From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from walk.intel-email.com (walk.intel-email.com [101.227.64.242])
 by mx.groups.io with SMTP id smtpd.web12.5455.1667784765187925166
 for <devel@edk2.groups.io>;
 Sun, 06 Nov 2022 17:32:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@byosoft.com.cn header.s=cloud-union header.b=evVWgwRS;
 spf=pass (domain: byosoft.com.cn, ip: 101.227.64.242, mailfrom: gaoliming@byosoft.com.cn)
Received: from walk.intel-email.com (localhost [127.0.0.1])
	by walk.intel-email.com (Postfix) with ESMTP id 02895CD1F80C
	for <devel@edk2.groups.io>; Mon,  7 Nov 2022 09:32:39 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=byosoft.com.cn;
	s=cloud-union; t=1667784759;
	bh=TF8p0+IH19V4M3kmf9A7iPkLjlRICxHqAtB6WMokqg4=;
	h=From:To:Cc:References:In-Reply-To:Subject:Date;
	b=evVWgwRSrtFjp/KzaGcaVe8gcfsrCjA9JlMpbOnd4126o1z95d1BfD1M+S12E5okc
	 lv3F3F04LVfA1EqmfZd0OWz+SIcBqfWheR7PTKiI/Pk2MtVW1l6bkI0apm/5xH0wuw
	 /PWhFwgsL2sn6PHjvowtEHeJdIPG9/FdunIqB1ko=
Received: from localhost (localhost [127.0.0.1])
	by walk.intel-email.com (Postfix) with ESMTP id F24EFCD1F80B
	for <devel@edk2.groups.io>; Mon,  7 Nov 2022 09:32:38 +0800 (CST)
Received: from walk.intel-email.com (localhost [127.0.0.1])
	by walk.intel-email.com (Postfix) with ESMTP id B8DC2CD1F7F2
	for <devel@edk2.groups.io>; Mon,  7 Nov 2022 09:32:38 +0800 (CST)
Authentication-Results: walk.intel-email.com; none
Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242])
	by walk.intel-email.com (Postfix) with SMTP id 4236DCD1F800
	for <devel@edk2.groups.io>; Mon,  7 Nov 2022 09:32:33 +0800 (CST)
Received: from DESKTOPS6D0PVI ([58.246.60.130])
	(envelope-sender <gaoliming@byosoft.com.cn>)
	by 192.168.6.13 with ESMTP
	for <devel@edk2.groups.io>; Mon, 07 Nov 2022 09:32:32 +0800
X-WM-Sender: gaoliming@byosoft.com.cn
X-Originating-IP: 58.246.60.130
X-WM-AuthFlag: YES
X-WM-AuthUser: gaoliming@byosoft.com.cn
From: "gaoliming" <gaoliming@byosoft.com.cn>
To: <devel@edk2.groups.io>,
	<pedro.falcato@gmail.com>
Cc: "'Vitaly Cheptsov'" <vit9696@protonmail.com>,
	=?UTF-8?Q?'Marvin_H=C3=A4user'?= <mhaeuser@posteo.de>,
	"'Michael D Kinney'" <michael.d.kinney@intel.com>,
	"'Zhiguang Liu'" <zhiguang.liu@intel.com>,
	"'Jiewen Yao'" <Jiewen.yao@intel.com>
References: <20221103011149.659815-1-pedro.falcato@gmail.com> <000201d8efeb$f43533b0$dc9f9b10$@byosoft.com.cn> <CAKbZUD2-QpmWyUS2MpH9cMPG8hJW-GseAAS9qviH8EGkWG=Xgg@mail.gmail.com>
In-Reply-To: <CAKbZUD2-QpmWyUS2MpH9cMPG8hJW-GseAAS9qviH8EGkWG=Xgg@mail.gmail.com>
Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0g5Zue5aSNOiBbUEFUQ0ggdjMgMS8xXSBNZGVQa2cvQmFzZUxpYjogRml4IG91dC1vZi1ib3VuZHMgcmVhZHMgaW4gU2FmZVN0cmluZw==?=
Date: Mon, 7 Nov 2022 09:32:33 +0800
Message-ID: <016b01d8f248$cf2d28c0$6d877a40$@byosoft.com.cn>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGxUQmPs9Y0Oj1QXXhCb6uJwyhXFgFM4/pIAnxOcZyuY6Xo4A==
Sender: "gaoliming" <gaoliming@byosoft.com.cn>
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_016C_01D8F28B.DD51EF60"
Content-Language: zh-cn

------=_NextPart_000_016C_01D8F28B.DD51EF60
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Create https://github.com/tianocore/edk2/pull/3604 to merge this patch.

=20

Thanks

Liming

=E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io <devel@edk2.groups.io> =
=E4=BB=A3=E8=A1=A8 Pedro Falcato
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B411=E6=9C=885=E6=97=A5 8:=
25
=E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io; gaoliming@byosoft.com.cn
=E6=8A=84=E9=80=81: Vitaly Cheptsov <vit9696@protonmail.com>; Marvin H=C3=
=A4user <mhaeuser@posteo.de>; Michael D Kinney <michael.d.kinney@intel.com>=
; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen Yao <Jiewen.yao@intel.com>
=E4=B8=BB=E9=A2=98: Re: [edk2-devel] =E5=9B=9E=E5=A4=8D: [PATCH v3 1/1] Mde=
Pkg/BaseLib: Fix out-of-bounds reads in SafeString

=20

Hi Liming,

=20

Thank you for the review. Can we please push this in time for the stable ta=
g?

=20

Thanks,

Pedro

=20

On Fri, Nov 4, 2022 at 1:22 AM gaoliming via groups.io <http://groups.io>  =
<gaoliming=3Dbyosoft.com.cn@groups.io <mailto:byosoft.com.cn@groups.io> > w=
rote:

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft=
.com.cn> >

> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> =E5=8F=91=E4=BB=B6=E4=BA=BA: Pedro Falcato <pedro.falcato@gmail.com <mail=
to:pedro.falcato@gmail.com> >
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B411=E6=9C=883=E6=97=A5 =
9:12
> =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io <mailto:devel@edk2.grou=
ps.io>=20
> =E6=8A=84=E9=80=81: Pedro Falcato <pedro.falcato@gmail.com <mailto:pedro.=
falcato@gmail.com> >; Vitaly Cheptsov
> <vit9696@protonmail.com <mailto:vit9696@protonmail.com> >; Marvin H=C3=A4=
user <mhaeuser@posteo.de <mailto:mhaeuser@posteo.de> >;
> Michael D Kinney <michael.d.kinney@intel.com <mailto:michael.d.kinney@int=
el.com> >; Liming Gao
> <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; Zhiguang L=
iu <zhiguang.liu@intel.com <mailto:zhiguang.liu@intel.com> >; Jiewen
> Yao <Jiewen.yao@Intel.com <mailto:Jiewen.yao@Intel.com> >
> =E4=B8=BB=E9=A2=98: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds read=
s in SafeString
>=20
> There was a OOB access in *StrHexTo* functions, when passed strings like
> "XDEADBEEF".
>=20
> OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe,
> which was able to catch these (mostly harmless) issues.
>=20
> Cc: Vitaly Cheptsov <vit9696@protonmail.com <mailto:vit9696@protonmail.co=
m> >
> Cc: Marvin H=C3=A4user <mhaeuser@posteo.de <mailto:mhaeuser@posteo.de> >
> Cc: Michael D Kinney <michael.d.kinney@intel.com <mailto:michael.d.kinney=
@intel.com> >
> Cc: Liming Gao <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn=
> >
> Cc: Zhiguang Liu <zhiguang.liu@intel.com <mailto:zhiguang.liu@intel.com> =
>
> Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com <mailto:pedro.falca=
to@gmail.com> >
> Acked-by: Michael D Kinney <michael.d.kinney@intel.com <mailto:michael.d.=
kinney@intel.com> >
> Reviewed-by: Jiewen Yao <Jiewen.yao@Intel.com <mailto:Jiewen.yao@Intel.co=
m> >
> ---
>  MdePkg/Library/BaseLib/SafeString.c | 25 +++++++++++++++++++++----
>  1 file changed, 21 insertions(+), 4 deletions(-)
>=20
> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> index f338a32a3a41..b75b33381732 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -863,6 +863,9 @@ StrHexToUintnS (
>    OUT       UINTN   *Data
>    )
>  {
> +  BOOLEAN  FoundLeadingZero;
> +
> +  FoundLeadingZero =3D FALSE;
>    ASSERT (((UINTN)String & BIT0) =3D=3D 0);
>=20
>    //
> @@ -892,12 +895,14 @@ StrHexToUintnS (
>    //
>    // Ignore leading Zeros after the spaces
>    //
> +
> +  FoundLeadingZero =3D *String =3D=3D L'0';
>    while (*String =3D=3D L'0') {
>      String++;
>    }
>=20
>    if (CharToUpper (*String) =3D=3D L'X') {
> -    if (*(String - 1) !=3D L'0') {
> +    if (!FoundLeadingZero) {
>        *Data =3D 0;
>        return RETURN_SUCCESS;
>      }
> @@ -992,6 +997,9 @@ StrHexToUint64S (
>    OUT       UINT64  *Data
>    )
>  {
> +  BOOLEAN  FoundLeadingZero;
> +
> +  FoundLeadingZero =3D FALSE;
>    ASSERT (((UINTN)String & BIT0) =3D=3D 0);
>=20
>    //
> @@ -1021,12 +1029,13 @@ StrHexToUint64S (
>    //
>    // Ignore leading Zeros after the spaces
>    //
> +  FoundLeadingZero =3D *String =3D=3D L'0';
>    while (*String =3D=3D L'0') {
>      String++;
>    }
>=20
>    if (CharToUpper (*String) =3D=3D L'X') {
> -    if (*(String - 1) !=3D L'0') {
> +    if (!FoundLeadingZero) {
>        *Data =3D 0;
>        return RETURN_SUCCESS;
>      }
> @@ -2393,6 +2402,9 @@ AsciiStrHexToUintnS (
>    OUT       UINTN  *Data
>    )
>  {
> +  BOOLEAN  FoundLeadingZero;
> +
> +  FoundLeadingZero =3D FALSE;
>    //
>    // 1. Neither String nor Data shall be a null pointer.
>    //
> @@ -2420,12 +2432,13 @@ AsciiStrHexToUintnS (
>    //
>    // Ignore leading Zeros after the spaces
>    //
> +  FoundLeadingZero =3D *String =3D=3D '0';
>    while (*String =3D=3D '0') {
>      String++;
>    }
>=20
>    if (AsciiCharToUpper (*String) =3D=3D 'X') {
> -    if (*(String - 1) !=3D '0') {
> +    if (!FoundLeadingZero) {
>        *Data =3D 0;
>        return RETURN_SUCCESS;
>      }
> @@ -2517,6 +2530,9 @@ AsciiStrHexToUint64S (
>    OUT       UINT64  *Data
>    )
>  {
> +  BOOLEAN  FoundLeadingZero;
> +
> +  FoundLeadingZero =3D FALSE;
>    //
>    // 1. Neither String nor Data shall be a null pointer.
>    //
> @@ -2544,12 +2560,13 @@ AsciiStrHexToUint64S (
>    //
>    // Ignore leading Zeros after the spaces
>    //
> +  FoundLeadingZero =3D *String =3D=3D '0';
>    while (*String =3D=3D '0') {
>      String++;
>    }
>=20
>    if (AsciiCharToUpper (*String) =3D=3D 'X') {
> -    if (*(String - 1) !=3D '0') {
> +    if (!FoundLeadingZero) {
>        *Data =3D 0;
>        return RETURN_SUCCESS;
>      }
> --
> 2.38.1











--=20

Pedro Falcato




------=_NextPart_000_016C_01D8F28B.DD51EF60
Content-Type: text/html;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dutf-8"><meta name=3DGenerator content=3D"Microsoft=
 Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#defaul=
t#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:=E5=AE=8B=E4=BD=93;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:=E7=AD=89=E7=BA=BF;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"\@=E7=AD=89=E7=BA=BF";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"\@=E5=AE=8B=E4=BD=93";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:12.0pt;
	font-family:=E5=AE=8B=E4=BD=93;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
span.EmailStyle20
	{mso-style-type:personal-reply;
	font-family:=E7=AD=89=E7=BA=BF;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:=E7=AD=89=E7=BA=BF;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DZH-CN link=3Dblue vli=
nk=3Dpurple style=3D'word-wrap:break-word'><div class=3DWordSection1><p cla=
ss=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt;font-family:=E7=
=AD=89=E7=BA=BF'>Create <a href=3D"https://github.com/tianocore/edk2/pull/3=
604">https://github.com/tianocore/edk2/pull/3604</a> to merge this patch.<o=
:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-US style=3D'font-s=
ize:10.5pt;font-family:=E7=AD=89=E7=BA=BF'><o:p>&nbsp;</o:p></span></p><p c=
lass=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt;font-family:=
=E7=AD=89=E7=BA=BF'>Thanks<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US style=3D'font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF'>Limi=
ng<o:p></o:p></span></p><div style=3D'border:none;border-left:solid blue 1.=
5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style=3D'border:none;border-top:so=
lid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=3DMsoNormal><b><span =
style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'>=E5=8F=91=E4=BB=
=B6=E4=BA=BA<span lang=3DEN-US>:</span></span></b><span lang=3DEN-US style=
=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'> devel@edk2.groups.io =
&lt;devel@edk2.groups.io&gt; </span><b><span style=3D'font-size:11.0pt;font=
-family:=E7=AD=89=E7=BA=BF'>=E4=BB=A3=E8=A1=A8 </span></b><span lang=3DEN-U=
S style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'>Pedro Falcato<b=
r></span><b><span style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF'=
>=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4<span lang=3DEN-US>:</span></span></b>=
<span lang=3DEN-US style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=BF=
'> 2022</span><span style=3D'font-size:11.0pt;font-family:=E7=AD=89=E7=BA=
=BF'>=E5=B9=B4<span lang=3DEN-US>11</span>=E6=9C=88<span lang=3DEN-US>5</sp=
an>=E6=97=A5<span lang=3DEN-US> 8:25<br></span><b>=E6=94=B6=E4=BB=B6=E4=BA=
=BA<span lang=3DEN-US>:</span></b><span lang=3DEN-US> devel@edk2.groups.io;=
 gaoliming@byosoft.com.cn<br></span><b>=E6=8A=84=E9=80=81<span lang=3DEN-US=
>:</span></b><span lang=3DEN-US> Vitaly Cheptsov &lt;vit9696@protonmail.com=
&gt;; Marvin H=C3=A4user &lt;mhaeuser@posteo.de&gt;; Michael D Kinney &lt;m=
ichael.d.kinney@intel.com&gt;; Zhiguang Liu &lt;zhiguang.liu@intel.com&gt;;=
 Jiewen Yao &lt;Jiewen.yao@intel.com&gt;<br></span><b>=E4=B8=BB=E9=A2=98<sp=
an lang=3DEN-US>:</span></b><span lang=3DEN-US> Re: [edk2-devel] </span>=E5=
=9B=9E=E5=A4=8D<span lang=3DEN-US>: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-=
of-bounds reads in SafeString<o:p></o:p></span></span></p></div></div><p cl=
ass=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p><div><div><p=
 class=3DMsoNormal><span lang=3DEN-US>Hi Liming,<o:p></o:p></span></p></div=
><div><p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span></p><=
/div><div><p class=3DMsoNormal><span lang=3DEN-US>Thank you for the review.=
 Can we please push this in time for the stable tag?<o:p></o:p></span></p><=
/div><div><p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;</o:p></span><=
/p></div><div><p class=3DMsoNormal><span lang=3DEN-US>Thanks,<o:p></o:p></s=
pan></p></div><div><p class=3DMsoNormal><span lang=3DEN-US>Pedro<o:p></o:p>=
</span></p></div></div><p class=3DMsoNormal><span lang=3DEN-US><o:p>&nbsp;<=
/o:p></span></p><div><div><p class=3DMsoNormal><span lang=3DEN-US>On Fri, N=
ov 4, 2022 at 1:22 AM gaoliming via <a href=3D"http://groups.io">groups.io<=
/a> &lt;gaoliming=3D<a href=3D"mailto:byosoft.com.cn@groups.io">byosoft.com=
.cn@groups.io</a>&gt; wrote:<o:p></o:p></span></p></div><blockquote style=
=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;m=
argin-left:4.8pt;margin-right:0cm'><p class=3DMsoNormal style=3D'margin-bot=
tom:12.0pt'><span lang=3DEN-US>Reviewed-by: Liming Gao &lt;<a href=3D"mailt=
o:gaoliming@byosoft.com.cn" target=3D"_blank">gaoliming@byosoft.com.cn</a>&=
gt;<br><br>&gt; -----</span>=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6<span lang=
=3DEN-US>-----<br>&gt; </span>=E5=8F=91=E4=BB=B6=E4=BA=BA<span lang=3DEN-US=
>: Pedro Falcato &lt;<a href=3D"mailto:pedro.falcato@gmail.com" target=3D"_=
blank">pedro.falcato@gmail.com</a>&gt;<br>&gt; </span>=E5=8F=91=E9=80=81=E6=
=97=B6=E9=97=B4<span lang=3DEN-US>: 2022</span>=E5=B9=B4<span lang=3DEN-US>=
11</span>=E6=9C=88<span lang=3DEN-US>3</span>=E6=97=A5<span lang=3DEN-US> 9=
:12<br>&gt; </span>=E6=94=B6=E4=BB=B6=E4=BA=BA<span lang=3DEN-US>: <a href=
=3D"mailto:devel@edk2.groups.io" target=3D"_blank">devel@edk2.groups.io</a>=
<br>&gt; </span>=E6=8A=84=E9=80=81<span lang=3DEN-US>: Pedro Falcato &lt;<a=
 href=3D"mailto:pedro.falcato@gmail.com" target=3D"_blank">pedro.falcato@gm=
ail.com</a>&gt;; Vitaly Cheptsov<br>&gt; &lt;<a href=3D"mailto:vit9696@prot=
onmail.com" target=3D"_blank">vit9696@protonmail.com</a>&gt;; Marvin H=C3=
=A4user &lt;<a href=3D"mailto:mhaeuser@posteo.de" target=3D"_blank">mhaeuse=
r@posteo.de</a>&gt;;<br>&gt; Michael D Kinney &lt;<a href=3D"mailto:michael=
.d.kinney@intel.com" target=3D"_blank">michael.d.kinney@intel.com</a>&gt;; =
Liming Gao<br>&gt; &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn" target=
=3D"_blank">gaoliming@byosoft.com.cn</a>&gt;; Zhiguang Liu &lt;<a href=3D"m=
ailto:zhiguang.liu@intel.com" target=3D"_blank">zhiguang.liu@intel.com</a>&=
gt;; Jiewen<br>&gt; Yao &lt;<a href=3D"mailto:Jiewen.yao@Intel.com">Jiewen.=
yao@Intel.com</a>&gt;<br>&gt; </span>=E4=B8=BB=E9=A2=98<span lang=3DEN-US>:=
 [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in SafeString<br>&g=
t; <br>&gt; There was a OOB access in *StrHexTo* functions, when passed str=
ings like<br>&gt; &quot;XDEADBEEF&quot;.<br>&gt; <br>&gt; OpenCore folks es=
tablished an ASAN-equipped project to fuzz Ext4Dxe,<br>&gt; which was able =
to catch these (mostly harmless) issues.<br>&gt; <br>&gt; Cc: Vitaly Chepts=
ov &lt;<a href=3D"mailto:vit9696@protonmail.com" target=3D"_blank">vit9696@=
protonmail.com</a>&gt;<br>&gt; Cc: Marvin H=C3=A4user &lt;<a href=3D"mailto=
:mhaeuser@posteo.de" target=3D"_blank">mhaeuser@posteo.de</a>&gt;<br>&gt; C=
c: Michael D Kinney &lt;<a href=3D"mailto:michael.d.kinney@intel.com" targe=
t=3D"_blank">michael.d.kinney@intel.com</a>&gt;<br>&gt; Cc: Liming Gao &lt;=
<a href=3D"mailto:gaoliming@byosoft.com.cn" target=3D"_blank">gaoliming@byo=
soft.com.cn</a>&gt;<br>&gt; Cc: Zhiguang Liu &lt;<a href=3D"mailto:zhiguang=
.liu@intel.com" target=3D"_blank">zhiguang.liu@intel.com</a>&gt;<br>&gt; Si=
gned-off-by: Pedro Falcato &lt;<a href=3D"mailto:pedro.falcato@gmail.com" t=
arget=3D"_blank">pedro.falcato@gmail.com</a>&gt;<br>&gt; Acked-by: Michael =
D Kinney &lt;<a href=3D"mailto:michael.d.kinney@intel.com" target=3D"_blank=
">michael.d.kinney@intel.com</a>&gt;<br>&gt; Reviewed-by: Jiewen Yao &lt;<a=
 href=3D"mailto:Jiewen.yao@Intel.com">Jiewen.yao@Intel.com</a>&gt;<br>&gt; =
---<br>&gt;&nbsp; MdePkg/Library/BaseLib/SafeString.c | 25 ++++++++++++++++=
+++++----<br>&gt;&nbsp; 1 file changed, 21 insertions(+), 4 deletions(-)<br=
>&gt; <br>&gt; diff --git a/MdePkg/Library/BaseLib/SafeString.c<br>&gt; b/M=
dePkg/Library/BaseLib/SafeString.c<br>&gt; index f338a32a3a41..b75b33381732=
 100644<br>&gt; --- a/MdePkg/Library/BaseLib/SafeString.c<br>&gt; +++ b/Mde=
Pkg/Library/BaseLib/SafeString.c<br>&gt; @@ -863,6 +863,9 @@ StrHexToUintnS=
 (<br>&gt;&nbsp; &nbsp; OUT&nbsp; &nbsp; &nbsp; &nbsp;UINTN&nbsp; &nbsp;*Da=
ta<br>&gt;&nbsp; &nbsp; )<br>&gt;&nbsp; {<br>&gt; +&nbsp; BOOLEAN&nbsp; Fou=
ndLeadingZero;<br>&gt; +<br>&gt; +&nbsp; FoundLeadingZero =3D FALSE;<br>&gt=
;&nbsp; &nbsp; ASSERT (((UINTN)String &amp; BIT0) =3D=3D 0);<br>&gt; <br>&g=
t;&nbsp; &nbsp; //<br>&gt; @@ -892,12 +895,14 @@ StrHexToUintnS (<br>&gt;&n=
bsp; &nbsp; //<br>&gt;&nbsp; &nbsp; // Ignore leading Zeros after the space=
s<br>&gt;&nbsp; &nbsp; //<br>&gt; +<br>&gt; +&nbsp; FoundLeadingZero =3D *S=
tring =3D=3D L'0';<br>&gt;&nbsp; &nbsp; while (*String =3D=3D L'0') {<br>&g=
t;&nbsp; &nbsp; &nbsp; String++;<br>&gt;&nbsp; &nbsp; }<br>&gt; <br>&gt;&nb=
sp; &nbsp; if (CharToUpper (*String) =3D=3D L'X') {<br>&gt; -&nbsp; &nbsp; =
if (*(String - 1) !=3D L'0') {<br>&gt; +&nbsp; &nbsp; if (!FoundLeadingZero=
) {<br>&gt;&nbsp; &nbsp; &nbsp; &nbsp; *Data =3D 0;<br>&gt;&nbsp; &nbsp; &n=
bsp; &nbsp; return RETURN_SUCCESS;<br>&gt;&nbsp; &nbsp; &nbsp; }<br>&gt; @@=
 -992,6 +997,9 @@ StrHexToUint64S (<br>&gt;&nbsp; &nbsp; OUT&nbsp; &nbsp; &=
nbsp; &nbsp;UINT64&nbsp; *Data<br>&gt;&nbsp; &nbsp; )<br>&gt;&nbsp; {<br>&g=
t; +&nbsp; BOOLEAN&nbsp; FoundLeadingZero;<br>&gt; +<br>&gt; +&nbsp; FoundL=
eadingZero =3D FALSE;<br>&gt;&nbsp; &nbsp; ASSERT (((UINTN)String &amp; BIT=
0) =3D=3D 0);<br>&gt; <br>&gt;&nbsp; &nbsp; //<br>&gt; @@ -1021,12 +1029,13=
 @@ StrHexToUint64S (<br>&gt;&nbsp; &nbsp; //<br>&gt;&nbsp; &nbsp; // Ignor=
e leading Zeros after the spaces<br>&gt;&nbsp; &nbsp; //<br>&gt; +&nbsp; Fo=
undLeadingZero =3D *String =3D=3D L'0';<br>&gt;&nbsp; &nbsp; while (*String=
 =3D=3D L'0') {<br>&gt;&nbsp; &nbsp; &nbsp; String++;<br>&gt;&nbsp; &nbsp; =
}<br>&gt; <br>&gt;&nbsp; &nbsp; if (CharToUpper (*String) =3D=3D L'X') {<br=
>&gt; -&nbsp; &nbsp; if (*(String - 1) !=3D L'0') {<br>&gt; +&nbsp; &nbsp; =
if (!FoundLeadingZero) {<br>&gt;&nbsp; &nbsp; &nbsp; &nbsp; *Data =3D 0;<br=
>&gt;&nbsp; &nbsp; &nbsp; &nbsp; return RETURN_SUCCESS;<br>&gt;&nbsp; &nbsp=
; &nbsp; }<br>&gt; @@ -2393,6 +2402,9 @@ AsciiStrHexToUintnS (<br>&gt;&nbsp=
; &nbsp; OUT&nbsp; &nbsp; &nbsp; &nbsp;UINTN&nbsp; *Data<br>&gt;&nbsp; &nbs=
p; )<br>&gt;&nbsp; {<br>&gt; +&nbsp; BOOLEAN&nbsp; FoundLeadingZero;<br>&gt=
; +<br>&gt; +&nbsp; FoundLeadingZero =3D FALSE;<br>&gt;&nbsp; &nbsp; //<br>=
&gt;&nbsp; &nbsp; // 1. Neither String nor Data shall be a null pointer.<br=
>&gt;&nbsp; &nbsp; //<br>&gt; @@ -2420,12 +2432,13 @@ AsciiStrHexToUintnS (=
<br>&gt;&nbsp; &nbsp; //<br>&gt;&nbsp; &nbsp; // Ignore leading Zeros after=
 the spaces<br>&gt;&nbsp; &nbsp; //<br>&gt; +&nbsp; FoundLeadingZero =3D *S=
tring =3D=3D '0';<br>&gt;&nbsp; &nbsp; while (*String =3D=3D '0') {<br>&gt;=
&nbsp; &nbsp; &nbsp; String++;<br>&gt;&nbsp; &nbsp; }<br>&gt; <br>&gt;&nbsp=
; &nbsp; if (AsciiCharToUpper (*String) =3D=3D 'X') {<br>&gt; -&nbsp; &nbsp=
; if (*(String - 1) !=3D '0') {<br>&gt; +&nbsp; &nbsp; if (!FoundLeadingZer=
o) {<br>&gt;&nbsp; &nbsp; &nbsp; &nbsp; *Data =3D 0;<br>&gt;&nbsp; &nbsp; &=
nbsp; &nbsp; return RETURN_SUCCESS;<br>&gt;&nbsp; &nbsp; &nbsp; }<br>&gt; @=
@ -2517,6 +2530,9 @@ AsciiStrHexToUint64S (<br>&gt;&nbsp; &nbsp; OUT&nbsp; =
&nbsp; &nbsp; &nbsp;UINT64&nbsp; *Data<br>&gt;&nbsp; &nbsp; )<br>&gt;&nbsp;=
 {<br>&gt; +&nbsp; BOOLEAN&nbsp; FoundLeadingZero;<br>&gt; +<br>&gt; +&nbsp=
; FoundLeadingZero =3D FALSE;<br>&gt;&nbsp; &nbsp; //<br>&gt;&nbsp; &nbsp; =
// 1. Neither String nor Data shall be a null pointer.<br>&gt;&nbsp; &nbsp;=
 //<br>&gt; @@ -2544,12 +2560,13 @@ AsciiStrHexToUint64S (<br>&gt;&nbsp; &n=
bsp; //<br>&gt;&nbsp; &nbsp; // Ignore leading Zeros after the spaces<br>&g=
t;&nbsp; &nbsp; //<br>&gt; +&nbsp; FoundLeadingZero =3D *String =3D=3D '0';=
<br>&gt;&nbsp; &nbsp; while (*String =3D=3D '0') {<br>&gt;&nbsp; &nbsp; &nb=
sp; String++;<br>&gt;&nbsp; &nbsp; }<br>&gt; <br>&gt;&nbsp; &nbsp; if (Asci=
iCharToUpper (*String) =3D=3D 'X') {<br>&gt; -&nbsp; &nbsp; if (*(String - =
1) !=3D '0') {<br>&gt; +&nbsp; &nbsp; if (!FoundLeadingZero) {<br>&gt;&nbsp=
; &nbsp; &nbsp; &nbsp; *Data =3D 0;<br>&gt;&nbsp; &nbsp; &nbsp; &nbsp; retu=
rn RETURN_SUCCESS;<br>&gt;&nbsp; &nbsp; &nbsp; }<br>&gt; --<br>&gt; 2.38.1<=
br><br><br><br><br><br><br><br><o:p></o:p></span></p></blockquote></div><p =
class=3DMsoNormal><span lang=3DEN-US><br clear=3Dall><br>-- <o:p></o:p></sp=
an></p><div><div><p class=3DMsoNormal><span lang=3DEN-US>Pedro Falcato<o:p>=
</o:p></span></p></div></div><div><p class=3DMsoNormal></o:p></span></p></d=
iv></div></div></body></html>

------=_NextPart_000_016C_01D8F28B.DD51EF60--