From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: zhichao.gao@intel.com) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by groups.io with SMTP; Tue, 21 May 2019 00:49:59 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 May 2019 00:49:58 -0700 X-ExtLoop1: 1 Received: from fieedk001.ccr.corp.intel.com ([10.239.33.119]) by fmsmga006.fm.intel.com with ESMTP; 21 May 2019 00:49:57 -0700 From: "Gao, Zhichao" To: devel@edk2.groups.io Cc: Liming Gao , Hao A Wu Subject: [PATCH] IntelFrameworkModulePkg/DebugLib: Fix string copy issue Date: Tue, 21 May 2019 15:49:52 +0800 Message-Id: <20190521074952.38376-1-zhichao.gao@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1826 There is a bug to use AsciiStrCpyS to copy a truncated string. If would cause an assert because the truncated length is always less than the source string length. It should use the AsciiStrnCpyS instead. Cc: Liming Gao Cc: Hao A Wu Signed-off-by: Zhichao Gao --- .../Library/PeiDxeDebugLibReportStatusCode/DebugLib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c index e92601f89e..1840b6d683 100644 --- a/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c +++ b/IntelFrameworkModulePkg/Library/PeiDxeDebugLibReportStatusCode/DebugLib.c @@ -150,7 +150,7 @@ DebugPrintMarker ( FormatString = (CHAR8 *)((UINT64 *)(DebugInfo + 1) + 12); // - // Copy the Format string into the record + // Copy the Format string into the record. It will be truncated if it's too long. // // According to the content structure of Buffer shown above, the size of // the FormatString buffer is the size of Buffer minus the Padding @@ -158,7 +158,7 @@ DebugPrintMarker ( // variable arguments (12 * sizeof (UINT64)). // DestBufferSize = sizeof (Buffer) - 4 - sizeof (EFI_DEBUG_INFO) - 12 * sizeof (UINT64); - AsciiStrCpyS (FormatString, DestBufferSize / sizeof (CHAR8), Format); + AsciiStrnCpyS (FormatString, DestBufferSize / sizeof (CHAR8), Format, DestBufferSize / sizeof (CHAR8) - 1); // // The first 12 * sizeof (UINT64) bytes following EFI_DEBUG_INFO are for variable arguments -- 2.21.0.windows.1