Re: [edk2-devel] [PATCH 04/10] MdePkg/PiFirmwareFile: fix undefined behavior in FFS_FILE_SIZE

Mon, 15 Apr 2019 10:23:37 -0700 

On 4/13/19 1:31 AM, Laszlo Ersek wrote:
> Accessing "EFI_FFS_FILE_HEADER.Size", which is of type UINT8[3], through a
> (UINT32*), is undefined behavior. Fix it by accessing the array elements
> individually.
> 
> (We can't use a union here, unfortunately, as easily as with
> "EFI_COMMON_SECTION_HEADER", given the fields in "EFI_FFS_FILE_HEADER".)
> 
> Cc: Liming Gao <liming....@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710
> Signed-off-by: Laszlo Ersek <ler...@redhat.com>
> ---
>  MdePkg/Include/Pi/PiFirmwareFile.h | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Include/Pi/PiFirmwareFile.h 
> b/MdePkg/Include/Pi/PiFirmwareFile.h
> index 4fce8298d1c0..0668f3fa9af4 100644
> --- a/MdePkg/Include/Pi/PiFirmwareFile.h
> +++ b/MdePkg/Include/Pi/PiFirmwareFile.h
> @@ -174,18 +174,26 @@ typedef struct {
>    /// If FFS_ATTRIB_LARGE_FILE is not set then EFI_FFS_FILE_HEADER is used.
>    ///
>    UINT64                    ExtendedSize;
>  } EFI_FFS_FILE_HEADER2;
>  
>  #define IS_FFS_FILE2(FfsFileHeaderPtr) \
>      (((((EFI_FFS_FILE_HEADER *) (UINTN) FfsFileHeaderPtr)->Attributes) & 
> FFS_ATTRIB_LARGE_FILE) == FFS_ATTRIB_LARGE_FILE)
>  
> +#define FFS_FILE_SIZE_ARRAY(FfsFileHeaderPtr) \
> +    (((EFI_FFS_FILE_HEADER *) (UINTN) (FfsFileHeaderPtr))->Size)
> +
> +#define FFS_FILE_SIZE_ELEMENT(FfsFileHeaderPtr, Index) \
> +    ((UINT32) FFS_FILE_SIZE_ARRAY (FfsFileHeaderPtr)[(Index)])
> +
>  #define FFS_FILE_SIZE(FfsFileHeaderPtr) \
> -    ((UINT32) (*((UINT32 *) ((EFI_FFS_FILE_HEADER *) (UINTN) 
> FfsFileHeaderPtr)->Size) & 0x00ffffff))
> +    ((FFS_FILE_SIZE_ELEMENT ((FfsFileHeaderPtr), 0) <<  0) | \
> +     (FFS_FILE_SIZE_ELEMENT ((FfsFileHeaderPtr), 1) <<  8) | \
> +     (FFS_FILE_SIZE_ELEMENT ((FfsFileHeaderPtr), 2) << 16))
>  
>  #define FFS_FILE2_SIZE(FfsFileHeaderPtr) \
>      ((UINT32) (((EFI_FFS_FILE_HEADER2 *) (UINTN) 
> FfsFileHeaderPtr)->ExtendedSize))
>  
>  typedef UINT8 EFI_SECTION_TYPE;
>  
>  ///
>  /// Pseudo type. It is used as a wild card when retrieving sections.
> 

Reviewed-by: Philippe Mathieu-Daude <phi...@redhat.com>

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#39105): https://edk2.groups.io/g/devel/message/39105
Mute This Topic: https://groups.io/mt/31070304/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to