|
|
4210fa |
From 8a72ee927a71806e00d1c7a45d77167f397102ae Mon Sep 17 00:00:00 2001
|
|
|
4210fa |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
4210fa |
Date: Wed, 25 Feb 2015 18:45:41 +0000
|
|
|
4210fa |
Subject: [PATCH 2/2] Fix length of allocated buffer for boot option
|
|
|
4210fa |
comparison.
|
|
|
4210fa |
|
|
|
4210fa |
The following commit:
|
|
|
4210fa |
|
|
|
4210fa |
commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6
|
|
|
4210fa |
Author: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
4210fa |
Date: Thu Mar 6 10:57:02 2014 +0800
|
|
|
4210fa |
|
|
|
4210fa |
[fallback] Fix the data size for boot option comparison
|
|
|
4210fa |
|
|
|
4210fa |
corrected the data size used for comparison, but also reduced the
|
|
|
4210fa |
allocation so it doesn't include the trailing UTF16LE '\0\0' at the
|
|
|
4210fa |
end of the string, with the result that the trailer of the buffer
|
|
|
4210fa |
containing the string is overwritten, which OVMF detects as memory
|
|
|
4210fa |
corruption.
|
|
|
4210fa |
|
|
|
4210fa |
Increase the size of the storage buffer in a few places to correct
|
|
|
4210fa |
this problem.
|
|
|
4210fa |
|
|
|
4210fa |
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
4210fa |
Cc: Laszlo Ersek <lersek@redhat.com>
|
|
|
4210fa |
Cc: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
4210fa |
---
|
|
|
4210fa |
fallback.c | 4 ++--
|
|
|
4210fa |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
4210fa |
|
|
|
4210fa |
diff --git a/fallback.c b/fallback.c
|
|
|
4210fa |
index e739b78..8489b2e 100644
|
|
|
4210fa |
--- a/fallback.c
|
|
|
4210fa |
+++ b/fallback.c
|
|
|
4210fa |
@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
|
|
|
4210fa |
StrLen(label)*2 + 2 + DevicePathSize(hddp) +
|
|
|
4210fa |
StrLen(arguments) * 2;
|
|
|
4210fa |
|
|
|
4210fa |
- CHAR8 *data = AllocateZeroPool(size);
|
|
|
4210fa |
+ CHAR8 *data = AllocateZeroPool(size + 2);
|
|
|
4210fa |
CHAR8 *cursor = data;
|
|
|
4210fa |
*(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
|
|
|
4210fa |
cursor += sizeof (UINT32);
|
|
|
4210fa |
@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
|
|
|
4210fa |
StrLen(label)*2 + 2 + DevicePathSize(dp) +
|
|
|
4210fa |
StrLen(arguments) * 2;
|
|
|
4210fa |
|
|
|
4210fa |
- CHAR8 *data = AllocateZeroPool(size);
|
|
|
4210fa |
+ CHAR8 *data = AllocateZeroPool(size + 2);
|
|
|
4210fa |
if (!data)
|
|
|
4210fa |
return EFI_OUT_OF_RESOURCES;
|
|
|
4210fa |
CHAR8 *cursor = data;
|
|
|
4210fa |
--
|
|
|
4210fa |
2.1.0
|
|
|
4210fa |
|