mirror of
https://github.com/LongSoft/UEFITool.git
synced 2025-01-22 12:49:03 +08:00
Fix nullptr deref, OOB access to volumeHeader and tempHeader by checking volumeHeader->HeaderLength
This commit is contained in:
parent
9c6786a27b
commit
ea38ab3696
@ -1123,6 +1123,11 @@ USTATUS FfsParser::parseVolumeHeader(const UByteArray & volume, const UINT32 loc
|
||||
|
||||
// Check header checksum by recalculating it
|
||||
bool msgInvalidChecksum = false;
|
||||
|
||||
if (volumeHeader->HeaderLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
|
||||
msg(usprintf("%s: input volume header length %Xh (%u) is smaller than volume header size", __FUNCTION__, (UINT32)volumeHeader->HeaderLength, (UINT32)volumeHeader->HeaderLength));
|
||||
return U_INVALID_VOLUME;
|
||||
}
|
||||
UByteArray tempHeader((const char*)volumeHeader, volumeHeader->HeaderLength);
|
||||
((EFI_FIRMWARE_VOLUME_HEADER*)tempHeader.data())->Checksum = 0;
|
||||
UINT16 calculated = calculateChecksum16((const UINT16*)tempHeader.constData(), volumeHeader->HeaderLength);
|
||||
|
Loading…
Reference in New Issue
Block a user