From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id ABE3B21E0B9E3 for ; Fri, 2 Feb 2018 02:42:18 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Feb 2018 02:47:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,448,1511856000"; d="scan'208";a="14941576" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.19]) by orsmga008.jf.intel.com with ESMTP; 02 Feb 2018 02:47:55 -0800 From: Ruiyu Ni To: edk2-devel@lists.01.org Cc: Jiewen Yao , Liming Gao , Jian J Wang Date: Fri, 2 Feb 2018 18:47:53 +0800 Message-Id: <20180202104753.94568-1-ruiyu.ni@intel.com> X-Mailer: git-send-email 2.16.1.windows.1 Subject: [PATCH] MdePkg/SafeString: Directly return when length of source string is 0 X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 10:42:19 -0000 Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS doesn't directly return the the length of source string is 0. When length of source string is 0, it means the Source points to a memory that shouldn't be deferenced at all. So it's not proper to call StrnLenS() in such situation. In a pool guard enabled environment, when using shell to edit an existing file which contains empty line, the page fault is met. The patch fixes the four library functions to align to the behavior of non-safe version: directly return when length of source string is 0. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni Cc: Jiewen Yao Cc: Liming Gao Cc: Jian J Wang --- MdePkg/Library/BaseLib/SafeString.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c index 68c33e9b7b..fed818ef33 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -1,7 +1,7 @@ /** @file Safe String functions. - Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -317,6 +317,10 @@ StrnCpyS ( { UINTN SourceLen; + if (Length == 0) { + return RETURN_SUCCESS; + } + ASSERT (((UINTN) Destination & BIT0) == 0); ASSERT (((UINTN) Source & BIT0) == 0); @@ -515,6 +519,10 @@ StrnCatS ( UINTN CopyLen; UINTN SourceLen; + if (Length == 0) { + return RETURN_SUCCESS; + } + ASSERT (((UINTN) Destination & BIT0) == 0); ASSERT (((UINTN) Source & BIT0) == 0); @@ -1894,6 +1902,10 @@ AsciiStrnCpyS ( { UINTN SourceLen; + if (Length == 0) { + return RETURN_SUCCESS; + } + // // 1. Neither Destination nor Source shall be a null pointer. // @@ -2082,6 +2094,10 @@ AsciiStrnCatS ( UINTN CopyLen; UINTN SourceLen; + if (Length == 0) { + return RETURN_SUCCESS; + } + // // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS. // -- 2.16.1.windows.1