Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/ComponentName.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/ComponentName.c b/IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/ComponentName.c
index a41760e..f3341ed 100644
--- a/IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/ComponentName.c
+++ b/IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/ComponentName.c
@@ -1,7 +1,7 @@
/** @file
UEFI Component Name(2) protocol implementation for Isa Floppy driver.

-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -227,7 +227,7 @@ AddName (
CHAR16 FloppyDriveName[FLOPPY_DRIVE_NAME_LEN + 1];

if (!(FeaturePcdGet(PcdComponentNameDisable) && FeaturePcdGet(PcdComponentName2Disable))) {
- StrCpy (FloppyDriveName, FLOPPY_DRIVE_NAME);
+ StrCpyS (FloppyDriveName, FLOPPY_DRIVE_NAME_LEN + 1, FLOPPY_DRIVE_NAME);
FloppyDriveName[FLOPPY_DRIVE_NAME_LEN - 1] = (CHAR16) (L'0' + FdcDev->Disk);

AddUnicodeString2 (

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c | 14 +++++++++-----
.../Library/GenericBdsLib/Performance.c | 10 +++++-----
2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
index dbb1322..b5be631 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
@@ -1,7 +1,7 @@
/** @file
Misc BDS library function

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1127,12 +1127,16 @@ SetupResetReminder (
if (IsResetReminderFeatureEnable ()) {
if (IsResetRequired ()) {

- StringBuffer1 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
+ StringBuffer1 = AllocateCopyPool (
+ MAX_STRING_LEN * sizeof (CHAR16),
+ L"Configuration changed. Reset to apply it Now."
+ );
ASSERT (StringBuffer1 != NULL);
- StringBuffer2 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));
+ StringBuffer2 = AllocateCopyPool (
+ MAX_STRING_LEN * sizeof (CHAR16),
+ L"Press ENTER to reset"
+ );
ASSERT (StringBuffer2 != NULL);
- StrCpy (StringBuffer1, L"Configuration changed. Reset to apply it Now.");
- StrCpy (StringBuffer2, L"Press ENTER to reset");
//
// Popup a menu to notice user
//
diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/Performance.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/Performance.c
index 047d2a7..000542b 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/Performance.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/Performance.c
@@ -3,7 +3,7 @@
performance, all the function will only include if the performance
switch is set.

-Copyright (c) 2004 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -40,7 +40,7 @@ GetShortPdbFileName (
UINTN EndIndex;

if (PdbFileName == NULL) {
- AsciiStrCpy (GaugeString, " ");
+ AsciiStrCpyS (GaugeString, PERF_TOKEN_LENGTH, " ");
} else {
StartIndex = 0;
for (EndIndex = 0; PdbFileName[EndIndex] != 0; EndIndex++)
@@ -91,7 +91,7 @@ GetNameFromHandle (
CHAR8 *PdbFileName;
EFI_DRIVER_BINDING_PROTOCOL *DriverBinding;

- AsciiStrCpy (GaugeString, " ");
+ AsciiStrCpyS (GaugeString, PERF_TOKEN_LENGTH, " ");

//
// Get handle name from image protocol
@@ -287,7 +287,7 @@ WriteBootToOsPerformanceData (

GetNameFromHandle (Handles[Index], GaugeString);

- AsciiStrCpy (mPerfData.Token, GaugeString);
+ AsciiStrCpyS (mPerfData.Token, PERF_TOKEN_SIZE, GaugeString);
mPerfData.Duration = Duration;

CopyMem (Ptr, &mPerfData, sizeof (PERF_DATA));
@@ -316,7 +316,7 @@ WriteBootToOsPerformanceData (

ZeroMem (&mPerfData, sizeof (PERF_DATA));

- AsciiStrnCpy (mPerfData.Token, Token, PERF_TOKEN_LENGTH);
+ AsciiStrnCpyS (mPerfData.Token, PERF_TOKEN_SIZE, Token, PERF_TOKEN_LENGTH);
if (StartTicker == 1) {
StartTicker = StartValue;
}

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
.../Library/PeiDxeDebugLibReportStatusCode/DebugLib.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c
index 68c1a55..cfdd2f5 100644
--- a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c
+++ b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c
@@ -56,6 +56,7 @@ DebugPrint (
UINT64 Buffer[(EFI_STATUS_CODE_DATA_MAX_SIZE / sizeof (UINT64)) + 1];
EFI_DEBUG_INFO *DebugInfo;
UINTN TotalSize;
+ UINTN DestBufferSize;
VA_LIST VaListMarker;
BASE_LIST BaseListMarker;
CHAR8 *FormatString;
@@ -115,7 +116,13 @@ DebugPrint (
//
// Copy the Format string into the record
//
- AsciiStrCpy (FormatString, Format);
+ // According to the content structure of Buffer shown above, the size of
+ // the FormatString buffer is the size of Buffer minus the Padding
+ // (4 bytes), minus the size of EFI_DEBUG_INFO, minus the size of
+ // variable arguments (12 * sizeof (UINT64)).
+ //
+ DestBufferSize = sizeof (Buffer) - 4 - sizeof (EFI_DEBUG_INFO) - 12 * sizeof (UINT64);
+ AsciiStrCpyS (FormatString, DestBufferSize / sizeof (CHAR8), Format);

//
// The first 12 * sizeof (UINT64) bytes following EFI_DEBUG_INFO are for variable arguments

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c | 8 ++++----
IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c b/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
index a0c6381..5646457 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/FrontPage.c
@@ -1,7 +1,7 @@
/** @file
FrontPage routines to handle the callbacks and browser calls

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -628,9 +628,9 @@ ConvertProcessorToString (
StringBuffer = AllocateZeroPool (0x20);
ASSERT (StringBuffer != NULL);
Index = UnicodeValueToString (StringBuffer, LEFT_JUSTIFY, FreqMhz / 1000, 3);
- StrCat (StringBuffer, L".");
+ StrCatS (StringBuffer, 0x20 / sizeof (CHAR16), L".");
UnicodeValueToString (StringBuffer + Index + 1, PREFIX_ZERO, (FreqMhz % 1000) / 10, 2);
- StrCat (StringBuffer, L" GHz");
+ StrCatS (StringBuffer, 0x20 / sizeof (CHAR16), L" GHz");
*String = (CHAR16 *) StringBuffer;
return ;
}
@@ -654,7 +654,7 @@ ConvertMemorySizeToString (
StringBuffer = AllocateZeroPool (0x20);
ASSERT (StringBuffer != NULL);
UnicodeValueToString (StringBuffer, LEFT_JUSTIFY, MemorySize, 6);
- StrCat (StringBuffer, L" MB RAM");
+ StrCatS (StringBuffer, 0x20 / sizeof (CHAR16), L" MB RAM");

*String = (CHAR16 *) StringBuffer;

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c b/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
index 5a6fa78..eef840b 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
@@ -1,7 +1,7 @@
/** @file
Perform the platform memory test

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -324,7 +324,7 @@ BdsMemoryTest (
//
// TmpStr size is 64, StrPercent is reserved to 16.
//
- StrnCat (StrPercent, TmpStr, sizeof (StrPercent) / sizeof (CHAR16) - StrLen (StrPercent) - 1);
+ StrCatS (StrPercent, sizeof (StrPercent) / sizeof (CHAR16), TmpStr);
PrintXY (10, 10, NULL, NULL, StrPercent);
FreePool (TmpStr);
}
@@ -389,7 +389,7 @@ Done:

TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED));
if (TmpStr != NULL) {
- StrnCat (StrTotalMemory, TmpStr, StrTotalMemorySize / sizeof (CHAR16) - StrLen (StrTotalMemory) - 1);
+ StrCatS (StrTotalMemory, StrTotalMemorySize / sizeof (CHAR16), TmpStr);
FreePool (TmpStr);
}

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
.../Universal/FirmwareVolume/UpdateDriverDxe/ParseUpdateProfile.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/ParseUpdateProfile.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/ParseUpdateProfile.c
index 17e728d..023506e 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/ParseUpdateProfile.c
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/ParseUpdateProfile.c
@@ -3,7 +3,7 @@
configuration file and pass the information to the update driver
so that the driver can perform updates accordingly.

- Copyright (c) 2002 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2002 - 2015, Intel Corporation. All rights reserved.<BR>

This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -674,11 +674,10 @@ UpdateStringToGuid (
UINT8 Digits[3];

StrLen = AsciiStrLen ((CONST CHAR8 *) Str);
- Buffer = AllocatePool (StrLen + 1);
+ Buffer = AllocateCopyPool (StrLen + 1, Str);
if (Buffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- AsciiStrCpy ((CHAR8 *)Buffer, (CHAR8 *)Str);

//
// Data1
@@ -997,7 +996,7 @@ ParseUpdateDataFile (
//
// Get the section name of each update
//
- AsciiStrCpy (Entry, "Update");
+ AsciiStrCpyS (Entry, MAX_LINE_LENGTH, "Update");
UpdateStrCatNumber ((UINT8 *) Entry, Index);
Value = NULL;
Status = UpdateGetProfileString (

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
.../Universal/BdsDxe/DeviceMngr/DeviceManager.c | 25 +++++++++++-----------
1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c b/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
index 85cbe89..5da0d47 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
@@ -1,7 +1,7 @@
/** @file
The platform device manager reference implementation

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -374,13 +374,12 @@ GetMacAddressString(
// The size is the Number size + ":" size + Vlan size(\XXXX) + End
//
BufferLen = (4 + 2 * HwAddressSize + (HwAddressSize - 1) + 5 + 1) * sizeof (CHAR16);
- String = AllocateZeroPool (BufferLen);
+ String = AllocateCopyPool (BufferLen, L"MAC:");
if (String == NULL) {
return FALSE;
}

*PBuffer = String;
- StrCpy(String, L"MAC:");
String += 4;

//
@@ -1383,15 +1382,15 @@ CallDriverHealth (
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);

- StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
+ StrCpyS (String, StringSize / sizeof(CHAR16), DriverName);
if (!IsControllerNameEmpty) {
- StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
- StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
+ StrCatS (String, StringSize / sizeof(CHAR16), L" ");
+ StrCatS (String, StringSize / sizeof(CHAR16), ControllerName);
}

- StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
- StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
-
+ StrCatS (String, StringSize / sizeof(CHAR16), L" ");
+ StrCatS (String, StringSize / sizeof(CHAR16), TmpString);
+
} else {
//
// Update the string will be displayed base on the driver's health status
@@ -1423,13 +1422,13 @@ CallDriverHealth (
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);

- StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
+ StrCpyS (String, StringSize / sizeof (CHAR16), DriverName);
if (!IsControllerNameEmpty) {
- StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
- StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
+ StrCatS (String, StringSize / sizeof (CHAR16), L" ");
+ StrCatS (String, StringSize / sizeof (CHAR16), ControllerName);
}

- StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
+ StrCatS (String, StringSize / sizeof (CHAR16), TmpString);
}

FreePool (TmpString);

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
.../Universal/BdsDxe/BootMaint/BootOption.c | 31 +++++++++++-----------
.../Universal/BdsDxe/BootMaint/FormGuid.h | 16 +++++++----
.../Universal/BdsDxe/BootMaint/UpdatePage.c | 4 +--
.../Universal/BdsDxe/BootMaint/Variable.c | 10 ++++---
4 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
index 0a6a445..1519315 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
@@ -5,7 +5,7 @@

Boot option manipulation

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1010,11 +1010,9 @@ BOpt_GetBootOptions (

StringSize = StrSize((UINT16*)LoadOptionPtr);

- NewLoadContext->Description = AllocateZeroPool (StrSize((UINT16*)LoadOptionPtr));
- ASSERT (NewLoadContext->Description != NULL);
- StrCpy (NewLoadContext->Description, (UINT16*)LoadOptionPtr);
-
+ NewLoadContext->Description = AllocateCopyPool (StrSize((UINT16*)LoadOptionPtr), LoadOptionPtr);
ASSERT (NewLoadContext->Description != NULL);
+
NewMenuEntry->DisplayString = NewLoadContext->Description;

LoadOptionPtr += StringSize;
@@ -1089,6 +1087,7 @@ BOpt_AppendFileName (
{
UINTN Size1;
UINTN Size2;
+ UINTN MaxLen;
CHAR16 *Str;
CHAR16 *TmpStr;
CHAR16 *Ptr;
@@ -1096,18 +1095,18 @@ BOpt_AppendFileName (

Size1 = StrSize (Str1);
Size2 = StrSize (Str2);
- Str = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
+ MaxLen = (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16);
+ Str = AllocateCopyPool (MaxLen * sizeof (CHAR16), Str1);
ASSERT (Str != NULL);

- TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
+ TmpStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (TmpStr != NULL);

- StrCat (Str, Str1);
if (!((*Str == '\\') && (*(Str + 1) == 0))) {
- StrCat (Str, L"\\");
+ StrCatS (Str, MaxLen, L"\\");
}

- StrCat (Str, Str2);
+ StrCatS (Str, MaxLen, Str2);

Ptr = Str;
LastSlash = Str;
@@ -1120,11 +1119,11 @@ BOpt_AppendFileName (
//

//
- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings
// that overlap.
//
- StrCpy (TmpStr, Ptr + 3);
- StrCpy (LastSlash, TmpStr);
+ StrCpyS (TmpStr, MaxLen, Ptr + 3);
+ StrCpyS (LastSlash, MaxLen - (UINTN) (LastSlash - Str), TmpStr);
Ptr = LastSlash;
} else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') {
//
@@ -1132,11 +1131,11 @@ BOpt_AppendFileName (
//

//
- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings
// that overlap.
//
- StrCpy (TmpStr, Ptr + 2);
- StrCpy (Ptr, TmpStr);
+ StrCpyS (TmpStr, MaxLen, Ptr + 2);
+ StrCpyS (Ptr, MaxLen - (UINTN) (Ptr - Str), TmpStr);
Ptr = LastSlash;
} else if (*Ptr == '\\') {
LastSlash = Ptr;
diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/FormGuid.h b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/FormGuid.h
index f2e1866..bf99999 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/FormGuid.h
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/FormGuid.h
@@ -1,7 +1,7 @@
/** @file
Formset guids, form id and VarStore data structure for Boot Maintenance Manager.

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -219,14 +219,20 @@ typedef struct {
#define KEY_VALUE_SAVE_AND_EXIT_DRIVER 0x1002
#define KEY_VALUE_NO_SAVE_AND_EXIT_DRIVER 0x1003

+//
+// Description data and optional data size
+//
+#define DESCRIPTION_DATA_SIZE 75
+#define OPTIONAL_DATA_SIZE 127
+
///
/// This is the data structure used by File Explorer formset
///
typedef struct {
- UINT16 BootDescriptionData[75];
- UINT16 BootOptionalData[127];
- UINT16 DriverDescriptionData[75];
- UINT16 DriverOptionalData[127];
+ UINT16 BootDescriptionData[DESCRIPTION_DATA_SIZE];
+ UINT16 BootOptionalData[OPTIONAL_DATA_SIZE];
+ UINT16 DriverDescriptionData[DESCRIPTION_DATA_SIZE];
+ UINT16 DriverOptionalData[OPTIONAL_DATA_SIZE];
BOOLEAN BootOptionChanged;
BOOLEAN DriverOptionChanged;
UINT8 Active;
diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/UpdatePage.c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/UpdatePage.c
index 7d5861e..b13ed11 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/UpdatePage.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/UpdatePage.c
@@ -1,7 +1,7 @@
/** @file
Dynamically update the pages.

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -830,7 +830,7 @@ UpdateConModePage (
//
UnicodeValueToString (ModeString, 0, Col, 0);
PStr = &ModeString[0];
- StrnCat (PStr, L" x ", StrLen(L" x ") + 1);
+ StrCatS (PStr, sizeof (ModeString) / sizeof (ModeString[0]), L" x ");
PStr = PStr + StrLen (PStr);
UnicodeValueToString (PStr , 0, Row, 0);

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/Variable.c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/Variable.c
index e4299ff..616549e 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/Variable.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/Variable.c
@@ -1,7 +1,7 @@
/** @file
Variable operation that will be used by bootmaint

-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -579,7 +579,7 @@ Var_UpdateDriverOption (
);

if (*DescriptionData == 0x0000) {
- StrCpy (DescriptionData, DriverString);
+ StrCpyS (DescriptionData, DESCRIPTION_DATA_SIZE, DriverString);
}

BufferSize = sizeof (UINT32) + sizeof (UINT16) + StrSize (DescriptionData);
@@ -763,7 +763,11 @@ Var_UpdateBootOption (
UnicodeSPrint (BootString, sizeof (BootString), L"Boot%04x", Index);

if (NvRamMap->BootDescriptionData[0] == 0x0000) {
- StrCpy (NvRamMap->BootDescriptionData, BootString);
+ StrCpyS (
+ NvRamMap->BootDescriptionData,
+ sizeof (NvRamMap->BootDescriptionData) / sizeof (NvRamMap->BootDescriptionData[0]),
+ BootString
+ );
}

BufferSize = sizeof (UINT32) + sizeof (UINT16) + StrSize (NvRamMap->BootDescriptionData);

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <***@intel.com>
Reviewed-by: Jeff Fan <***@intel.com>
Reviewed-by: Jaben Carsey <***@intel.com>
---
.../Universal/BdsDxe/BootMngr/BootManager.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMngr/BootManager.c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMngr/BootManager.c
index dc13648..978959d 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMngr/BootManager.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMngr/BootManager.c
@@ -1,7 +1,7 @@
/** @file
The platform boot manager reference implementation

-Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -205,11 +205,11 @@ CallBootManager (
EFI_STRING_ID Token;
EFI_INPUT_KEY Key;
CHAR16 *HelpString;
+ UINTN HelpSize;
EFI_STRING_ID HelpToken;
UINT16 *TempStr;
EFI_HII_HANDLE HiiHandle;
EFI_BROWSER_ACTION_REQUEST ActionRequest;
- UINTN TempSize;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
@@ -318,11 +318,10 @@ CallBootManager (
Token = HiiSetString (HiiHandle, 0, Option->Description, NULL);

TempStr = DevicePathToStr (Option->DevicePath);
- TempSize = StrSize (TempStr);
- HelpString = AllocateZeroPool (TempSize + StrSize (L"Device Path : "));
+ HelpSize = StrSize (TempStr) + StrSize (L"Device Path : ");
+ HelpString = AllocateCopyPool (HelpSize, L"Device Path : ");
ASSERT (HelpString != NULL);
- StrCat (HelpString, L"Device Path : ");
- StrCat (HelpString, TempStr);
+ StrCatS (HelpString, HelpSize / sizeof (CHAR16), TempStr);

HelpToken = HiiSetString (HiiHandle, 0, HelpString, NULL);