MdeModulePkg/AtaAtapiPassThru: fix buffer overflow issue introduced by previous patch(r13932).

Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13941 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 10 insertions, 1 deletions

diff --git a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
index 1c45312712..190ab799f1 100644
--- a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
+++ b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AhciMode.c
@@ -1908,6 +1908,7 @@ AhciCreateTransferDescriptor (
   VOID                  *Buffer;

 

   UINT32                Capability;

+  UINT32                PortImplementBitMap;

   UINT8                 MaxPortNumber;

   UINT8                 MaxCommandSlotNumber;

   BOOLEAN               Support64Bit;

@@ -1923,12 +1924,20 @@ AhciCreateTransferDescriptor (
   // Collect AHCI controller information

   //

   Capability           = AhciReadReg(PciIo, EFI_AHCI_CAPABILITY_OFFSET);

-  MaxPortNumber        = (UINT8) ((Capability & 0x1F) + 1);

   //

   // Get the number of command slots per port supported by this HBA.

   //

   MaxCommandSlotNumber = (UINT8) (((Capability & 0x1F00) >> 8) + 1);

   Support64Bit         = (BOOLEAN) (((Capability & BIT31) != 0) ? TRUE : FALSE);

+  

+  PortImplementBitMap  = AhciReadReg(PciIo, EFI_AHCI_PI_OFFSET);

+  //

+  // Get the highest bit of implemented ports which decides how many bytes are allocated for recived FIS.

+  //

+  MaxPortNumber        = (UINT8)(UINTN)(HighBitSet32(PortImplementBitMap) + 1);

+  if (MaxPortNumber == 0) {

+    return EFI_DEVICE_ERROR;

+  }

 

   MaxReceiveFisSize    = MaxPortNumber * sizeof (EFI_AHCI_RECEIVED_FIS);

   Status = PciIo->AllocateBuffer (