From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5650281DF7 for ; Mon, 16 Jan 2017 21:40:16 -0800 (PST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP; 16 Jan 2017 21:40:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,243,1477983600"; d="scan'208";a="1083841565" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by orsmga001.jf.intel.com with ESMTP; 16 Jan 2017 21:40:15 -0800 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Jiewen Yao , Liming Gao , Michael Kinney Date: Tue, 17 Jan 2017 13:39:40 +0800 Message-Id: <1484631581-6264-3-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1484631581-6264-1-git-send-email-hao.a.wu@intel.com> References: <1484631581-6264-1-git-send-email-hao.a.wu@intel.com> Subject: [PATCH 2/2] MdeModulePkg/PrintLib: Add safe print functions [A|U]ValueToStringS X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2017 05:40:16 -0000 Add the following 2 APIs: UnicodeValueToStringS AsciiValueToStringS These safe version APIs are used to enhance their counterpart (APIs without trailing 'S' in function names). They perform checks to the input parameters and will return relative status to reflect the check result. Return RETURN_INVALID_PARAMETER when: 1). The input Buffer is NULL. 2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than PcdMaximumAsciiStringLength for AsciiValueToStringS. 3). The input Flags is not set properly. 4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS. Return RETURN_BUFFER_TOO_SMALL when: 1). The input BufferSize cannot hold the converted value. Now these APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance follow the same rules with MdePkg/BasePrintLib. Please note that this PrintLib instance (MdeModulePkg/DxePrintLibPrint2Protocol) uses the services UNICODE_VALUE_TO_STRING and ASCII_VALUE_TO_STRING in protocol EFI_PRINT2_PROTOCOL (produced by MdeModulePkg/Universal/PrintDxe) to implement PrintLib APIs UnicodeValueToString and AsciiValueToString. In order to 1) deprecate APIs [Unicode|Ascii]ValueToString (in subsequent commit) 2) add safe APIs [Unicode|Ascii]ValueToStringS 3) keep the backward compatibility of EFI_PRINT2_PROTOCOL at the same time, this commit will update the implementation of [UNICODE|ASCII]_VALUE_TO_STRING services to directly call [Unicode|Ascii]ValueToStringS. The 'BufferSize' parameter for [Unicode|Ascii]ValueToStringS will be encoded at bits 31:16 in 'Flags' when calling [UNICODE|ASCII]_VALUE_TO_STRING services. Checks have been added to ensure overflow will not happen in such encoding. Cc: Jiewen Yao Cc: Liming Gao Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- .../Library/DxePrintLibPrint2Protocol/PrintLib.c | 219 ++++++++++++++++++++- MdeModulePkg/Universal/PrintDxe/Print.c | 73 ++++++- 2 files changed, 287 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c index 438ac9e..f0a5f29 100644 --- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c +++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c @@ -648,7 +648,115 @@ UnicodeValueToString ( IN UINTN Width ) { - return mPrint2Protocol->UnicodeValueToString (Buffer, Flags, Value, Width); + RETURN_STATUS Status; + UINTN BufferSize; + + // + // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS. + // + ASSERT (Width < MAXIMUM_VALUE_CHARACTERS); + + if (Width == 0) { + BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR16); + } else { + BufferSize = (Width + 1) * sizeof (CHAR16); + } + // + // Make sure that BufferSize will not exceed the range of UINT32 after being + // encoded to bits 31:16 of Flags. + // + if (BufferSize > MAX_UINT16) { + BufferSize = MAX_UINT16; + } + + Status = (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString ( + Buffer, + (BufferSize << 16) | (Flags & 0xFFFF), + Value, + Width + ); + if (RETURN_ERROR (Status)) { + return 0; + } + + return StrnLenS (Buffer, BufferSize / sizeof (CHAR16)); +} + +/** + Converts a decimal value to a Null-terminated Unicode string. + + Converts the decimal number specified by Value to a Null-terminated Unicode + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Unicode string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Unicode characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumUnicodeStringLength is not + zero, and BufferSize is greater than + (PcdMaximumUnicodeStringLength * + sizeof (CHAR16) + 1). + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +UnicodeValueToStringS ( + IN OUT CHAR16 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + if (RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX * sizeof (CHAR16) + 1), RETURN_INVALID_PARAMETER); + } + + if (BufferSize > MAX_UINT16) { + BufferSize = MAX_UINT16; + } + + return (RETURN_STATUS) mPrint2Protocol->UnicodeValueToString ( + Buffer, + (BufferSize << 16) | (Flags & 0xFFFF), + Value, + Width + ); } /** @@ -1042,7 +1150,114 @@ AsciiValueToString ( IN UINTN Width ) { - return mPrint2Protocol->AsciiValueToString (Buffer, Flags, Value, Width); + RETURN_STATUS Status; + UINTN BufferSize; + + // + // ASSERT if Width >= MAXIMUM_VALUE_CHARACTERS. + // + ASSERT (Width < MAXIMUM_VALUE_CHARACTERS); + + if (Width == 0) { + BufferSize = (MAXIMUM_VALUE_CHARACTERS + 1) * sizeof (CHAR8); + } else { + BufferSize = (Width + 1) * sizeof (CHAR8); + } + // + // Make sure that BufferSize will not exceed the range of UINT32 after being + // encoded to bits 31:16 of Flags. + // + if (BufferSize > MAX_UINT16) { + BufferSize = MAX_UINT16; + } + + Status = (RETURN_STATUS) mPrint2Protocol->AsciiValueToString ( + Buffer, + (BufferSize << 16) | (Flags & 0xFFFF), + Value, + Width + ); + if (RETURN_ERROR (Status)) { + return 0; + } + + return AsciiStrnLenS (Buffer, BufferSize / sizeof (CHAR8)); +} + +/** + Converts a decimal value to a Null-terminated Ascii string. + + Converts the decimal number specified by Value to a Null-terminated Ascii + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Ascii string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Ascii characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumAsciiStringLength is not + zero, and BufferSize is greater than + PcdMaximumAsciiStringLength. + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +AsciiValueToStringS ( + IN OUT CHAR8 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + if (ASCII_RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER); + } + + if (BufferSize > MAX_UINT16) { + BufferSize = MAX_UINT16; + } + + return (RETURN_STATUS) mPrint2Protocol->AsciiValueToString ( + Buffer, + (BufferSize << 16) | (Flags & 0xFFFF), + Value, + Width + ); } #define PREFIX_SIGN BIT1 diff --git a/MdeModulePkg/Universal/PrintDxe/Print.c b/MdeModulePkg/Universal/PrintDxe/Print.c index af55acf..7e58de1 100644 --- a/MdeModulePkg/Universal/PrintDxe/Print.c +++ b/MdeModulePkg/Universal/PrintDxe/Print.c @@ -1,7 +1,7 @@ /** @file This driver produces Print2 protocol layered on top of the PrintLib from the MdePkg. -Copyright (c) 2009, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -22,17 +22,84 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. EFI_HANDLE mPrintThunkHandle = NULL; +/** + Wrapper function that calls UnicodeValueToStringS. + + To add the support for UnicodeValueToStringS API and keep the backward + compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize + parameter (the size of Buffer in bytes) for UnicodeValueToStringS is encoded + at the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0, + so the encoding of BufferSize will not affect the use of Flags. + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Unicode string. + @param Flags The bitmask of flags that specify left justification + zero pad, and commas. The size of Buffer in bytes + including the Null-terminator is encoded at bits 31:16. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Unicode characters to place in + Buffer, not including the Null-terminator. + + @retval The return status from UnicodeValueToStringS. + +**/ +UINTN +EFIAPI +PrintDxeUnicodeValueToString ( + IN OUT CHAR16 *Buffer, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + return (UINTN) UnicodeValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width); +} + +/** + Wrapper function that calls AsciiValueToStringS. + + To add the support for AsciiValueToStringS API and keep the backward + compatibility of EFI_PRINT2_PROTOCOL at the same time, the BufferSize + parameter (the size of Buffer in bytes) for AsciiValueToStringS is encoded at + the bits 31:16 of Flags. The Flags bitmask only uses 4 bits in bits 7:0, so + the encoding of BufferSize will not affect the use of Flags. + + @param Buffer The pointer to the output buffer for the produced + Null-terminated ASCII string. + @param Flags The bitmask of flags that specify left justification + zero pad, and commas. The size of Buffer in bytes + including the Null-terminator is encoded at bits 31:16. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of ASCII characters to place in + Buffer, not including the Null-terminator. + + @retval The return status from AsciiValueToStringS. + +**/ +UINTN +EFIAPI +PrintDxeAsciiValueToString ( + IN OUT CHAR8 *Buffer, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + return (UINTN) AsciiValueToStringS (Buffer, Flags >> 16, Flags & 0xFFFF, Value, Width); +} + + CONST EFI_PRINT2_PROTOCOL mPrint2Protocol = { UnicodeBSPrint, UnicodeSPrint, UnicodeBSPrintAsciiFormat, UnicodeSPrintAsciiFormat, - UnicodeValueToString, + PrintDxeUnicodeValueToString, AsciiBSPrint, AsciiSPrint, AsciiBSPrintUnicodeFormat, AsciiSPrintUnicodeFormat, - AsciiValueToString + PrintDxeAsciiValueToString }; /** -- 1.9.5.msysgit.0