[Bug 3512] New: Pointer size mismatch in EvacuateTempRam()


bugzilla-daemon@...
 

https://bugzilla.tianocore.org/show_bug.cgi?id=3512

Bug ID: 3512
Summary: Pointer size mismatch in EvacuateTempRam()
Product: EDK2
Version: Current
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Lowest
Component: Code
Assignee: unassigned@tianocore.org
Reporter: terry.lee@hpe.com
CC: edk2+bugs+int+994+563148131503455288@groups.io

The EvacuateTempRam() function in MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c
uses local pointer variables (MigratedFvHeader and RawDataFvHeader) allocated
from the stack. In 32-bit PEI environments, the pointer variables would be 32
bits in size. The pointers are used as output parameters for calling
PeiServicesAllocatePages(), which expects 64-bit output buffer of type
EFI_PHYSICAL_ADDRESS. When PeiServicesAllocatePages() writes to the output
buffer, data overflow results. Depending on the compiler allocation of the
pointer variable addresses, the data overflow could results in immediate boot
hang.

--
You are receiving this mail because:
You are on the CC list for the bug.