MdeModulePkg: Fix buffer overflow in MergeMemoryMap

author Ken Lautner <kenlautner3@gmail.com>

Wed, 28 Aug 2024 17:55:09 +0000 (10:55 -0700)

committer mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Fri, 13 Sep 2024 07:53:57 +0000 (07:53 +0000)
author Ken Lautner <kenlautner3@gmail.com>
Wed, 28 Aug 2024 17:55:09 +0000 (10:55 -0700)
committer mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Fri, 13 Sep 2024 07:53:57 +0000 (07:53 +0000)
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c

index 58b947423a0eb9db2fe0ca5ba19091a193f56e8f..a11c455ab598c9b1d57db2838d23b4d939480518 100644 (file)
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -395,11 +395,14 @@ MergeMemoryMap (
    NewMemoryMapEntry = MemoryMap;\r
    MemoryMapEnd      = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + *MemoryMapSize);\r
    while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) {\r
-    CopyMem (NewMemoryMapEntry, MemoryMapEntry, sizeof (EFI_MEMORY_DESCRIPTOR));\r
+    CopyMem (NewMemoryMapEntry, MemoryMapEntry, DescriptorSize);\r
      NextMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);\r
  \r
      do {\r
-      MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);\r
+      if ((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) {\r
+        MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);\r
+      }\r
+\r
        MemoryBlockLength = LShiftU64 (NewMemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT);\r
        if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&\r
            (NewMemoryMapEntry->Type == NextMemoryMapEntry->Type) &&\r
author	Ken Lautner <kenlautner3@gmail.com>
	Wed, 28 Aug 2024 17:55:09 +0000 (10:55 -0700)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Fri, 13 Sep 2024 07:53:57 +0000 (07:53 +0000)