From 0b09397dfa0123b9a27c2c52fd2ddafd7a902137 Mon Sep 17 00:00:00 2001
From: Patrick Rudolph <patrick.rudolph@9elements.com>
Date: Sun, 31 Dec 2023 17:29:26 +0100
Subject: UefiPayloadPkg: CbParseLib: Fix integer overflow

The IMD entry uses the 32bit start field as relative offset
to root. On Ia32X64 this works fine as UINTN is also 32 bit and
negative relative offsets are properly calculated due to an
integer overflow.

On X64 this doesn't work as UINTN is 64 bit and the offset
is no longer subtracted, but it's added to the root. Fix that
by sign extending the start field to 64 bit.

Test: Booting UefiPayloadPkg still works on Ia32X64 and now also
      works on X64.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Gua Guo <gua.guo@intel.com>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
---
 UefiPayloadPkg/Library/CbParseLib/CbParseLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'UefiPayloadPkg')

diff --git a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c b/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c
index 8a353f7..9e14953 100644
--- a/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c
+++ b/UefiPayloadPkg/Library/CbParseLib/CbParseLib.c
@@ -282,7 +282,7 @@ FindCbMemTable (
   for (Idx = 0; Idx < Root->num_entries; Idx++) {
     if (Entries[Idx].id == TableId) {
       if (IsImdEntry) {
-        *MemTable = (VOID *)((UINTN)Entries[Idx].start + (UINTN)Root);
+        *MemTable = (VOID *)((INTN)(INT32)Entries[Idx].start + (UINTN)Root);
       } else {
         *MemTable = (VOID *)(UINTN)Entries[Idx].start;
       }
-- 
cgit v1.1