Re: [edk2-devel] [PATCH] SecurityPkg/Tpm2Help.c: Add boundary
> check for array
>
> On 12/06/19 02:49, Zhang, Shenglei wrote:
> > Add 'Index < HASH_COUNT' to ensure things out of boundary
> > of digests[] can not be visited.
> >
> > Cc: Jiewen Yao
>
> -Original Message-
> From: Yao, Jiewen
> Sent: Friday, December 6, 2019 10:04 AM
> To: Zhang, Shenglei ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Zhang, Chao B
>
> Subject: RE: [PATCH] SecurityPkg/Tpm2Help.c: Add boundary check for array
>
> Hi
> May I know where is the data from? T
On 12/06/19 02:49, Zhang, Shenglei wrote:
> Add 'Index < HASH_COUNT' to ensure things out of boundary
> of digests[] can not be visited.
>
> Cc: Jiewen Yao
> Cc: Jian J Wang
> Cc: Chao Zhang
> Signed-off-by: Shenglei Zhang
> ---
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 2 +-
> 1 file
Hi
May I know where is the data from? Trusted region or non-trusted region?
I am thinking if we need use ASSERT to avoid user mistake.
But want to check the API input assumption at first...
> -Original Message-
> From: Zhang, Shenglei
> Sent: Friday, December 6, 2019 9:50 AM
> To: deve
