public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Vitaly Cheptsov" <vit9696@protonmail.com>
To: devel@edk2.groups.io
Subject: [PATCH v3 1/1] MdePkg: Add PCD to disable safe string constraint assertions
Date: Fri, 03 Jan 2020 17:12:46 +0000	[thread overview]
Message-ID: <20200103171242.63839-2-vit9696@protonmail.com> (raw)
In-Reply-To: <20200103171242.63839-1-vit9696@protonmail.com>

[-- Attachment #1: Type: text/plain, Size: 17597 bytes --]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime data checks are not meant to cause debug assertions
unless explicitly needed by some debug code (thus the PCD)
as this breaks debug builds validating data with BaseLib.

Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
---
 MdePkg/MdePkg.dec                   |  6 ++
 MdePkg/Library/BaseLib/BaseLib.inf  | 11 +--
 MdePkg/Include/Library/BaseLib.h    | 74 +++++++++++++-------
 MdePkg/Library/BaseLib/SafeString.c |  4 +-
 MdePkg/MdePkg.uni                   |  6 ++
 5 files changed, 71 insertions(+), 30 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index d022cc5e3e..0191b7a08b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -2221,6 +2221,12 @@ [PcdsFixedAtBuild,PcdsPatchableInModule]
   # @Prompt Memory Address of GuidedExtractHandler Table.
   gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|0x1000000|UINT64|0x30001015
 
+  ## Indicates if safe string constraint violation should assert.<BR><BR>
+  #   TRUE  - Safe string constraint violation causes assertion.<BR>
+  #   FALSE - Safe string constraint violation does not cause assertion.<BR>
+  # @Prompt Enable safe string constraint violation assertions.
+  gEfiMdePkgTokenSpaceGuid.PcdAssertOnSafeStringConstraints|TRUE|BOOLEAN|0x0000002e
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## This value is used to set the base address of PCI express hierarchy.
   # @Prompt PCI Express Base Address.
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index 3586beb0ab..bc98bc6134 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -390,11 +390,12 @@ [LibraryClasses]
   BaseMemoryLib
 
 [Pcd]
-  gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength      ## SOMETIMES_CONSUMES
-  gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength     ## SOMETIMES_CONSUMES
-  gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength   ## SOMETIMES_CONSUMES
-  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask   ## SOMETIMES_CONSUMES
-  gEfiMdePkgTokenSpaceGuid.PcdSpeculationBarrierType       ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdAssertOnSafeStringConstraints       ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength             ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength            ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength          ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask  ## SOMETIMES_CONSUMES
+  gEfiMdePkgTokenSpaceGuid.PcdSpeculationBarrierType              ## SOMETIMES_CONSUMES
 
 [FeaturePcd]
   gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList  ## CONSUMES
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 2a75bc023f..c413ca5f57 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -189,6 +189,8 @@ StrnSizeS (
 
   If Destination is not aligned on a 16-bit boundary, then ASSERT().
   If Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -225,6 +227,8 @@ StrCpyS (
 
   If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
   If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -263,6 +267,8 @@ StrnCpyS (
 
   If Destination is not aligned on a 16-bit boundary, then ASSERT().
   If Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -303,6 +309,8 @@ StrCatS (
 
   If Destination is not aligned on a 16-bit boundary, then ASSERT().
   If Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -350,9 +358,11 @@ StrnCatS (
   be ignored. Then, the function stops at the first character that is a not a
   valid decimal character or a Null-terminator, whichever one comes first.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
-  If String is not aligned in a 16-bit boundary, then ASSERT().
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -406,9 +416,11 @@ StrDecimalToUintnS (
   be ignored. Then, the function stops at the first character that is a not a
   valid decimal character or a Null-terminator, whichever one comes first.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
-  If String is not aligned in a 16-bit boundary, then ASSERT().
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -467,9 +479,11 @@ StrDecimalToUint64S (
   the first character that is a not a valid hexadecimal character or NULL,
   whichever one comes first.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
-  If String is not aligned in a 16-bit boundary, then ASSERT().
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -528,9 +542,11 @@ StrHexToUintnS (
   the first character that is a not a valid hexadecimal character or NULL,
   whichever one comes first.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
-  If String is not aligned in a 16-bit boundary, then ASSERT().
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -622,6 +638,7 @@ AsciiStrnSizeS (
 
   This function is similar as strcpy_s defined in C11.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -656,6 +673,7 @@ AsciiStrCpyS (
 
   This function is similar as strncpy_s defined in C11.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -692,6 +710,7 @@ AsciiStrnCpyS (
 
   This function is similar as strcat_s defined in C11.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -730,6 +749,7 @@ AsciiStrCatS (
 
   This function is similar as strncat_s defined in C11.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -777,6 +797,7 @@ AsciiStrnCatS (
   be ignored. Then, the function stops at the first character that is a not a
   valid decimal character or a Null-terminator, whichever one comes first.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
   If PcdMaximumAsciiStringLength is not zero, and String contains more than
@@ -832,6 +853,7 @@ AsciiStrDecimalToUintnS (
   be ignored. Then, the function stops at the first character that is a not a
   valid decimal character or a Null-terminator, whichever one comes first.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
   If PcdMaximumAsciiStringLength is not zero, and String contains more than
@@ -891,6 +913,7 @@ AsciiStrDecimalToUint64S (
   character that is a not a valid hexadecimal character or Null-terminator,
   whichever on comes first.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
   If PcdMaximumAsciiStringLength is not zero, and String contains more than
@@ -950,6 +973,7 @@ AsciiStrHexToUintnS (
   character that is a not a valid hexadecimal character or Null-terminator,
   whichever on comes first.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Data is NULL, then ASSERT().
   If PcdMaximumAsciiStringLength is not zero, and String contains more than
@@ -1506,12 +1530,11 @@ StrHexToUint64 (
   "::" can be used to compress one or more groups of X when X contains only 0.
   The "::" can only appear once in the String.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Address is NULL, then ASSERT().
-
-  If String is not aligned in a 16-bit boundary, then ASSERT().
-
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -1567,12 +1590,11 @@ StrToIpv6Address (
   When /P is in the String, the function stops at the first character that is not
   a valid decimal digit character after P is converted.
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Address is NULL, then ASSERT().
-
-  If String is not aligned in a 16-bit boundary, then ASSERT().
-
   If PcdMaximumUnicodeStringLength is not zero, and String contains more than
   PcdMaximumUnicodeStringLength Unicode characters, not including the
   Null-terminator, then ASSERT().
@@ -1640,9 +1662,11 @@ StrToIpv4Address (
                   oo          Data4[48:55]
                   pp          Data4[56:63]
 
+  If String is not aligned in a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Guid is NULL, then ASSERT().
-  If String is not aligned in a 16-bit boundary, then ASSERT().
 
   @param  String                   Pointer to a Null-terminated Unicode string.
   @param  Guid                     Pointer to the converted GUID.
@@ -1676,15 +1700,12 @@ StrToGuid (
 
   If String is not aligned in a 16-bit boundary, then ASSERT().
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Buffer is NULL, then ASSERT().
-
   If Length is not multiple of 2, then ASSERT().
-
   If PcdMaximumUnicodeStringLength is not zero and Length is greater than
   PcdMaximumUnicodeStringLength, then ASSERT().
-
   If MaxBufferSize is less than (Length / 2), then ASSERT().
 
   @param  String                   Pointer to a Null-terminated Unicode string.
@@ -1775,8 +1796,9 @@ UnicodeStrToAsciiStr (
 
   If any Unicode characters in Source contain non-zero value in
   the upper 8 bits, then ASSERT().
-
   If Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -1824,6 +1846,8 @@ UnicodeStrToAsciiStrS (
   If any Unicode characters in Source contain non-zero value in the upper 8
   bits, then ASSERT().
   If Source is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -2388,8 +2412,8 @@ AsciiStrHexToUint64 (
   "::" can be used to compress one or more groups of X when X contains only 0.
   The "::" can only appear once in the String.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Address is NULL, then ASSERT().
 
   If EndPointer is not NULL and Address is translated from String, a pointer
@@ -2443,8 +2467,8 @@ AsciiStrToIpv6Address (
   When /P is in the String, the function stops at the first character that is not
   a valid decimal digit character after P is converted.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Address is NULL, then ASSERT().
 
   If EndPointer is not NULL and Address is translated from String, a pointer
@@ -2508,6 +2532,7 @@ AsciiStrToIpv4Address (
                   oo          Data4[48:55]
                   pp          Data4[56:63]
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
   If Guid is NULL, then ASSERT().
 
@@ -2541,15 +2566,12 @@ AsciiStrToGuid (
   decoding stops after Length of characters and outputs Buffer containing
   (Length / 2) bytes.
 
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If String is NULL, then ASSERT().
-
   If Buffer is NULL, then ASSERT().
-
   If Length is not multiple of 2, then ASSERT().
-
   If PcdMaximumAsciiStringLength is not zero and Length is greater than
   PcdMaximumAsciiStringLength, then ASSERT().
-
   If MaxBufferSize is less than (Length / 2), then ASSERT().
 
   @param  String                   Pointer to a Null-terminated ASCII string.
@@ -2632,6 +2654,8 @@ AsciiStrToUnicodeStr (
   equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
 
   If Destination is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then the Destination is unmodified.
@@ -2678,6 +2702,8 @@ AsciiStrToUnicodeStrS (
   ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
 
   If Destination is not aligned on a 16-bit boundary, then ASSERT().
+
+  Unless PcdAssertOnSafeStringConstraints is set to FALSE:
   If an error would be returned, then the function will also ASSERT().
 
   If an error is returned, then Destination and DestinationLength are
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..56b5e34a8d 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,7 +14,9 @@
 
 #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status)  \
   do { \
-    ASSERT (Expression); \
+    if (PcdGetBool (PcdAssertOnSafeStringConstraints)) { \
+      ASSERT (Expression); \
+    } \
     if (!(Expression)) { \
       return Status; \
     } \
diff --git a/MdePkg/MdePkg.uni b/MdePkg/MdePkg.uni
index 5c1fa24065..425b66bb43 100644
--- a/MdePkg/MdePkg.uni
+++ b/MdePkg/MdePkg.uni
@@ -287,6 +287,12 @@
 
 #string STR_gEfiMdePkgTokenSpaceGuid_PcdGuidedExtractHandlerTableAddress_HELP  #language en-US "This value is used to set the available memory address to store Guided Extract Handlers. The required memory space is decided by the value of PcdMaximumGuidedExtractHandler."
 
+#string STR_gEfiMdePkgTokenSpaceGuid_PcdAssertOnSafeStringConstraints_PROMPT  #language en-US "Enable safe string constraint violation assertions"
+
+#string STR_gEfiMdePkgTokenSpaceGuid_PcdAssertOnSafeStringConstraints_HELP  #language en-US "Indicates if safe string constraint violation should assert.<BR><BR>\n"
+                                                                                   "TRUE  - Safe string constraint violation causes assertion.<BR>\n"
+                                                                                   "FALSE - Safe string constraint violation does not cause assertion.<BR>"
+
 #string STR_gEfiMdePkgTokenSpaceGuid_PcdPciExpressBaseAddress_PROMPT  #language en-US "PCI Express Base Address"
 
 #string STR_gEfiMdePkgTokenSpaceGuid_PcdPciExpressBaseAddress_HELP  #language en-US "This value is used to set the base address of PCI express hierarchy."
-- 
2.21.0 (Apple Git-122.2)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 489 bytes --]

  reply	other threads:[~2020-01-03 17:12 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-03 17:12 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions Vitaly Cheptsov
2020-01-03 17:12 ` Vitaly Cheptsov [this message]
2020-01-06 18:28 ` [edk2-devel] " Michael D Kinney
2020-01-06 18:43   ` Vitaly Cheptsov
2020-01-06 22:54     ` Sean
2020-01-08 16:35     ` Michael D Kinney
2020-01-27  9:47       ` Vitaly Cheptsov
2020-02-10 11:12         ` Vitaly Cheptsov
2020-02-14 11:54           ` Vitaly Cheptsov
2020-02-14 17:00             ` Michael D Kinney
2020-02-14 17:37               ` Vitaly Cheptsov
2020-02-14 22:50                 ` Michael D Kinney
2020-02-14 23:04                   ` Vitaly Cheptsov
2020-02-15  0:02                   ` Andrew Fish
2020-02-15  3:31                     ` Vitaly Cheptsov
2020-02-15  6:26                       ` Andrew Fish
2020-02-15 11:53                         ` Vitaly Cheptsov
2020-02-15 12:02                           ` Vitaly Cheptsov
2020-02-15 19:38                         ` Michael D Kinney
2020-02-16 21:25                           ` Andrew Fish
2020-02-17  6:55                             ` Vitaly Cheptsov
2020-02-17  8:26                             ` Marvin Häuser
2020-02-19 23:55                               ` Andrew Fish
2020-02-20 10:18                                 ` Marvin Häuser
2020-03-03 19:38                                   ` Marvin Häuser
2020-03-04  0:19                                     ` Liming Gao
2020-03-03 20:27                                   ` Andrew Fish
     [not found]                             ` <15F4232304E080CF.5373@groups.io>
2020-02-17  9:36                               ` Marvin Häuser
  -- strict thread matches above, loose matches on Subject: below --
2019-10-22  7:20 [PATCH v3 0/1] MdePkg: " Vitaly Cheptsov
2019-10-22  7:20 ` [PATCH v3 1/1] " Vitaly Cheptsov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200103171242.63839-2-vit9696@protonmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox