From 2b876e2cc3c52642e2660c2769914884f26409db Mon Sep 17 00:00:00 2001
From: yeggor <vasilenko.yegor@gmail.com>
Date: Fri, 17 Mar 2023 02:21:44 +0400
Subject: [PATCH] Add check for volumeHeader->ExtHeaderOffset in
 FfsParser::parseVolumeHeader to prevent OOB access

---
 common/ffsparser.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/ffsparser.cpp b/common/ffsparser.cpp
index 8bfb91c..21c82f0 100644
--- a/common/ffsparser.cpp
+++ b/common/ffsparser.cpp
@@ -1160,6 +1160,9 @@ USTATUS FfsParser::parseVolumeHeader(const UByteArray & volume, const UINT32 loc
     
     // Extended header present
     if (volumeHeader->Revision > 1 && volumeHeader->ExtHeaderOffset) {
+        if (volume.size() < volumeHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER)) {
+            return U_INVALID_VOLUME;
+        }
         const EFI_FIRMWARE_VOLUME_EXT_HEADER* extendedHeader = (const EFI_FIRMWARE_VOLUME_EXT_HEADER*)(volume.constData() + volumeHeader->ExtHeaderOffset);
         info += usprintf("\nExtended header size: %Xh (%u)\nVolume GUID: ",
                          extendedHeader->ExtHeaderSize, extendedHeader->ExtHeaderSize) + guidToUString(extendedHeader->FvName, false);