Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
From 21aef3fa9b9d0a4ab3c683afc28565924c424a85 Mon Sep 17 00:00:00 2001
From: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Date: Mon, 26 Jul 2021 20:24:13 -0700
Subject: [PATCH] fallback: find_boot_option() needs to return the index for
the boot entry in optnum
The CopyMem() calls in add_to_boot_list() expect that
find_boot_option() returned an index to the matching entry in the
BootOrder array. The previous code returned the numerical portion of
the boot entry label, which in some cases resulted in -1 *
sizeof(CHAR16) being passed to CopyMem() which would in turn corrupt
the running firmware resulting in an exception and a failure to boot
or reset.
---
fallback.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/fallback.c b/fallback.c
index 8d89917a5..87fc3c80e 100644
--- a/fallback.c
+++ b/fallback.c
@@ -462,10 +462,15 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
}
- *optnum = xtoi(varname + 4);
- FreePool(candidate);
- FreePool(data);
- return EFI_SUCCESS;
+ /* find the index for the matching entry in BootOrder */
+ UINT16 bootnum = xtoi(varname + 4);
+ for (*optnum = 0; *optnum < nbootorder; (*optnum)++) {
+ if (bootorder[*optnum] == bootnum) {
+ FreePool(candidate);
+ FreePool(data);
+ return EFI_SUCCESS;
+ }
+ }
}
FreePool(candidate);
FreePool(data);