From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 86AFD740035 for ; Mon, 6 Nov 2023 00:59:39 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=LC3KmIetIrF61wjx+KI826BFZShf5FdS1MiV6BsY7Fk=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1699232378; v=1; b=s9AonyVlI1+dhCGjHkAhfXqfT9/6dSkpR9sFT9TAb4Z3DAGgvTnFOaXEXNr93CBlTpsp04FF hh4iF0ah9JiBD1hJ3LfyyPxnkyCPGzGclFyV/SboyLQwvrViRHqoKiGGko3+Zt3nuk8QlOSRyRk v0+wGAb6AwdPDoUAsyFlxwV0= X-Received: by 127.0.0.2 with SMTP id rXjlYY7687511xliMDXt2zMc; Sun, 05 Nov 2023 16:59:38 -0800 X-Received: from cxsh.intel-email.com (cxsh.intel-email.com [121.46.250.151]) by mx.groups.io with SMTP id smtpd.web10.44243.1699232375605092178 for ; Sun, 05 Nov 2023 16:59:37 -0800 X-Received: from cxsh.intel-email.com (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id D4D98DDA7F4 for ; Mon, 6 Nov 2023 08:59:33 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id CCD3ADDA7DE for ; Mon, 6 Nov 2023 08:59:33 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by cxsh.intel-email.com (Postfix) with SMTP id 231CBDDA7EB for ; Mon, 6 Nov 2023 08:59:30 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Mon, 06 Nov 2023 08:59:28 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , , Cc: References: In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIXSBNZGVNb2R1bGVQa2cvUmVndWxhckV4cHJlc3Npbm9EeGU6IEZpeCBjbGFuZyBlcnJvcg==?= Date: Mon, 6 Nov 2023 08:59:28 +0800 Message-ID: <005f01da104c$7eaae9a0$7c00bce0$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQI3zhFGgXp/ok1g4q3kF5laYCwNeQJBuH53r57uhkA= Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Kh28KzJUzBfV0kFbKTE5VkGbx7686176AA= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=s9AonyVl; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Laszlo=EF=BC=9A I agree your suggestion. We can submit a new request to update oniguruma = to the latest version.=20 This patch avoids the warning on the current version. I think this change= is OK. I would like to merge this fix first.=20 Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io = =E4=BB=A3=E8=A1=A8 Laszlo Ersek > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2023=E5=B9=B411=E6=9C=885=E6=97=A5 = 19:33 > =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io; jake@nvidia.com > =E6=8A=84=E9=80=81: jian.j.wang@intel.com; gaoliming@byosoft.com.cn > =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH] MdeModulePkg/RegularExpressi= noDxe: Fix > clang error >=20 > On 10/3/23 17:04, Jake Garver via groups.io wrote: > > Ignore old style declaration warnings in oniguruma/src/st.c. This was > > already ignored for MSFT, but newer versions of clang complain as well. > > > > Signed-off-by: Jake Garver > > --- > > .../Universal/RegularExpressionDxe/RegularExpressionDxe.inf | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git > a/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf > b/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf > > index 84489c2942..0092531a67 100644 > > --- > a/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf > > +++ > b/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf > > @@ -102,6 +102,7 @@ > > > > # Oniguruma: old style declaration in st.c > > MSFT:*_*_*_CC_FLAGS =3D /wd4131 > > + GCC:*_*_*_CC_FLAGS =3D -Wno-deprecated-non-prototype > > > > # Oniguruma: 'type cast' : truncation from 'OnigUChar *' to 'unsigne= d > int' > > MSFT:*_*_*_CC_FLAGS =3D /wd4305 /wd4306 >=20 > Our checkout of oniguruma is at tag "v6.9.4_mark1", from February 2020. >=20 > The latest upstream oniguruma release is "v6.9.9", dated 10 October 2023. >=20 > I totally randomly looked at the commit history. We are missing fixes > that the oniguruma project has received in response to fuzzing and > CodeQL static analysis. Fixes for use-after-free > (25535521ba2ea1aa74a1f65fc4a8ba55b0030719), undefined-shift fixes (too > many to list here, just search the history for "undefined-shift"), > various memory leak fixes, null pointer dereference fixes, and so on. >=20 > In particular, commit > f95e53b09ca4de> > is called "escape compile time warnings by clang 14.0", so that patch > (from August 2023) may solve the direct issue. >=20 > I propose that we should upgrade our oniguruma checkout to "v6.9.9", and > resolve any fallout from the update. >=20 > OVMF does not include RegularExpressionDxe, so I'm not attracted to take > this on myself. Can the users / owners of those platforms that do > include RegularExpressionDxe research the update to "v6.9.9"? I think > this should be worth your while; the recent oniguruma commit history > suggests that "v6.9.4_mark1" may contain quite a few known security bugs. >=20 > Note that, in general, a primary use case for regex engines is *input > validation*, before further parsing happens. It's not great if the > engine used for input validation contains known security bugs itself. >=20 > Laszlo >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110688): https://edk2.groups.io/g/devel/message/110688 Mute This Topic: https://groups.io/mt/102412008/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-