From patchwork Sat Apr  1 11:29:06 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chenhui Sun <chenhui.sun@linaro.org>
X-Patchwork-Id: 96560
Delivered-To: patch@linaro.org
Received: by 10.140.89.233 with SMTP id v96csp1123660qgd;
 Sat, 1 Apr 2017 04:33:29 -0700 (PDT)
X-Received: by 10.200.46.196 with SMTP id i4mr7716773qta.17.1491046409794;
 Sat, 01 Apr 2017 04:33:29 -0700 (PDT)
Return-Path: <linaro-uefi-bounces@lists.linaro.org>
Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206])
 by mx.google.com with ESMTP id
 i20si7137115qta.138.2017.04.01.04.33.29; 
 Sat, 01 Apr 2017 04:33:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 linaro-uefi-bounces@lists.linaro.org designates
 54.225.227.206 as permitted sender) client-ip=54.225.227.206; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of linaro-uefi-bounces@lists.linaro.org
 designates 54.225.227.206 as permitted sender)
 smtp.mailfrom=linaro-uefi-bounces@lists.linaro.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id 78AD662DDF; Sat,  1 Apr 2017 11:33:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, 
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,
 URIBL_BLOCKED autolearn=disabled version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id 249C260CCC;
 Sat,  1 Apr 2017 11:33:26 +0000 (UTC)
X-Original-To: linaro-uefi@lists.linaro.org
Delivered-To: linaro-uefi@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id 223536365F; Sat,  1 Apr 2017 11:33:24 +0000 (UTC)
Received: from mail-pg0-f52.google.com (mail-pg0-f52.google.com [74.125.83.52])
 by lists.linaro.org (Postfix) with ESMTPS id 21F6A62C8C
 for <linaro-uefi@lists.linaro.org>;
 Sat,  1 Apr 2017 11:33:09 +0000 (UTC)
Received: by mail-pg0-f52.google.com with SMTP id 21so89668655pgg.1
 for <linaro-uefi@lists.linaro.org>;
 Sat, 01 Apr 2017 04:33:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=deiyonoPY7rBTVazve/Q6A6MkF53TCZRVMYTSh4YVI4=;
 b=hWCzD2lQjKwI00DXx3mn+l9jC1sU4P24NntCToU3uc2lrre2kqyPkT9rLAniZYf4b9
 IELhP+Sg68xHY+rc49Pe3PNW4TMB01fFfAJDuse2XEsXpM84NTYpJD4G0Sjjibairyrq
 aN3hlBYlrjSc9hhsexjCFoVEhP+qoLD7H6RhBVTpP9dwCIyPhduk3Yt6LiZCAvoWjhG+
 OXIsCH6eBptalSUUgTPYuDhn8FFrLQj8ZY7UFqW6Fzb3O3dOoLwM26O2LjBckap/0TOD
 7856i5UKkJlyOvK1o2yDjaHCKQnzFTPBELFJiDPnYNXxJsg9klPyeI+E0m3iYz9Jf5WE
 3+1w==
X-Gm-Message-State: AFeK/H0hD/p2UleugB2LooNSZIU3E0Ap/xHXkqbQZI3qxxwWu8Zi1H2XqdQMTgpj9YVbnuA8x30=
X-Received: by 10.84.198.164 with SMTP id p33mr8936759pld.127.1491046388464; 
 Sat, 01 Apr 2017 04:33:08 -0700 (PDT)
Received: from localhost.localdomain ([119.145.15.121])
 by smtp.gmail.com with ESMTPSA id
 a62sm15704868pgc.60.2017.04.01.04.33.04
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Sat, 01 Apr 2017 04:33:08 -0700 (PDT)
From: Chenhui Sun <chenhui.sun@linaro.org>
To: leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org,
 graeme.gregory@linaro.org
Date: Sat,  1 Apr 2017 19:29:06 +0800
Message-Id: <1491046162-53797-2-git-send-email-chenhui.sun@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1491046162-53797-1-git-send-email-chenhui.sun@linaro.org>
References: <1491046162-53797-1-git-send-email-chenhui.sun@linaro.org>
Cc: Yi Li <phoenix.liyi@huawei.com>, Chenhui Sun <chenhui.sun@linaro.org>,
 shaochangliang <shaochangliang@huawei.com>, sunchenhui@huawei.com,
 wanghuiqiang@huawei.com
Subject: [Linaro-uefi] [Linaro-uefi v2 01/17] Hisilicon/UpdateFdtDxe: fix
 memory overflow issue
X-BeenThere: linaro-uefi@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <linaro-uefi.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/linaro-uefi>,
 <mailto:linaro-uefi-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/linaro-uefi/>
List-Post: <mailto:linaro-uefi@lists.linaro.org>
List-Help: <mailto:linaro-uefi-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/linaro-uefi>,
 <mailto:linaro-uefi-request@lists.linaro.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: linaro-uefi-bounces@lists.linaro.org
Sender: "Linaro-uefi" <linaro-uefi-bounces@lists.linaro.org>

The size of the updated DTB file may be increased, so we need to allocate
more memory than the original DTB size,or memory overflow may happen.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: shaochangliang <shaochangliang@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Signed-off-by: Yi Li <phoenix.liyi@huawei.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 Chips/Hisilicon/Drivers/UpdateFdtDxe/UpdateFdtDxe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Chips/Hisilicon/Drivers/UpdateFdtDxe/UpdateFdtDxe.c b/Chips/Hisilicon/Drivers/UpdateFdtDxe/UpdateFdtDxe.c
index 8586e33..699a820 100644
--- a/Chips/Hisilicon/Drivers/UpdateFdtDxe/UpdateFdtDxe.c
+++ b/Chips/Hisilicon/Drivers/UpdateFdtDxe/UpdateFdtDxe.c
@@ -112,7 +112,7 @@ EFIAPI UpdateFdt (
     Size = (UINTN)fdt_totalsize ((VOID*)(PcdGet64(FdtFileAddress)));
     NewFdtBlobSize = Size + ADD_FILE_LENGTH;
 
-    Status = gBS->AllocatePages (AllocateAnyPages, EfiRuntimeServicesData, EFI_SIZE_TO_PAGES(Size), &NewFdtBlobBase);
+    Status = gBS->AllocatePages (AllocateAnyPages, EfiRuntimeServicesData, EFI_SIZE_TO_PAGES(NewFdtBlobSize), &NewFdtBlobBase);
     if (EFI_ERROR (Status))
     {
         return EFI_OUT_OF_RESOURCES;