Skip to content

Commit 2b251e4

Browse files
MintsukiMintsuki
committed
lib/bli: fix various bugs in timeout and entry control
1 parent 287f5d0 commit 2b251e4

File tree

1 file changed

+23
-6
lines changed

1 file changed

+23
-6
lines changed

common/lib/bli.c

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -49,12 +49,17 @@ bool decwstr_to_size(const wchar_t *buf, size_t buf_size, size_t *value) {
4949
return false;
5050
}
5151

52+
if (buf_size == 0 || buf[0] == L'\0') {
53+
return false;
54+
}
55+
5256
while (i * 2 < buf_size && buf[i]) {
5357
wchar_t c = buf[i];
5458
if (!(c >= L'0' && c <= L'9')) {
5559
return false;
5660
}
57-
tmp = tmp * 10 + (c - L'0');
61+
tmp = CHECKED_MUL(tmp, (size_t)10, return false);
62+
tmp = CHECKED_ADD(tmp, (size_t)(c - L'0'), return false);
5863
i++;
5964
}
6065

@@ -134,7 +139,7 @@ static bool handle_timeout(wchar_t *variable, bool erase, size_t *timeout, bool
134139
attrs,
135140
0, NULL);
136141
}
137-
if (getvar_size == 24 && memcmp(timeout_buf, L"menu-force",24) == 0) {
142+
if (getvar_size == 22 && memcmp(timeout_buf, L"menu-force", 22) == 0) {
138143
*skip_timeout = true;
139144
return true;
140145
}
@@ -147,6 +152,11 @@ static bool handle_timeout(wchar_t *variable, bool erase, size_t *timeout, bool
147152
if (!decwstr_to_size(timeout_buf, getvar_size, &t)) {
148153
return false;
149154
}
155+
// For LoaderConfigTimeoutOneShot, "0" means show menu indefinitely.
156+
if (erase && t == 0) {
157+
*skip_timeout = true;
158+
return true;
159+
}
150160
*timeout = t;
151161
return true;
152162
}
@@ -179,7 +189,10 @@ static bool handle_entry(wchar_t *variable, bool erase, char *path, size_t buf_s
179189

180190
size_t i;
181191
for (i = 0; i < buf_size-1 && i * 2 < getvar_size; i++) {
182-
path[i] = wide_path[i] & 0xff; // Assume 0x00 - 0x7f
192+
if (wide_path[i] > 0x7f) {
193+
return false;
194+
}
195+
path[i] = wide_path[i] & 0x7f;
183196
}
184197
path[i] = 0;
185198

@@ -198,14 +211,18 @@ bool bli_get_oneshot_entry(char *path, size_t buf_size) {
198211

199212
void bli_set_selected_entry(const char *path) {
200213
wchar_t wide_path[256];
201-
size_t pos = 0;
202-
for (; pos < 256 && pos < strlen(path); pos++) {
214+
size_t len = strlen(path);
215+
if (len > 255) {
216+
len = 255;
217+
}
218+
for (size_t pos = 0; pos < len; pos++) {
203219
wide_path[pos] = path[pos];
204220
}
221+
wide_path[len] = L'\0';
205222
gRT->SetVariable(L"LoaderEntrySelected",
206223
&bli_vendor_guid,
207224
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
208-
strlen(path)*2 + 1,
225+
(len + 1) * sizeof(wchar_t),
209226
wide_path);
210227
}
211228

0 commit comments

Comments
 (0)