diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2017-03-23 10:45:44 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2017-05-16 10:35:14 +0800 |
| commit | 86bf81994d5658fbf94a83eb34327e6f2dd4b7f9 (patch) | |
| tree | 6def582b7e98a5f4edab6920dd40739749777a51 /Nt32Pkg/StallPei | |
| parent | da80ed3b7920bced2ed9834aa45ddd784fa2c09f (diff) | |
| download | edk2-86bf81994d5658fbf94a83eb34327e6f2dd4b7f9.tar.gz | |
IntelFrameworkPkg/UefiLib: Avoid mis-calculate of graphic console size
The commit adds check in function InternalPrintGraphic() to ensure that
the expression:
Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)
will not overflow in the UINTN range.
The commit also adds an explicit UINT32 type cast for 'Blt->Width' to
avoid possible overflow in the int range for:
Blt->Width * Blt->Height
Since both Blt->Width and Blt->Height are of type UINT16. They will be
promoted to int (signed) first, and then perform the multiplication
operation. If the result of multiplication between Blt->Width and
Blt->Height exceeds the range of type int, a potential incorrect size will
be passed into function AllocateZeroPool().
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 9c0e4db3db8d102812ca57f6225290c7ba079ad8)
Diffstat (limited to 'Nt32Pkg/StallPei')
0 files changed, 0 insertions, 0 deletions