From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 869A481C61
 for <edk2-devel@lists.01.org>; Wed, 14 Dec 2016 03:27:02 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP; 14 Dec 2016 03:27:02 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,346,1477983600"; d="scan'208";a="1071935620"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.34])
 by orsmga001.jf.intel.com with ESMTP; 14 Dec 2016 03:27:00 -0800
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Liming Gao <liming.gao@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>
Date: Wed, 14 Dec 2016 19:26:47 +0800
Message-Id: <1481714811-12568-3-git-send-email-hao.a.wu@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.0
In-Reply-To: <1481714811-12568-1-git-send-email-hao.a.wu@intel.com>
References: <1481714811-12568-1-git-send-email-hao.a.wu@intel.com>
Subject: [PATCH 2/6] MdePkg/BaseLib: Add an additional check within (Ascii)StrnCmp
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 11:27:02 -0000

This commit adds an addtional check in AsciiStrnCmp and StrnCmp. It
explicitly checks the end of the sting pointed by 'SecondString' to make
the code logic easier for reading and to prevent possible mis-reports by
static code checkers.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 MdePkg/Library/BaseLib/String.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/String.c
index 25962f8..fa96d1c 100644
--- a/MdePkg/Library/BaseLib/String.c
+++ b/MdePkg/Library/BaseLib/String.c
@@ -1,7 +1,7 @@
 /** @file
   Unicode and ASCII string primitives.
 
-  Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -315,6 +315,7 @@ StrnCmp (
   }
 
   while ((*FirstString != L'\0') &&
+         (*SecondString != L'\0') &&
          (*FirstString == *SecondString) &&
          (Length > 1)) {
     FirstString++;
@@ -1474,6 +1475,7 @@ AsciiStrnCmp (
   }
 
   while ((*FirstString != '\0') &&
+         (*SecondString != '\0') &&
          (*FirstString == *SecondString) &&
          (Length > 1)) {
     FirstString++;
-- 
1.9.5.msysgit.0