tag | d2a82a3102ed600272447aa06ee4b5210d600505 | |
---|---|---|
tagger | Liming Gao <liming.gao@intel.com> | Sat Mar 09 00:02:29 2019 +0800 |
object | 89910a39dcfd788057caa5d88b7e76e112d187b5 |
Add edk2 Q1 stable tag
commit | 89910a39dcfd788057caa5d88b7e76e112d187b5 | [log] [tgz] |
---|---|---|
author | Ray Ni <ray.ni@intel.com> | Thu Mar 07 18:35:14 2019 +0800 |
committer | Liming Gao <liming.gao@intel.com> | Fri Mar 08 23:44:59 2019 +0800 |
tree | 20baa1bce4e39aca5ff6e27bfa5a8a24d690bbbe | |
parent | ffe5f7a6b4e978dffbe1df228963adc914451106 [diff] |
MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP is parsed (CVE-2018-12181) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135 For 4bit BMP, there are only 2^4 = 16 colors in the palette. But when a corrupted BMP contains more than 16 colors in the palette, today's implementation wrongly copies all colors to the local PaletteValue[16] array which causes stack overflow. The similar issue also exists in the logic to handle 8bit BMP. The patch fixes the issue by only copies the first 16 or 256 colors in the palette depending on the BMP type. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ray Ni <ray.ni@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.
Contributions to the EDK II open source project are covered by the TianoCore Contribution Agreement 1.1
The majority of the content in the EDK II open source project uses a BSD 2-Clause License. The EDK II open source project contains the following components that are covered by additional licenses:
The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.