[reactos] 01/01: [FREELDR] xboxmem: Fix array out-of-bounds access (#1775) - Ros-diffs

7 Aug 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2811d2f990fdadef5697ac...
commit 2811d2f990fdadef5697ac3927688b7447fdf177
Author:     Stanislav Motylkov x86corez@gmail.com
AuthorDate: Wed Aug 7 13:06:37 2019 +0300
Commit:     Hermès BÉLUSCA - MAÏTO hermes.belusca-maito@reactos.org
CommitDate: Wed Aug 7 12:06:37 2019 +0200
[FREELDR] xboxmem: Fix array out-of-bounds access (#1775)
Memory map array should be large enough to fit additional descriptors.
CORE-16216 CORE-16267
---
 boot/freeldr/freeldr/arch/i386/pcmem.c        | 2 --
 boot/freeldr/freeldr/arch/i386/xboxmem.c      | 3 ++-
 boot/freeldr/freeldr/include/arch/pc/pcbios.h | 2 ++
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/boot/freeldr/freeldr/arch/i386/pcmem.c b/boot/freeldr/freeldr/arch/i386/pcmem.c
index 2add4d918bf..4dd709b247c 100644
--- a/boot/freeldr/freeldr/arch/i386/pcmem.c
+++ b/boot/freeldr/freeldr/arch/i386/pcmem.c
@@ -35,8 +35,6 @@ DBG_DEFAULT_CHANNEL(MEMORY);
 #define ULONGLONG_ALIGN_UP_BY(size, align) \
     (ULONGLONG_ALIGN_DOWN_BY(((ULONGLONG)(size) + align - 1), align))
-#define MAX_BIOS_DESCRIPTORS 80ul
-
 BIOS_MEMORY_MAP PcBiosMemoryMap[MAX_BIOS_DESCRIPTORS];
 ULONG PcBiosMapCount;
diff --git a/boot/freeldr/freeldr/arch/i386/xboxmem.c b/boot/freeldr/freeldr/arch/i386/xboxmem.c
index ee5da0fec1f..2d6890ea78e 100644
--- a/boot/freeldr/freeldr/arch/i386/xboxmem.c
+++ b/boot/freeldr/freeldr/arch/i386/xboxmem.c
@@ -89,12 +89,13 @@ XboxMemInit(VOID)
     AvailableMemoryMb = InstalledMemoryMb;
 }
-FREELDR_MEMORY_DESCRIPTOR XboxMemoryMap[2];
+FREELDR_MEMORY_DESCRIPTOR XboxMemoryMap[MAX_BIOS_DESCRIPTORS + 1];
PFREELDR_MEMORY_DESCRIPTOR
 XboxMemGetMemoryMap(ULONG *MemoryMapSize)
 {
     TRACE("XboxMemGetMemoryMap()\n");
+    /* FIXME: Obtain memory map via multiboot spec */
/* Synthesize memory map */
diff --git a/boot/freeldr/freeldr/include/arch/pc/pcbios.h b/boot/freeldr/freeldr/include/arch/pc/pcbios.h
index 826a16854de..5ad273f0442 100644
--- a/boot/freeldr/freeldr/include/arch/pc/pcbios.h
+++ b/boot/freeldr/freeldr/include/arch/pc/pcbios.h
@@ -3,6 +3,8 @@
#ifndef __ASM__
+#define MAX_BIOS_DESCRIPTORS 80
+
 typedef enum
 {
     // ACPI 1.0.

    