* [PATCH 0/2] PrintLib: Add safe print functions [A|U]ValueToStringS
@ 2017-01-17 5:39 Hao Wu
2017-01-17 5:39 ` [PATCH 1/2] MdePkg/BasePrintLib: " Hao Wu
2017-01-17 5:39 ` [PATCH 2/2] MdeModulePkg/PrintLib: " Hao Wu
0 siblings, 2 replies; 3+ messages in thread
From: Hao Wu @ 2017-01-17 5:39 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao, Liming Gao, Michael Kinney
Add the following 2 safe print functions in PrintLib:
UnicodeValueToStringS
AsciiValueToStringS
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Hao Wu (2):
MdePkg/BasePrintLib: Add safe print functions [A|U]ValueToStringS
MdeModulePkg/PrintLib: Add safe print functions [A|U]ValueToStringS
.../Library/DxePrintLibPrint2Protocol/PrintLib.c | 219 ++++++++++++++++++++-
MdeModulePkg/Universal/PrintDxe/Print.c | 73 ++++++-
MdePkg/Include/Library/PrintLib.h | 121 ++++++++++++
MdePkg/Library/BasePrintLib/PrintLib.c | 128 ++++++++++++
MdePkg/Library/BasePrintLib/PrintLibInternal.c | 204 +++++++++++++++++++
MdePkg/Library/BasePrintLib/PrintLibInternal.h | 56 ++++++
6 files changed, 796 insertions(+), 5 deletions(-)
--
1.9.5.msysgit.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] MdePkg/BasePrintLib: Add safe print functions [A|U]ValueToStringS
2017-01-17 5:39 [PATCH 0/2] PrintLib: Add safe print functions [A|U]ValueToStringS Hao Wu
@ 2017-01-17 5:39 ` Hao Wu
2017-01-17 5:39 ` [PATCH 2/2] MdeModulePkg/PrintLib: " Hao Wu
1 sibling, 0 replies; 3+ messages in thread
From: Hao Wu @ 2017-01-17 5:39 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao, Liming Gao, Michael Kinney
Add the following 2 APIs:
UnicodeValueToStringS
AsciiValueToStringS
These safe version APIs are used to enhance their counterpart (APIs
without trailing 'S' in function names).
They perform checks to the input parameters and will return relative
status to reflect the check result.
Return RETURN_INVALID_PARAMETER when:
1). The input Buffer is NULL.
2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength *
sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than
PcdMaximumAsciiStringLength for AsciiValueToStringS.
3). The input Flags is not set properly.
4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS.
Return RETURN_BUFFER_TOO_SMALL when:
1). The input BufferSize cannot hold the converted value.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdePkg/Include/Library/PrintLib.h | 121 +++++++++++++++
MdePkg/Library/BasePrintLib/PrintLib.c | 128 ++++++++++++++++
MdePkg/Library/BasePrintLib/PrintLibInternal.c | 204 +++++++++++++++++++++++++
MdePkg/Library/BasePrintLib/PrintLibInternal.h | 56 +++++++
4 files changed, 509 insertions(+)
diff --git a/MdePkg/Include/Library/PrintLib.h b/MdePkg/Include/Library/PrintLib.h
index 5f66323..8c11dab 100644
--- a/MdePkg/Include/Library/PrintLib.h
+++ b/MdePkg/Include/Library/PrintLib.h
@@ -542,6 +542,67 @@ UnicodeValueToString (
);
/**
+ Converts a decimal value to a Null-terminated Unicode string.
+
+ Converts the decimal number specified by Value to a Null-terminated Unicode
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumUnicodeStringLength is not
+ zero, and BufferSize is greater than
+ (PcdMaximumUnicodeStringLength *
+ sizeof (CHAR16) + 1).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeValueToStringS (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ );
+
+/**
Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated
ASCII format string and a VA_LIST argument list.
@@ -871,6 +932,66 @@ AsciiValueToString (
);
/**
+ Converts a decimal value to a Null-terminated Ascii string.
+
+ Converts the decimal number specified by Value to a Null-terminated Ascii
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Ascii string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Ascii characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumAsciiStringLength is not
+ zero, and BufferSize is greater than
+ PcdMaximumAsciiStringLength.
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ );
+
+/**
Returns the number of characters that would be produced by if the formatted
output were produced not including the Null-terminator.
diff --git a/MdePkg/Library/BasePrintLib/PrintLib.c b/MdePkg/Library/BasePrintLib/PrintLib.c
index bf8c7bf..221b52e 100644
--- a/MdePkg/Library/BasePrintLib/PrintLib.c
+++ b/MdePkg/Library/BasePrintLib/PrintLib.c
@@ -404,6 +404,71 @@ UnicodeValueToString (
}
/**
+ Converts a decimal value to a Null-terminated Unicode string.
+
+ Converts the decimal number specified by Value to a Null-terminated Unicode
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumUnicodeStringLength is not
+ zero, and BufferSize is greater than
+ (PcdMaximumUnicodeStringLength *
+ sizeof (CHAR16) + 1).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeValueToStringS (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ ASSERT_UNICODE_BUFFER(Buffer);
+ return BasePrintLibConvertValueToStringS ((CHAR8 *)Buffer, BufferSize, Flags, Value, Width, 2);
+}
+
+/**
Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated
ASCII format string and a VA_LIST argument list.
@@ -769,6 +834,69 @@ AsciiValueToString (
}
/**
+ Converts a decimal value to a Null-terminated Ascii string.
+
+ Converts the decimal number specified by Value to a Null-terminated Ascii
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Ascii string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Ascii characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumAsciiStringLength is not
+ zero, and BufferSize is greater than
+ PcdMaximumAsciiStringLength.
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ return BasePrintLibConvertValueToStringS (Buffer, BufferSize, Flags, Value, Width, 1);
+}
+
+/**
Returns the number of characters that would be produced by if the formatted
output were produced not including the Null-terminator.
diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
index 155fe6a..9b15a07 100644
--- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
+++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
@@ -292,6 +292,210 @@ BasePrintLibConvertValueToString (
}
/**
+ Internal function that converts a decimal value to a Null-terminated string.
+
+ Converts the decimal number specified by Value to a Null-terminated string
+ specified by Buffer containing at most Width characters. If Width is 0 then a
+ width of MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more
+ than Width characters, then only the first Width characters are placed in
+ Buffer. Additional conversion parameters are specified in Flags.
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If Value is < 0, then the fist character in Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored,
+ then Buffer is padded with '0' characters so the combination of the optional
+ '-' sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If an error would be returned, the function will ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of characters to place in Buffer,
+ not including the Null-terminator.
+ @param Increment The character increment in Buffer.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If Increment is 1 and
+ PcdMaximumAsciiStringLength is not zero,
+ BufferSize is greater than
+ PcdMaximumAsciiStringLength.
+ If Increment is not 1 and
+ PcdMaximumUnicodeStringLength is not zero,
+ BufferSize is greater than
+ (PcdMaximumUnicodeStringLength *
+ sizeof (CHAR16) + 1).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+BasePrintLibConvertValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width,
+ IN UINTN Increment
+ )
+{
+ CHAR8 *EndBuffer;
+ CHAR8 ValueBuffer[MAXIMUM_VALUE_CHARACTERS];
+ CHAR8 *ValueBufferPtr;
+ UINTN Count;
+ UINTN Digits;
+ UINTN Index;
+ UINTN Radix;
+
+ //
+ // 1. Buffer shall not be a null pointer.
+ //
+ SAFE_PRINT_CONSTRAINT_CHECK ((Buffer != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. BufferSize shall not be greater than (RSIZE_MAX * sizeof (CHAR16)) for
+ // Unicode output string or shall not be greater than ASCII_RSIZE_MAX for
+ // Ascii output string.
+ //
+ if (Increment == 1) {
+ //
+ // Ascii output string
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+ } else {
+ //
+ // Unicode output string
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX * sizeof (CHAR16) + 1), RETURN_INVALID_PARAMETER);
+ }
+ }
+
+ //
+ // 3. Flags shall be set properly.
+ //
+ SAFE_PRINT_CONSTRAINT_CHECK (((Flags & ~(LEFT_JUSTIFY | COMMA_TYPE | PREFIX_ZERO | RADIX_HEX)) == 0), RETURN_INVALID_PARAMETER);
+ SAFE_PRINT_CONSTRAINT_CHECK ((((Flags & COMMA_TYPE) == 0) || ((Flags & RADIX_HEX) == 0)), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. Width shall be smaller than MAXIMUM_VALUE_CHARACTERS.
+ //
+ SAFE_PRINT_CONSTRAINT_CHECK ((Width < MAXIMUM_VALUE_CHARACTERS), RETURN_INVALID_PARAMETER);
+
+ //
+ // Width is 0 or COMMA_TYPE is set, PREFIX_ZERO is ignored.
+ //
+ if (Width == 0 || (Flags & COMMA_TYPE) != 0) {
+ Flags &= ~((UINTN) PREFIX_ZERO);
+ }
+ //
+ // If Width is 0 then a width of MAXIMUM_VALUE_CHARACTERS is assumed.
+ //
+ if (Width == 0) {
+ Width = MAXIMUM_VALUE_CHARACTERS - 1;
+ }
+
+ //
+ // Count the characters of the output string.
+ //
+ Count = 0;
+ Radix = ((Flags & RADIX_HEX) == 0)? 10 : 16;
+
+ if ((Flags & PREFIX_ZERO) != 0) {
+ Count = Width;
+ } else {
+ if ((Value < 0) && ((Flags & RADIX_HEX) == 0)) {
+ Count++; // minus sign
+ ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, -Value, Radix);
+ } else {
+ ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, Value, Radix);
+ }
+ Digits = ValueBufferPtr - ValueBuffer;
+ Count += Digits;
+
+ if ((Flags & COMMA_TYPE) != 0) {
+ Count += (Digits - 1) / 3; // commas
+ }
+ }
+
+ Width = MIN (Count, Width);
+
+ //
+ // 5. BufferSize shall be large enough to hold the converted string.
+ //
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize >= (Width + 1) * Increment), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // Set the tag for the end of the input Buffer.
+ //
+ EndBuffer = Buffer + Width * Increment;
+
+ //
+ // Convert decimal negative
+ //
+ if ((Value < 0) && ((Flags & RADIX_HEX) == 0)) {
+ Value = -Value;
+ Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, '-', Increment);
+ Width--;
+ }
+
+ //
+ // Count the length of the value string.
+ //
+ ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, Value, Radix);
+ Count = ValueBufferPtr - ValueBuffer;
+
+ //
+ // Append Zero
+ //
+ if ((Flags & PREFIX_ZERO) != 0) {
+ Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, Width - Count, '0', Increment);
+ }
+
+ //
+ // Print Comma type for every 3 characters
+ //
+ Digits = Count % 3;
+ if (Digits != 0) {
+ Digits = 3 - Digits;
+ }
+ for (Index = 0; Index < Count; Index++) {
+ Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, *ValueBufferPtr--, Increment);
+ if ((Flags & COMMA_TYPE) != 0) {
+ Digits++;
+ if (Digits == 3) {
+ Digits = 0;
+ if ((Index + 1) < Count) {
+ Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, ',', Increment);
+ }
+ }
+ }
+ }
+
+ //
+ // Print Null-terminator
+ //
+ BasePrintLibFillBuffer (Buffer, EndBuffer + Increment, 1, 0, Increment);
+
+ return RETURN_SUCCESS;
+}
+
+/**
Worker function that produces a Null-terminated string in an output buffer
based on a Null-terminated format string and a VA_LIST argument list.
diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.h b/MdePkg/Library/BasePrintLib/PrintLibInternal.h
index fccef9b..c490e29 100644
--- a/MdePkg/Library/BasePrintLib/PrintLibInternal.h
+++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.h
@@ -213,4 +213,60 @@ BasePrintLibConvertValueToString (
IN UINTN Increment
);
+/**
+ Internal function that converts a decimal value to a Null-terminated string.
+
+ Converts the decimal number specified by Value to a Null-terminated string
+ specified by Buffer containing at most Width characters. If Width is 0 then a
+ width of MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more
+ than Width characters, then only the first Width characters are placed in
+ Buffer. Additional conversion parameters are specified in Flags.
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If Value is < 0, then the fist character in Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored,
+ then Buffer is padded with '0' characters so the combination of the optional
+ '-' sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If an error would be returned, the function will ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of characters to place in Buffer,
+ not including the Null-terminator.
+ @param Increment The character increment in Buffer.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumUnicodeStringLength is not
+ zero, and BufferSize is greater than
+ ((PcdMaximumUnicodeStringLength + 1) *
+ sizeof (CHAR16)).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+BasePrintLibConvertValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width,
+ IN UINTN Increment
+ );
+
#endif
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] MdeModulePkg/PrintLib: Add safe print functions [A|U]ValueToStringS
2017-01-17 5:39 [PATCH 0/2] PrintLib: Add safe print functions [A|U]ValueToStringS Hao Wu
2017-01-17 5:39 ` [PATCH 1/2] MdePkg/BasePrintLib: " Hao Wu
@ 2017-01-17 5:39 ` Hao Wu
1 sibling, 0 replies; 3+ messages in thread
From: Hao Wu @ 2017-01-17 5:39 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao, Liming Gao, Michael Kinney
Add the following 2 APIs:
UnicodeValueToStringS
AsciiValueToStringS
These safe version APIs are used to enhance their counterpart (APIs
without trailing 'S' in function names).
They perform checks to the input parameters and will return relative
status to reflect the check result.
Return RETURN_INVALID_PARAMETER when:
1). The input Buffer is NULL.
2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength *
sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than
PcdMaximumAsciiStringLength for AsciiValueToStringS.
3). The input Flags is not set properly.
4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS.
Return RETURN_BUFFER_TOO_SMALL when:
1). The input BufferSize cannot hold the converted value.
Now these APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance
follow the same rules with MdePkg/BasePrintLib.
Please note that this PrintLib instance
(MdeModulePkg/DxePrintLibPrint2Protocol) uses the services
UNICODE_VALUE_TO_STRING and ASCII_VALUE_TO_STRING in protocol
EFI_PRINT2_PROTOCOL (produced by MdeModulePkg/Universal/PrintDxe) to
implement PrintLib APIs UnicodeValueToString and AsciiValueToString.
In order to
1) deprecate APIs [Unicode|Ascii]ValueToString (in subsequent commit)
2) add safe APIs [Unicode|Ascii]ValueToStringS
3) keep the backward compatibility of EFI_PRINT2_PROTOCOL
at the same time, this commit will update the implementation of
[UNICODE|ASCII]_VALUE_TO_STRING services to directly call
[Unicode|Ascii]ValueToStringS. The 'BufferSize' parameter for
[Unicode|Ascii]ValueToStringS will be encoded at bits 31:16 in 'Flags'
when calling [UNICODE|ASCII]_VALUE_TO_STRING services. Checks have been
added to ensure overflow will not happen in such encoding.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
.../Library/DxePrintLibPrint2Protocol/PrintLib.c | 219 ++++++++++++++++++++-
MdeModulePkg/Universal/PrintDxe/Print.c | 73 ++++++-
2 files changed, 287 insertions(+), 5 deletions(-)
diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
index 438ac9e..f0a5f29 100644
--- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
+++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
@@ -648,7 +648,115 @@ UnicodeValueToString (
IN UINTN Width
)
{
- return mPrint2Protocol->UnicodeValueToString (Buffer, Flags, Value, Width);
+ RETURN_STATUS Status;
+ UINTN BufferSize;
+
+ //
+ // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS.
+ //
+ ASSERT (Width < MAXIMUM_VALUE_CHARACTERS);
+
+ if (Width == 0) {
+ BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR16);
+ } else {
+ BufferSize = (Width + 1) * sizeof (CHAR16);
+ }
+ //
+ // Make sure that BufferSize will not exceed the range of UINT32 after being
+ // encoded to bits 31:16 of Flags.
+ //
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ Status = (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
+ if (RETURN_ERROR (Status)) {
+ return 0;
+ }
+
+ return StrnLenS (Buffer, BufferSize / sizeof (CHAR16));
+}
+
+/**
+ Converts a decimal value to a Null-terminated Unicode string.
+
+ Converts the decimal number specified by Value to a Null-terminated Unicode
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumUnicodeStringLength is not
+ zero, and BufferSize is greater than
+ (PcdMaximumUnicodeStringLength *
+ sizeof (CHAR16) + 1).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeValueToStringS (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ if (RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX * sizeof (CHAR16) + 1), RETURN_INVALID_PARAMETER);
+ }
+
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ return (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
}
/**
@@ -1042,7 +1150,114 @@ AsciiValueToString (
IN UINTN Width
)
{
- return mPrint2Protocol->AsciiValueToString (Buffer, Flags, Value, Width);
+ RETURN_STATUS Status;
+ UINTN BufferSize;
+
+ //
+ // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS.
+ //
+ ASSERT (Width < MAXIMUM_VALUE_CHARACTERS);
+
+ if (Width == 0) {
+ BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR8);
+ } else {
+ BufferSize = (Width + 1) * sizeof (CHAR8);
+ }
+ //
+ // Make sure that BufferSize will not exceed the range of UINT32 after being
+ // encoded to bits 31:16 of Flags.
+ //
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ Status = (RETURN_STATUS) mPrint2Protocol->AsciiValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
+ if (RETURN_ERROR (Status)) {
+ return 0;
+ }
+
+ return AsciiStrnLenS (Buffer, BufferSize / sizeof (CHAR8));
+}
+
+/**
+ Converts a decimal value to a Null-terminated Ascii string.
+
+ Converts the decimal number specified by Value to a Null-terminated Ascii
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Ascii string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Ascii characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumAsciiStringLength is not
+ zero, and BufferSize is greater than
+ PcdMaximumAsciiStringLength.
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ return (RETURN_STATUS) mPrint2Protocol->AsciiValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
}
#define PREFIX_SIGN BIT1
diff --git a/MdeModulePkg/Universal/PrintDxe/Print.c b/MdeModulePkg/Universal/PrintDxe/Print.c
index af55acf..7e58de1 100644
--- a/MdeModulePkg/Universal/PrintDxe/Print.c
+++ b/MdeModulePkg/Universal/PrintDxe/Print.c
@@ -1,7 +1,7 @@
/** @file
This driver produces Print2 protocol layered on top of the PrintLib from the MdePkg.
-Copyright (c) 2009, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -22,17 +22,84 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
EFI_HANDLE mPrintThunkHandle = NULL;
+/**
+ Wrapper function that calls UnicodeValueToStringS.
+
+ To add the support for UnicodeValueToStringS API and keep the backward
+ compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize
+ parameter (the size of Buffer in bytes) for UnicodeValueToStringS is encoded
+ at the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0,
+ so the encoding of BufferSize will not affect the use of Flags.
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param Flags The bitmask of flags that specify left justification
+ zero pad, and commas. The size of Buffer in bytes
+ including the Null-terminator is encoded at bits 31:16.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval The return status from UnicodeValueToStringS.
+
+**/
+UINTN
+EFIAPI
+PrintDxeUnicodeValueToString (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ return (UINTN) UnicodeValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width);
+}
+
+/**
+ Wrapper function that calls AsciiValueToStringS.
+
+ To add the support for AsciiValueToStringS API and keep the backward
+ compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize
+ parameter (the size of Buffer in bytes) for AsciiValueToStringS is encoded at
+ the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0, so
+ the encoding of BufferSize will not affect the use of Flags.
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated ASCII string.
+ @param Flags The bitmask of flags that specify left justification
+ zero pad, and commas. The size of Buffer in bytes
+ including the Null-terminator is encoded at bits 31:16.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of ASCII characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval The return status from AsciiValueToStringS.
+
+**/
+UINTN
+EFIAPI
+PrintDxeAsciiValueToString (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ return (UINTN) AsciiValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width);
+}
+
+
CONST EFI_PRINT2_PROTOCOL mPrint2Protocol = {
UnicodeBSPrint,
UnicodeSPrint,
UnicodeBSPrintAsciiFormat,
UnicodeSPrintAsciiFormat,
- UnicodeValueToString,
+ PrintDxeUnicodeValueToString,
AsciiBSPrint,
AsciiSPrint,
AsciiBSPrintUnicodeFormat,
AsciiSPrintUnicodeFormat,
- AsciiValueToString
+ PrintDxeAsciiValueToString
};
/**
--
1.9.5.msysgit.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-17 5:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-17 5:39 [PATCH 0/2] PrintLib: Add safe print functions [A|U]ValueToStringS Hao Wu
2017-01-17 5:39 ` [PATCH 1/2] MdePkg/BasePrintLib: " Hao Wu
2017-01-17 5:39 ` [PATCH 2/2] MdeModulePkg/PrintLib: " Hao Wu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox