mirror of
https://github.com/LongSoft/UEFITool.git
synced 2024-11-27 10:28:22 +08:00
Fix nullptr deref, OOB access to volumeHeader and tempHeader by checking volumeHeader->HeaderLength
This commit is contained in:
parent
9c6786a27b
commit
ea38ab3696
@ -1123,6 +1123,11 @@ USTATUS FfsParser::parseVolumeHeader(const UByteArray & volume, const UINT32 loc
|
|||||||
|
|
||||||
// Check header checksum by recalculating it
|
// Check header checksum by recalculating it
|
||||||
bool msgInvalidChecksum = false;
|
bool msgInvalidChecksum = false;
|
||||||
|
|
||||||
|
if (volumeHeader->HeaderLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
|
||||||
|
msg(usprintf("%s: input volume header length %Xh (%u) is smaller than volume header size", __FUNCTION__, (UINT32)volumeHeader->HeaderLength, (UINT32)volumeHeader->HeaderLength));
|
||||||
|
return U_INVALID_VOLUME;
|
||||||
|
}
|
||||||
UByteArray tempHeader((const char*)volumeHeader, volumeHeader->HeaderLength);
|
UByteArray tempHeader((const char*)volumeHeader, volumeHeader->HeaderLength);
|
||||||
((EFI_FIRMWARE_VOLUME_HEADER*)tempHeader.data())->Checksum = 0;
|
((EFI_FIRMWARE_VOLUME_HEADER*)tempHeader.data())->Checksum = 0;
|
||||||
UINT16 calculated = calculateChecksum16((const UINT16*)tempHeader.constData(), volumeHeader->HeaderLength);
|
UINT16 calculated = calculateChecksum16((const UINT16*)tempHeader.constData(), volumeHeader->HeaderLength);
|
||||||
|
Loading…
Reference in New Issue
Block a user