diff options
author | Hao Wu <hao.a.wu@intel.com> | 2015-06-30 06:31:28 +0000 |
---|---|---|
committer | hwu1225 <hwu1225@Edk2> | 2015-06-30 06:31:28 +0000 |
commit | 269e0aebcf978640f16361882f423c7b9593215c (patch) | |
tree | 5c7c390d8d86d6506d3924033d31dc05996af5f9 /PerformancePkg | |
parent | ecd58a2511ddbf72125575609a8ac144a1edba52 (diff) | |
download | edk2-269e0aebcf978640f16361882f423c7b9593215c.zip edk2-269e0aebcf978640f16361882f423c7b9593215c.tar.gz edk2-269e0aebcf978640f16361882f423c7b9593215c.tar.bz2 |
PerformancePkg Dp_App: Resolve buffer size mismatch
CHAR16 array mGaugeString[DP_GAUGE_STRING_LENGTH + 1] is pass into
function GetShortPdbFileName(). However, in this function it treats the
size of the input buffer as DXE_PERFORMANCE_STRING_SIZE.
Though DXE_PERFORMANCE_STRING_SIZE is smaller than DP_GAUGE_STRING_LENGTH
now, but this manner might introduce a potential risk of buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17746 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'PerformancePkg')
-rw-r--r-- | PerformancePkg/Dp_App/DpUtilities.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/PerformancePkg/Dp_App/DpUtilities.c b/PerformancePkg/Dp_App/DpUtilities.c index 38d2293..38d7aa3 100644 --- a/PerformancePkg/Dp_App/DpUtilities.c +++ b/PerformancePkg/Dp_App/DpUtilities.c @@ -156,10 +156,10 @@ GetShortPdbFileName ( UINTN StartIndex;
UINTN EndIndex;
- ZeroMem (UnicodeBuffer, DXE_PERFORMANCE_STRING_LENGTH * sizeof (CHAR16));
+ ZeroMem (UnicodeBuffer, (DP_GAUGE_STRING_LENGTH + 1) * sizeof (CHAR16));
if (PdbFileName == NULL) {
- StrCpyS (UnicodeBuffer, DXE_PERFORMANCE_STRING_SIZE, L" ");
+ StrCpyS (UnicodeBuffer, DP_GAUGE_STRING_LENGTH + 1, L" ");
} else {
StartIndex = 0;
for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++)
@@ -178,8 +178,8 @@ GetShortPdbFileName ( for (IndexA = StartIndex; IndexA < EndIndex; IndexA++) {
UnicodeBuffer[IndexU] = (CHAR16) PdbFileName[IndexA];
IndexU++;
- if (IndexU >= DXE_PERFORMANCE_STRING_LENGTH) {
- UnicodeBuffer[DXE_PERFORMANCE_STRING_LENGTH] = 0;
+ if (IndexU >= DP_GAUGE_STRING_LENGTH) {
+ UnicodeBuffer[DP_GAUGE_STRING_LENGTH] = 0;
break;
}
}
|