Re: [PATCH] MdeModulePkg/TerminalDxe [BUG]: Terminal fifo buffer overflow.


Gao, Zhichao
 

There is no need to add [BUG] in the title. I would remove it when I create the PR.
If you want to have a record for this bug, you can edit a Bugzilla and add the link in the commit message.
Beside of that, Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>

Thanks,
Zhichao

-----Original Message-----
From: gechao@greatwall.com.cn <gechao@greatwall.com.cn>
Sent: Thursday, January 14, 2021 11:23 AM
To: Gao, Zhichao <zhichao.gao@intel.com>
Cc: devel@edk2.groups.io; Ni, Ray <ray.ni@intel.com>; gechao
<gechao@greatwall.com.cn>
Subject: [PATCH] MdeModulePkg/TerminalDxe [BUG]: Terminal fifo buffer
overflow.

From: gechao <gechao@greatwall.com.cn>

Fix the bug of terminal fifo buffer overflow with UINT8 type.

typedef struct {
UINT8 Head;
UINT8 Tail;
UINT8 Data[RAW_FIFO_MAX_NUMBER + 1];
} RAW_DATA_FIFO;
RAW_FIFO_MAX_NUMBER is 256.
the data buffer size is 257 (Index from 0 to 256), but the max value of the index,
Head or Tail (UINT8), is 255. That means the last data of the data buffer would be
always empty if we use Head/Tail to output/input the data correctly. And
because of the incorrect buffer size the FIFO full check "((Tail + 1) %
(RAW_FIFO_MAX_NUMBER + 1)) == Head" would never meet.

Signed-off-by: gechao <gechao@greatwall.com.cn>
---
MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
index 378ace13ce..360e58e847 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.h
@@ -37,7 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseLib.h> -#define RAW_FIFO_MAX_NUMBER 256+#define
RAW_FIFO_MAX_NUMBER 255 #define FIFO_MAX_NUMBER 128 typedef
struct {--
2.25.1

Join devel@edk2.groups.io to automatically receive all group messages.