From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2D174820CF for ; Wed, 8 Feb 2017 19:32:57 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP; 08 Feb 2017 19:32:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,349,1484035200"; d="scan'208";a="56777744" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by orsmga004.jf.intel.com with ESMTP; 08 Feb 2017 19:32:55 -0800 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Jiewen Yao , Liming Gao , Michael Kinney Date: Thu, 9 Feb 2017 11:32:40 +0800 Message-Id: <1486611161-37308-3-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1486611161-37308-1-git-send-email-hao.a.wu@intel.com> References: <1486611161-37308-1-git-send-email-hao.a.wu@intel.com> Subject: [PATCH v2 2/3] MdeModulePkg/PrintLib: Refine the SPrint functions X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 03:32:57 -0000 For the following 12 APIs in MdeModulePkg/DxePrintLibPrint2Protocol: UnicodeVSPrint UnicodeBSPrint UnicodeSPrint UnicodeVSPrintAsciiFormat UnicodeBSPrintAsciiFormat UnicodeSPrintAsciiFormat AsciiVSPrint AsciiBSPrint AsciiSPrint AsciiVSPrintUnicodeFormat AsciiBSPrintUnicodeFormat AsciiSPrintUnicodeFormat They will ASSERT when: 1) The input parameter 'StartOfBuffer' is NULL if 'BufferSize' indicates at least 1 Ascii/Unicode character can be held. 2) The input parameter 'FormatString' is NULL if 'BufferSize' indicates at least 1 Ascii/Unicode character can be held. 3) The input parameter 'FormatString' contains more than PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters. 4) The produced string contains more than PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters. This commits removes the ASSERT case 4) and add the following new ASSERT case: 4) The input parameter 'BufferSize' is greater than (PcdMaximumAsciiStringLength * sizeof (CHAR8)) for Ascii format string or (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1) for Unicode format string. And for those ASSERT cases, 0 will be returned by those 12 APIs. For the following 2 APIs in MdeModulePkg/DxePrintLibPrint2Protocol: SPrintLength SPrintLengthAsciiFormat They will ASSERT when: 1) The input parameter 'FormatString' is NULL. 2) The input parameter 'FormatString' contains more than PcdMaximum[Ascii|Unicode]StringLength Ascii/Unicode characters. And for those ASSERT cases, 0 will be returned by those 2 APIs. Now these APIs in the MdeModulePkg/DxePrintLibPrint2Protocol instance follow the same rules with MdePkg/BasePrintLib. Cc: Jiewen Yao Cc: Liming Gao Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf | 7 +- MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 562 ++++++++++++-------- 2 files changed, 344 insertions(+), 225 deletions(-) diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf index 3d09b4b..55ee940 100644 --- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf +++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf @@ -1,7 +1,7 @@ ## @file # Library instance that implements Print Library class based on protocol gEfiPrint2ProtocolGuid. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -33,9 +33,14 @@ [LibraryClasses] BaseLib DebugLib + PcdLib [Protocols] gEfiPrint2ProtocolGuid ## CONSUMES +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ## SOMETIMES_CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength ## SOMETIMES_CONSUMES + [Depex.common.DXE_DRIVER, Depex.common.DXE_RUNTIME_DRIVER, Depex.common.DXE_SAL_DRIVER, Depex.common.DXE_SMM_DRIVER] gEfiPrint2ProtocolGuid diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c index 0137868..438ac9e 100644 --- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c +++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c @@ -25,6 +25,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include + +#define ASSERT_UNICODE_BUFFER(Buffer) ASSERT ((((UINTN) (Buffer)) & 0x01) == 0) + +// +// Safe print checks +// +#define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength)) +#define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength)) + +#define SAFE_PRINT_CONSTRAINT_CHECK(Expression, RetVal) \ + do { \ + ASSERT (Expression); \ + if (!(Expression)) { \ + return RetVal; \ + } \ + } while (FALSE) EFI_PRINT2_PROTOCOL *mPrint2Protocol = NULL; @@ -91,17 +108,21 @@ DxePrintLibPrint2ProtocolVaListToBaseList ( BOOLEAN Long; BOOLEAN Done; - ASSERT (Format != NULL); ASSERT (BaseListMarker != NULL); + SAFE_PRINT_CONSTRAINT_CHECK ((Format != NULL), FALSE); BaseListStart = BaseListMarker; if (AsciiFormat) { - ASSERT (AsciiStrSize (Format) != 0); + if (ASCII_RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((AsciiStrnLenS (Format, ASCII_RSIZE_MAX + 1) <= ASCII_RSIZE_MAX), FALSE); + } BytesPerFormatCharacter = 1; FormatMask = 0xff; } else { - ASSERT (StrSize ((CHAR16 *) Format) != 0); + if (RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((StrnLenS ((CHAR16 *)Format, RSIZE_MAX + 1) <= RSIZE_MAX), FALSE); + } BytesPerFormatCharacter = 2; FormatMask = 0xffff; } @@ -224,35 +245,41 @@ DxePrintLibPrint2ProtocolVaListToBaseList ( } /** - Produces a Null-terminated Unicode string in an output buffer based on - a Null-terminated Unicode format string and a VA_LIST argument list - + Produces a Null-terminated Unicode string in an output buffer based on + a Null-terminated Unicode format string and a VA_LIST argument list. + + This function is similar as vsnprintf_s defined in C11. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer - and BufferSize. - The Unicode string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on the - contents of the format string. + and BufferSize. + The Unicode string is produced by parsing the format string specified by FormatString. + Arguments are pulled from the variable argument list specified by Marker based on the + contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). - If BufferSize > 1 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0 or 1, then the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated Unicode format string. @param Marker VA_LIST marker for the variable argument list. - + @return The number of Unicode characters in the produced output buffer not including the Null-terminator. @@ -269,6 +296,9 @@ UnicodeVSPrint ( UINT64 BaseListMarker[256 / sizeof (UINT64)]; BOOLEAN Converted; + ASSERT_UNICODE_BUFFER (StartOfBuffer); + ASSERT_UNICODE_BUFFER (FormatString); + Converted = DxePrintLibPrint2ProtocolVaListToBaseList ( FALSE, (CHAR8 *)FormatString, @@ -284,35 +314,39 @@ UnicodeVSPrint ( } /** - Produces a Null-terminated Unicode string in an output buffer based on - a Null-terminated Unicode format string and a BASE_LIST argument list - + Produces a Null-terminated Unicode string in an output buffer based on + a Null-terminated Unicode format string and a BASE_LIST argument list. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer - and BufferSize. - The Unicode string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on the - contents of the format string. + and BufferSize. + The Unicode string is produced by parsing the format string specified by FormatString. + Arguments are pulled from the variable argument list specified by Marker based on the + contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). - If BufferSize > 1 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0 or 1, then the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated Unicode format string. @param Marker BASE_LIST marker for the variable argument list. - + @return The number of Unicode characters in the produced output buffer not including the Null-terminator. @@ -326,37 +360,45 @@ UnicodeBSPrint ( IN BASE_LIST Marker ) { + ASSERT_UNICODE_BUFFER (StartOfBuffer); + ASSERT_UNICODE_BUFFER (FormatString); return mPrint2Protocol->UnicodeBSPrint (StartOfBuffer, BufferSize, FormatString, Marker); } /** - Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated + Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated Unicode format string and variable argument list. - + + This function is similar as snprintf_s defined in C11. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer and BufferSize. The Unicode string is produced by parsing the format string specified by FormatString. Arguments are pulled from the variable argument list based on the contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). - If BufferSize > 1 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0 or 1, then the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. - @param ... Variable argument list whose contents are accessed based on the + @param FormatString A Null-terminated Unicode format string. + @param ... Variable argument list whose contents are accessed based on the format string specified by FormatString. @return The number of Unicode characters in the produced output buffer not including the @@ -383,33 +425,39 @@ UnicodeSPrint ( /** Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated - ASCII format string and a VA_LIST argument list - + ASCII format string and a VA_LIST argument list. + + This function is similar as vsnprintf_s defined in C11. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer and BufferSize. The Unicode string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on the + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. + + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated ASCII format string. @param Marker VA_LIST marker for the variable argument list. - + @return The number of Unicode characters in the produced output buffer not including the Null-terminator. @@ -426,6 +474,8 @@ UnicodeVSPrintAsciiFormat ( UINT64 BaseListMarker[256 / sizeof (UINT64)]; BOOLEAN Converted; + ASSERT_UNICODE_BUFFER (StartOfBuffer); + Converted = DxePrintLibPrint2ProtocolVaListToBaseList ( TRUE, FormatString, @@ -442,33 +492,37 @@ UnicodeVSPrintAsciiFormat ( /** Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated - ASCII format string and a BASE_LIST argument list - + ASCII format string and a BASE_LIST argument list. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer and BufferSize. The Unicode string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on the + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated ASCII format string. @param Marker BASE_LIST marker for the variable argument list. - + @return The number of Unicode characters in the produced output buffer not including the Null-terminator. @@ -482,39 +536,46 @@ UnicodeBSPrintAsciiFormat ( IN BASE_LIST Marker ) { + ASSERT_UNICODE_BUFFER (StartOfBuffer); return mPrint2Protocol->UnicodeBSPrintAsciiFormat (StartOfBuffer, BufferSize, FormatString, Marker); } /** - Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated + Produces a Null-terminated Unicode string in an output buffer based on a Null-terminated ASCII format string and variable argument list. - + + This function is similar as snprintf_s defined in C11. + Produces a Null-terminated Unicode string in the output buffer specified by StartOfBuffer and BufferSize. The Unicode string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list based on the contents of the + Arguments are pulled from the variable argument list based on the contents of the format string. The number of Unicode characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 1 and StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). - If BufferSize > 1 and FormatString is NULL, then ASSERT(). + If StartOfBuffer is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 1 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 1 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and BufferSize > + (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1), then ASSERT(). Also, the output + buffer is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumUnicodeStringLength is not zero, and produced Null-terminated Unicode string - contains more than PcdMaximumUnicodeStringLength Unicode characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0 or 1, then no output buffer is produced and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated Unicode string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. - @param ... Variable argument list whose contents are accessed based on the + @param FormatString A Null-terminated ASCII format string. + @param ... Variable argument list whose contents are accessed based on the format string specified by FormatString. - + @return The number of Unicode characters in the produced output buffer not including the Null-terminator. @@ -593,31 +654,36 @@ UnicodeValueToString ( /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated ASCII format string and a VA_LIST argument list. - + + This function is similar as vsnprintf_s defined in C11. + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0, then no output buffer is produced and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated ASCII format string. @param Marker VA_LIST marker for the variable argument list. - + @return The number of ASCII characters in the produced output buffer not including the Null-terminator. @@ -651,31 +717,34 @@ AsciiVSPrint ( /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated ASCII format string and a BASE_LIST argument list. - + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + If BufferSize is 0, then no output buffer is produced and 0 is returned. + + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated ASCII format string. @param Marker BASE_LIST marker for the variable argument list. - + @return The number of ASCII characters in the produced output buffer not including the Null-terminator. @@ -695,30 +764,35 @@ AsciiBSPrint ( /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated ASCII format string and variable argument list. - + + This function is similar as snprintf_s defined in C11. + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list based on the contents of the + Arguments are pulled from the variable argument list based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumAsciiStringLength is not zero, and FormatString contains more than - PcdMaximumAsciiStringLength ASCII characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + PcdMaximumAsciiStringLength Ascii characters not including the Null-terminator, then + ASSERT(). Also, the output buffer is unmodified and 0 is returned. + + If BufferSize is 0, then no output buffer is produced and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. - @param ... Variable argument list whose contents are accessed based on the + @param FormatString A Null-terminated ASCII format string. + @param ... Variable argument list whose contents are accessed based on the format string specified by FormatString. @return The number of ASCII characters in the produced output buffer not including the @@ -745,33 +819,39 @@ AsciiSPrint ( /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated - ASCII format string and a VA_LIST argument list. - + Unicode format string and a VA_LIST argument list. + + This function is similar as vsnprintf_s defined in C11. + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + If BufferSize is 0, then no output buffer is produced and 0 is returned. + + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated Unicode format string. @param Marker VA_LIST marker for the variable argument list. - + @return The number of ASCII characters in the produced output buffer not including the Null-terminator. @@ -788,6 +868,8 @@ AsciiVSPrintUnicodeFormat ( UINT64 BaseListMarker[256 / sizeof (UINT64)]; BOOLEAN Converted; + ASSERT_UNICODE_BUFFER (FormatString); + Converted = DxePrintLibPrint2ProtocolVaListToBaseList ( FALSE, (CHAR8 *)FormatString, @@ -804,33 +886,37 @@ AsciiVSPrintUnicodeFormat ( /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated - ASCII format string and a BASE_LIST argument list. - + Unicode format string and a BASE_LIST argument list. + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list specified by Marker based on + Arguments are pulled from the variable argument list specified by Marker based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + If BufferSize is 0, then no output buffer is produced and 0 is returned. + + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. + @param FormatString A Null-terminated Unicode format string. @param Marker BASE_LIST marker for the variable argument list. - + @return The number of ASCII characters in the produced output buffer not including the Null-terminator. @@ -844,37 +930,44 @@ AsciiBSPrintUnicodeFormat ( IN BASE_LIST Marker ) { + ASSERT_UNICODE_BUFFER (FormatString); return mPrint2Protocol->AsciiBSPrintUnicodeFormat (StartOfBuffer, BufferSize, FormatString, Marker); } /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated - ASCII format string and variable argument list. - + Unicode format string and variable argument list. + + This function is similar as snprintf_s defined in C11. + Produces a Null-terminated ASCII string in the output buffer specified by StartOfBuffer and BufferSize. The ASCII string is produced by parsing the format string specified by FormatString. - Arguments are pulled from the variable argument list based on the contents of the + Arguments are pulled from the variable argument list based on the contents of the format string. The number of ASCII characters in the produced output buffer is returned not including the Null-terminator. - If BufferSize is 0, then no output buffer is produced and 0 is returned. - If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is NULL, then ASSERT(). - If BufferSize > 0 and FormatString is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + + If BufferSize > 0 and StartOfBuffer is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If BufferSize > 0 and FormatString is NULL, then ASSERT(). Also, the output buffer is + unmodified and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and BufferSize > + (PcdMaximumAsciiStringLength * sizeof (CHAR8)), then ASSERT(). Also, the output buffer + is unmodified and 0 is returned. If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more than PcdMaximumUnicodeStringLength Unicode characters not including the Null-terminator, then - ASSERT(). - If PcdMaximumAsciiStringLength is not zero, and produced Null-terminated ASCII string - contains more than PcdMaximumAsciiStringLength ASCII characters not including the - Null-terminator, then ASSERT(). + ASSERT(). Also, the output buffer is unmodified and 0 is returned. - @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated + If BufferSize is 0, then no output buffer is produced and 0 is returned. + + @param StartOfBuffer A pointer to the output buffer for the produced Null-terminated ASCII string. @param BufferSize The size, in bytes, of the output buffer specified by StartOfBuffer. - @param FormatString Null-terminated Unicode format string. - @param ... Variable argument list whose contents are accessed based on the + @param FormatString A Null-terminated Unicode format string. + @param ... Variable argument list whose contents are accessed based on the format string specified by FormatString. @return The number of ASCII characters in the produced output buffer not including the @@ -1254,6 +1347,56 @@ InternalPrintLibSPrintMarker ( // DxePrintLibPrint2Protocol (both PrintLib instances). // + // + // 1. Buffer shall not be a null pointer when both BufferSize > 0 and + // COUNT_ONLY_NO_PRINT is not set in Flags. + // + if ((BufferSize > 0) && ((Flags & COUNT_ONLY_NO_PRINT) == 0)) { + SAFE_PRINT_CONSTRAINT_CHECK ((Buffer != NULL), 0); + } + + // + // 2. Format shall not be a null pointer when BufferSize > 0 or when + // COUNT_ONLY_NO_PRINT is set in Flags. + // + if ((BufferSize > 0) || ((Flags & COUNT_ONLY_NO_PRINT) != 0)) { + SAFE_PRINT_CONSTRAINT_CHECK ((Format != NULL), 0); + } + + // + // 3. BufferSize shall not be greater than RSIZE_MAX for Unicode output or + // ASCII_RSIZE_MAX for Ascii output. + // + if ((Flags & OUTPUT_UNICODE) != 0) { + if (RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX), 0); + } + BytesPerOutputCharacter = 2; + } else { + if (ASCII_RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), 0); + } + BytesPerOutputCharacter = 1; + } + + // + // 4. Format shall not contain more than RSIZE_MAX Unicode characters or + // ASCII_RSIZE_MAX Ascii characters. + // + if ((Flags & FORMAT_UNICODE) != 0) { + if (RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((StrnLenS ((CHAR16 *)Format, RSIZE_MAX + 1) <= RSIZE_MAX), 0); + } + BytesPerFormatCharacter = 2; + FormatMask = 0xffff; + } else { + if (ASCII_RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((AsciiStrnLenS (Format, ASCII_RSIZE_MAX + 1) <= ASCII_RSIZE_MAX), 0); + } + BytesPerFormatCharacter = 1; + FormatMask = 0xff; + } + if ((Flags & COUNT_ONLY_NO_PRINT) != 0) { if (BufferSize == 0) { Buffer = NULL; @@ -1265,13 +1408,6 @@ InternalPrintLibSPrintMarker ( if (BufferSize == 0) { return 0; } - ASSERT (Buffer != NULL); - } - - if ((Flags & OUTPUT_UNICODE) != 0) { - BytesPerOutputCharacter = 2; - } else { - BytesPerOutputCharacter = 1; } LengthToReturn = 0; @@ -1291,24 +1427,6 @@ InternalPrintLibSPrintMarker ( EndBuffer = Buffer + BufferSize * BytesPerOutputCharacter; } - if ((Flags & FORMAT_UNICODE) != 0) { - // - // Make sure format string cannot contain more than PcdMaximumUnicodeStringLength - // Unicode characters if PcdMaximumUnicodeStringLength is not zero. - // - ASSERT (StrSize ((CHAR16 *) Format) != 0); - BytesPerFormatCharacter = 2; - FormatMask = 0xffff; - } else { - // - // Make sure format string cannot contain more than PcdMaximumAsciiStringLength - // Ascii characters if PcdMaximumAsciiStringLength is not zero. - // - ASSERT (AsciiStrSize (Format) != 0); - BytesPerFormatCharacter = 1; - FormatMask = 0xff; - } - // // Get the first character from the format string // @@ -1877,16 +1995,6 @@ InternalPrintLibSPrintMarker ( // Null terminate the Unicode or ASCII string // InternalPrintLibFillBuffer (Buffer, EndBuffer + BytesPerOutputCharacter, 1, 0, BytesPerOutputCharacter); - // - // Make sure output buffer cannot contain more than PcdMaximumUnicodeStringLength - // Unicode characters if PcdMaximumUnicodeStringLength is not zero. - // - ASSERT ((((Flags & OUTPUT_UNICODE) == 0)) || (StrSize ((CHAR16 *) OriginalBuffer) != 0)); - // - // Make sure output buffer cannot contain more than PcdMaximumAsciiStringLength - // ASCII characters if PcdMaximumAsciiStringLength is not zero. - // - ASSERT ((((Flags & OUTPUT_UNICODE) != 0)) || (AsciiStrSize (OriginalBuffer) != 0)); return ((Buffer - OriginalBuffer) / BytesPerOutputCharacter); } @@ -1895,9 +2003,13 @@ InternalPrintLibSPrintMarker ( Returns the number of characters that would be produced by if the formatted output were produced not including the Null-terminator. - If FormatString is NULL, then ASSERT(). If FormatString is not aligned on a 16-bit boundary, then ASSERT(). + If FormatString is NULL, then ASSERT() and 0 is returned. + If PcdMaximumUnicodeStringLength is not zero, and FormatString contains more + than PcdMaximumUnicodeStringLength Unicode characters not including the + Null-terminator, then ASSERT() and 0 is returned. + @param[in] FormatString A Null-terminated Unicode format string. @param[in] Marker VA_LIST marker for the variable argument list. @@ -1911,7 +2023,7 @@ SPrintLength ( IN VA_LIST Marker ) { - ASSERT(FormatString != NULL); + ASSERT_UNICODE_BUFFER (FormatString); return InternalPrintLibSPrintMarker (NULL, 0, FORMAT_UNICODE | OUTPUT_UNICODE | COUNT_ONLY_NO_PRINT, (CHAR8 *)FormatString, Marker, NULL); } @@ -1919,7 +2031,10 @@ SPrintLength ( Returns the number of characters that would be produced by if the formatted output were produced not including the Null-terminator. - If FormatString is NULL, then ASSERT(). + If FormatString is NULL, then ASSERT() and 0 is returned. + If PcdMaximumAsciiStringLength is not zero, and FormatString contains more + than PcdMaximumAsciiStringLength Ascii characters not including the + Null-terminator, then ASSERT() and 0 is returned. @param[in] FormatString A Null-terminated ASCII format string. @param[in] Marker VA_LIST marker for the variable argument list. @@ -1934,6 +2049,5 @@ SPrintLengthAsciiFormat ( IN VA_LIST Marker ) { - ASSERT(FormatString != NULL); return InternalPrintLibSPrintMarker (NULL, 0, OUTPUT_UNICODE | COUNT_ONLY_NO_PRINT, (CHAR8 *)FormatString, Marker, NULL); } -- 1.9.5.msysgit.0