public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH 0/2] Fix incomplete print output
@ 2018-01-02  8:20 Jian J Wang
  2018-01-02  8:20 ` [PATCH 1/2] MdePkg/BasePrintLib: " Jian J Wang
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jian J Wang @ 2018-01-02  8:20 UTC (permalink / raw)
  To: edk2-devel

This is caused by previous patch tring to fix string over-read. The root
cause is that the format string may be ascii or unicode but that patch
assumes it just ascii string.

Jian J Wang (2):
  MdePkg/BasePrintLib: Fix incomplete print output
  MdeModulePkg/DxePrintLibPrint2Protocol: Fix incomplete print output

 MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 8 ++++++--
 MdePkg/Library/BasePrintLib/PrintLibInternal.c            | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

-- 
2.15.1.windows.2



^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH 1/2] MdePkg/BasePrintLib: Fix incomplete print output
  2018-01-02  8:20 [PATCH 0/2] Fix incomplete print output Jian J Wang
@ 2018-01-02  8:20 ` Jian J Wang
  2018-01-02  8:20 ` [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: " Jian J Wang
  2018-01-02  8:28 ` [PATCH 0/2] " Gao, Liming
  2 siblings, 0 replies; 5+ messages in thread
From: Jian J Wang @ 2018-01-02  8:20 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael D Kinney, Liming Gao, Star Zeng, Ard Biesheuvel

This is caused by previous patch which tried to fix string over-read,
which breaks UEFI menu rendering: the following

/------------------------------------------------------------------------------\
|                               Device Manager                                 |
\------------------------------------------------------------------------------/

is rendered as

/\
|                               Device Manager                                 |
\/.0                                                 2.00 GHz

(the spurious digits are SMBIOS data from the home screen)

The problem appears to be that the CHAR16 value of BOXDRAW_HORIZONTAL
equals 0x2500, which means that testing ArgumentString[] != '\0'
(which tests the low byte only) will yield FALSE and terminate the
loop prematurely.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdePkg/Library/BasePrintLib/PrintLibInternal.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
index fc57255068..6f19b31449 100644
--- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
+++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
@@ -1108,7 +1108,9 @@ BasePrintLibSPrintMarker (
       // ArgumentString is either null-terminated, or it contains Precision characters
       //
       for (Count = 0;
-            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
+            (ArgumentString[Count * BytesPerArgumentCharacter] != '\0' ||
+             (BytesPerArgumentCharacter > 1 &&
+              ArgumentString[Count * BytesPerArgumentCharacter + 1]!= '\0')) &&
             (Count < Precision || ((Flags & PRECISION) == 0));
               Count++) {
         ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
@@ -1167,7 +1169,9 @@ BasePrintLibSPrintMarker (
     //
     // Copy the string into the output buffer performing the required type conversions
     //
-    while (Index < Count && (*ArgumentString) != '\0') {
+    while (Index < Count &&
+           (ArgumentString[0] != '\0' ||
+            (BytesPerArgumentCharacter > 1 && ArgumentString[1] != '\0'))) {
       ArgumentCharacter = ((*ArgumentString & 0xff) | (((UINT8)*(ArgumentString + 1)) << 8)) & ArgumentMask;
 
       LengthToReturn += (1 * BytesPerOutputCharacter);
-- 
2.15.1.windows.2



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: Fix incomplete print output
  2018-01-02  8:20 [PATCH 0/2] Fix incomplete print output Jian J Wang
  2018-01-02  8:20 ` [PATCH 1/2] MdePkg/BasePrintLib: " Jian J Wang
@ 2018-01-02  8:20 ` Jian J Wang
  2018-01-02  8:27   ` Zeng, Star
  2018-01-02  8:28 ` [PATCH 0/2] " Gao, Liming
  2 siblings, 1 reply; 5+ messages in thread
From: Jian J Wang @ 2018-01-02  8:20 UTC (permalink / raw)
  To: edk2-devel; +Cc: Liming Gao, Jiewen Yao, Star Zeng

This is caused by a previous patch which tried to fix string over-read.
It's found that that patch for PrintLib in MdePkg will cause premature
terminating of loop used to traversing format string and cause incomplete
string output. Because this library uses similar code to do the same
job, it has the same issue too. So the fix is also the same.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
index 0e6178fc9c..e09520c81b 100644
--- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
+++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
@@ -2051,7 +2051,9 @@ InternalPrintLibSPrintMarker (
       // ArgumentString is either null-terminated, or it contains Precision characters
       //
       for (Count = 0;
-            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
+            (ArgumentString[Count * BytesPerArgumentCharacter] != '\0' ||
+             (BytesPerArgumentCharacter > 1 &&
+              ArgumentString[Count * BytesPerArgumentCharacter + 1]!= '\0')) &&
             (Count < Precision || ((Flags & PRECISION) == 0));
             Count++) {
         ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
@@ -2110,7 +2112,9 @@ InternalPrintLibSPrintMarker (
     //
     // Copy the string into the output buffer performing the required type conversions
     //
-    while (Index < Count && (*ArgumentString) != '\0') {
+    while (Index < Count &&
+           (ArgumentString[0] != '\0' ||
+            (BytesPerArgumentCharacter > 1 && ArgumentString[1] != '\0'))) {
       ArgumentCharacter = ((*ArgumentString & 0xff) | (((UINT8)*(ArgumentString + 1)) << 8)) & ArgumentMask;
 
       LengthToReturn += (1 * BytesPerOutputCharacter);
-- 
2.15.1.windows.2



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: Fix incomplete print output
  2018-01-02  8:20 ` [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: " Jian J Wang
@ 2018-01-02  8:27   ` Zeng, Star
  0 siblings, 0 replies; 5+ messages in thread
From: Zeng, Star @ 2018-01-02  8:27 UTC (permalink / raw)
  To: Wang, Jian J, edk2-devel@lists.01.org
  Cc: Gao, Liming, Yao, Jiewen, Zeng, Star

Reviewed-by: Star Zeng <star.zeng@intel.com>

Thanks,
Star
-----Original Message-----
From: Wang, Jian J 
Sent: Tuesday, January 2, 2018 4:20 PM
To: edk2-devel@lists.01.org
Cc: Gao, Liming <liming.gao@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: Fix incomplete print output

This is caused by a previous patch which tried to fix string over-read.
It's found that that patch for PrintLib in MdePkg will cause premature terminating of loop used to traversing format string and cause incomplete string output. Because this library uses similar code to do the same job, it has the same issue too. So the fix is also the same.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
index 0e6178fc9c..e09520c81b 100644
--- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
+++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
@@ -2051,7 +2051,9 @@ InternalPrintLibSPrintMarker (
       // ArgumentString is either null-terminated, or it contains Precision characters
       //
       for (Count = 0;
-            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
+            (ArgumentString[Count * BytesPerArgumentCharacter] != '\0' ||
+             (BytesPerArgumentCharacter > 1 &&
+              ArgumentString[Count * BytesPerArgumentCharacter + 1]!= 
+ '\0')) &&
             (Count < Precision || ((Flags & PRECISION) == 0));
             Count++) {
         ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; @@ -2110,7 +2112,9 @@ InternalPrintLibSPrintMarker (
     //
     // Copy the string into the output buffer performing the required type conversions
     //
-    while (Index < Count && (*ArgumentString) != '\0') {
+    while (Index < Count &&
+           (ArgumentString[0] != '\0' ||
+            (BytesPerArgumentCharacter > 1 && ArgumentString[1] != 
+ '\0'))) {
       ArgumentCharacter = ((*ArgumentString & 0xff) | (((UINT8)*(ArgumentString + 1)) << 8)) & ArgumentMask;
 
       LengthToReturn += (1 * BytesPerOutputCharacter);
--
2.15.1.windows.2



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 0/2] Fix incomplete print output
  2018-01-02  8:20 [PATCH 0/2] Fix incomplete print output Jian J Wang
  2018-01-02  8:20 ` [PATCH 1/2] MdePkg/BasePrintLib: " Jian J Wang
  2018-01-02  8:20 ` [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: " Jian J Wang
@ 2018-01-02  8:28 ` Gao, Liming
  2 siblings, 0 replies; 5+ messages in thread
From: Gao, Liming @ 2018-01-02  8:28 UTC (permalink / raw)
  To: Wang, Jian J, edk2-devel@lists.01.org

Reviewed-by: Liming Gao <liming.gao@intel.com>

>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian
>J Wang
>Sent: Tuesday, January 02, 2018 4:20 PM
>To: edk2-devel@lists.01.org
>Subject: [edk2] [PATCH 0/2] Fix incomplete print output
>
>This is caused by previous patch tring to fix string over-read. The root
>cause is that the format string may be ascii or unicode but that patch
>assumes it just ascii string.
>
>Jian J Wang (2):
>  MdePkg/BasePrintLib: Fix incomplete print output
>  MdeModulePkg/DxePrintLibPrint2Protocol: Fix incomplete print output
>
> MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 8 ++++++--
> MdePkg/Library/BasePrintLib/PrintLibInternal.c            | 8 ++++++--
> 2 files changed, 12 insertions(+), 4 deletions(-)
>
>--
>2.15.1.windows.2
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-02  8:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-02  8:20 [PATCH 0/2] Fix incomplete print output Jian J Wang
2018-01-02  8:20 ` [PATCH 1/2] MdePkg/BasePrintLib: " Jian J Wang
2018-01-02  8:20 ` [PATCH 2/2] MdeModulePkg/DxePrintLibPrint2Protocol: " Jian J Wang
2018-01-02  8:27   ` Zeng, Star
2018-01-02  8:28 ` [PATCH 0/2] " Gao, Liming

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox