (diff) | |
| download | edk2-35043a5ec05db6aa86b1b380416923fd1c3506e6.zip edk2-35043a5ec05db6aa86b1b380416923fd1c3506e6.tar.gz edk2-35043a5ec05db6aa86b1b380416923fd1c3506e6.tar.bz2 | |
MdePkg/BaseLib: Fix out-of-bounds reads in SafeString
There was a OOB access in *StrHexTo* functions, when passed strings like
"XDEADBEEF".
OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe,
which was able to catch these (mostly harmless) issues.
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Cc: Marvin H?user <mhaeuser@posteo.de>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@Intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Diffstat (limited to 'MdePkg/Library/BaseMemoryLibRepStr')
0 files changed, 0 insertions, 0 deletions