From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Liming Gao <liming.gao@intel.com>,
Michael Kinney <michael.d.kinney@intel.com>
Subject: [PATCH 2/2] MdeModulePkg/PrintLib: Add safe print functions [A|U]ValueToStringS
Date: Tue, 17 Jan 2017 13:39:40 +0800 [thread overview]
Message-ID: <1484631581-6264-3-git-send-email-hao.a.wu@intel.com> (raw)
In-Reply-To: <1484631581-6264-1-git-send-email-hao.a.wu@intel.com>
Add the following 2 APIs:
UnicodeValueToStringS
AsciiValueToStringS
These safe version APIs are used to enhance their counterpart (APIs
without trailing 'S' in function names).
They perform checks to the input parameters and will return relative
status to reflect the check result.
Return RETURN_INVALID_PARAMETER when:
1). The input Buffer is NULL.
2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength *
sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than
PcdMaximumAsciiStringLength for AsciiValueToStringS.
3). The input Flags is not set properly.
4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS.
Return RETURN_BUFFER_TOO_SMALL when:
1). The input BufferSize cannot hold the converted value.
Now these APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance
follow the same rules with MdePkg/BasePrintLib.
Please note that this PrintLib instance
(MdeModulePkg/DxePrintLibPrint2Protocol) uses the services
UNICODE_VALUE_TO_STRING and ASCII_VALUE_TO_STRING in protocol
EFI_PRINT2_PROTOCOL (produced by MdeModulePkg/Universal/PrintDxe) to
implement PrintLib APIs UnicodeValueToString and AsciiValueToString.
In order to
1) deprecate APIs [Unicode|Ascii]ValueToString (in subsequent commit)
2) add safe APIs [Unicode|Ascii]ValueToStringS
3) keep the backward compatibility of EFI_PRINT2_PROTOCOL
at the same time, this commit will update the implementation of
[UNICODE|ASCII]_VALUE_TO_STRING services to directly call
[Unicode|Ascii]ValueToStringS. The 'BufferSize' parameter for
[Unicode|Ascii]ValueToStringS will be encoded at bits 31:16 in 'Flags'
when calling [UNICODE|ASCII]_VALUE_TO_STRING services. Checks have been
added to ensure overflow will not happen in such encoding.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
.../Library/DxePrintLibPrint2Protocol/PrintLib.c | 219 ++++++++++++++++++++-
MdeModulePkg/Universal/PrintDxe/Print.c | 73 ++++++-
2 files changed, 287 insertions(+), 5 deletions(-)
diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
index 438ac9e..f0a5f29 100644
--- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
+++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
@@ -648,7 +648,115 @@ UnicodeValueToString (
IN UINTN Width
)
{
- return mPrint2Protocol->UnicodeValueToString (Buffer, Flags, Value, Width);
+ RETURN_STATUS Status;
+ UINTN BufferSize;
+
+ //
+ // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS.
+ //
+ ASSERT (Width < MAXIMUM_VALUE_CHARACTERS);
+
+ if (Width == 0) {
+ BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR16);
+ } else {
+ BufferSize = (Width + 1) * sizeof (CHAR16);
+ }
+ //
+ // Make sure that BufferSize will not exceed the range of UINT32 after being
+ // encoded to bits 31:16 of Flags.
+ //
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ Status = (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
+ if (RETURN_ERROR (Status)) {
+ return 0;
+ }
+
+ return StrnLenS (Buffer, BufferSize / sizeof (CHAR16));
+}
+
+/**
+ Converts a decimal value to a Null-terminated Unicode string.
+
+ Converts the decimal number specified by Value to a Null-terminated Unicode
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumUnicodeStringLength is not
+ zero, and BufferSize is greater than
+ (PcdMaximumUnicodeStringLength *
+ sizeof (CHAR16) + 1).
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeValueToStringS (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ if (RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX * sizeof (CHAR16) + 1), RETURN_INVALID_PARAMETER);
+ }
+
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ return (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
}
/**
@@ -1042,7 +1150,114 @@ AsciiValueToString (
IN UINTN Width
)
{
- return mPrint2Protocol->AsciiValueToString (Buffer, Flags, Value, Width);
+ RETURN_STATUS Status;
+ UINTN BufferSize;
+
+ //
+ // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS.
+ //
+ ASSERT (Width < MAXIMUM_VALUE_CHARACTERS);
+
+ if (Width == 0) {
+ BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR8);
+ } else {
+ BufferSize = (Width + 1) * sizeof (CHAR8);
+ }
+ //
+ // Make sure that BufferSize will not exceed the range of UINT32 after being
+ // encoded to bits 31:16 of Flags.
+ //
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ Status = (RETURN_STATUS) mPrint2Protocol->AsciiValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
+ if (RETURN_ERROR (Status)) {
+ return 0;
+ }
+
+ return AsciiStrnLenS (Buffer, BufferSize / sizeof (CHAR8));
+}
+
+/**
+ Converts a decimal value to a Null-terminated Ascii string.
+
+ Converts the decimal number specified by Value to a Null-terminated Ascii
+ string specified by Buffer containing at most Width characters. No padding of
+ spaces is ever performed. If Width is 0 then a width of
+ MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than
+ Width characters, then only the first Width characters are placed in Buffer.
+ Additional conversion parameters are specified in Flags.
+
+ The Flags bit LEFT_JUSTIFY is always ignored.
+ All conversions are left justified in Buffer.
+ If Width is 0, PREFIX_ZERO is ignored in Flags.
+ If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and
+ commas are inserted every 3rd digit starting from the right.
+ If RADIX_HEX is set in Flags, then the output buffer will be formatted in
+ hexadecimal format.
+ If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in
+ Buffer is a '-'.
+ If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then
+ Buffer is padded with '0' characters so the combination of the optional '-'
+ sign character, '0' characters, digit characters for Value, and the
+ Null-terminator add up to Width characters.
+
+ If Buffer is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Ascii string.
+ @param BufferSize The size of Buffer in bytes, including the
+ Null-terminator.
+ @param Flags The bitmask of flags that specify left justification,
+ zero pad, and commas.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Ascii characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval RETURN_SUCCESS The decimal value is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted
+ value.
+ @retval RETURN_INVALID_PARAMETER If Buffer is NULL.
+ If PcdMaximumAsciiStringLength is not
+ zero, and BufferSize is greater than
+ PcdMaximumAsciiStringLength.
+ If unsupported bits are set in Flags.
+ If both COMMA_TYPE and RADIX_HEX are set in
+ Flags.
+ If Width >= MAXIMUM_VALUE_CHARACTERS.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiValueToStringS (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN BufferSize,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ if (BufferSize > MAX_UINT16) {
+ BufferSize = MAX_UINT16;
+ }
+
+ return (RETURN_STATUS) mPrint2Protocol->AsciiValueToString (
+ Buffer,
+ (BufferSize << 16) | (Flags & 0xFFFF),
+ Value,
+ Width
+ );
}
#define PREFIX_SIGN BIT1
diff --git a/MdeModulePkg/Universal/PrintDxe/Print.c b/MdeModulePkg/Universal/PrintDxe/Print.c
index af55acf..7e58de1 100644
--- a/MdeModulePkg/Universal/PrintDxe/Print.c
+++ b/MdeModulePkg/Universal/PrintDxe/Print.c
@@ -1,7 +1,7 @@
/** @file
This driver produces Print2 protocol layered on top of the PrintLib from the MdePkg.
-Copyright (c) 2009, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -22,17 +22,84 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
EFI_HANDLE mPrintThunkHandle = NULL;
+/**
+ Wrapper function that calls UnicodeValueToStringS.
+
+ To add the support for UnicodeValueToStringS API and keep the backward
+ compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize
+ parameter (the size of Buffer in bytes) for UnicodeValueToStringS is encoded
+ at the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0,
+ so the encoding of BufferSize will not affect the use of Flags.
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated Unicode string.
+ @param Flags The bitmask of flags that specify left justification
+ zero pad, and commas. The size of Buffer in bytes
+ including the Null-terminator is encoded at bits 31:16.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of Unicode characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval The return status from UnicodeValueToStringS.
+
+**/
+UINTN
+EFIAPI
+PrintDxeUnicodeValueToString (
+ IN OUT CHAR16 *Buffer,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ return (UINTN) UnicodeValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width);
+}
+
+/**
+ Wrapper function that calls AsciiValueToStringS.
+
+ To add the support for AsciiValueToStringS API and keep the backward
+ compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize
+ parameter (the size of Buffer in bytes) for AsciiValueToStringS is encoded at
+ the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0, so
+ the encoding of BufferSize will not affect the use of Flags.
+
+ @param Buffer The pointer to the output buffer for the produced
+ Null-terminated ASCII string.
+ @param Flags The bitmask of flags that specify left justification
+ zero pad, and commas. The size of Buffer in bytes
+ including the Null-terminator is encoded at bits 31:16.
+ @param Value The 64-bit signed value to convert to a string.
+ @param Width The maximum number of ASCII characters to place in
+ Buffer, not including the Null-terminator.
+
+ @retval The return status from AsciiValueToStringS.
+
+**/
+UINTN
+EFIAPI
+PrintDxeAsciiValueToString (
+ IN OUT CHAR8 *Buffer,
+ IN UINTN Flags,
+ IN INT64 Value,
+ IN UINTN Width
+ )
+{
+ return (UINTN) AsciiValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width);
+}
+
+
CONST EFI_PRINT2_PROTOCOL mPrint2Protocol = {
UnicodeBSPrint,
UnicodeSPrint,
UnicodeBSPrintAsciiFormat,
UnicodeSPrintAsciiFormat,
- UnicodeValueToString,
+ PrintDxeUnicodeValueToString,
AsciiBSPrint,
AsciiSPrint,
AsciiBSPrintUnicodeFormat,
AsciiSPrintUnicodeFormat,
- AsciiValueToString
+ PrintDxeAsciiValueToString
};
/**
--
1.9.5.msysgit.0
prev parent reply other threads:[~2017-01-17 5:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-17 5:39 [PATCH 0/2] PrintLib: Add safe print functions [A|U]ValueToStringS Hao Wu
2017-01-17 5:39 ` [PATCH 1/2] MdePkg/BasePrintLib: " Hao Wu
2017-01-17 5:39 ` Hao Wu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484631581-6264-3-git-send-email-hao.a.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox