From: "Vitaly Cheptsov" <cheptsov@ispras.ru>
To: devel@edk2.groups.io
Subject: [PATCH V4 27/27] MdePkg: Use assertion on constraint violation bit in SafeString
Date: Mon, 11 May 2020 18:41:21 +0300 [thread overview]
Message-ID: <20200511154121.3878-28-cheptsov@ispras.ru> (raw)
In-Reply-To: <20200511154121.3878-1-cheptsov@ispras.ru>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
This change allows using SafeString interfaces for untrusted data
checking when constraint violation assertions are disabled.
Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
---
MdePkg/Include/Library/BaseLib.h | 120 ++++++++++----------
MdePkg/Library/BaseLib/SafeString.c | 2 +-
2 files changed, 61 insertions(+), 61 deletions(-)
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index b0bbe8cef8..9c9f9fe25f 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -216,7 +216,7 @@ StrnSizeS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -252,7 +252,7 @@ StrCpyS (
If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -290,7 +290,7 @@ StrnCpyS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -330,7 +330,7 @@ StrCatS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -377,12 +377,12 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -433,12 +433,12 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -494,12 +494,12 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -555,12 +555,12 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -649,7 +649,7 @@ AsciiStrnSizeS (
This function is similar as strcpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -683,7 +683,7 @@ AsciiStrCpyS (
This function is similar as strncpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -719,7 +719,7 @@ AsciiStrnCpyS (
This function is similar as strcat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -757,7 +757,7 @@ AsciiStrCatS (
This function is similar as strncat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -804,11 +804,11 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -859,11 +859,11 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -918,11 +918,11 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -977,11 +977,11 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -1533,15 +1533,15 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -1594,15 +1594,15 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -1667,8 +1667,8 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Guid is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@@ -1703,16 +1703,16 @@ StrToGuid (
If String is not aligned in a 16-bit boundary, then ASSERT().
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Buffer is NULL, then ASSERT().
+ If Buffer is NULL, then ASSERT_CONSTRAINT().
- If Length is not multiple of 2, then ASSERT().
+ If Length is not multiple of 2, then ASSERT_CONSTRAINT().
If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
+ PcdMaximumUnicodeStringLength, then ASSERT_CONSTRAINT().
- If MaxBufferSize is less than (Length / 2), then ASSERT().
+ If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@@ -1804,7 +1804,7 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -1851,7 +1851,7 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -2415,9 +2415,9 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -2470,9 +2470,9 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -2535,8 +2535,8 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Guid is NULL, then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.
@@ -2568,16 +2568,16 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Buffer is NULL, then ASSERT().
+ If Buffer is NULL, then ASSERT_CONSTRAINT().
- If Length is not multiple of 2, then ASSERT().
+ If Length is not multiple of 2, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
+ PcdMaximumAsciiStringLength, then ASSERT_CONSTRAINT().
- If MaxBufferSize is less than (Length / 2), then ASSERT().
+ If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@@ -2659,7 +2659,7 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -2705,7 +2705,7 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then Destination and DestinationLength are
unmodified.
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..f6cdd76c82 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,7 +14,7 @@
#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
- ASSERT (Expression); \
+ ASSERT_CONSTRAINT (Expression); \
if (!(Expression)) { \
return Status; \
} \
--
2.24.2 (Apple Git-127)
next prev parent reply other threads:[~2020-05-11 15:41 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 15:40 [PATCH V4 00/27] Disabling safe string constraint assertions Vitaly Cheptsov
2020-05-11 15:40 ` [PATCH V4 01/27] MdePkg: Introduce DebugCommonLib interface and BaseDebugCommonLib Vitaly Cheptsov
2020-05-11 20:37 ` [edk2-devel] " Laszlo Ersek
2020-05-11 20:42 ` Laszlo Ersek
2020-05-11 15:40 ` [PATCH V4 02/27] UnitTestFrameworkPkg: Add support for DebugCommonLib Vitaly Cheptsov
2020-05-11 15:40 ` [PATCH V4 03/27] MdePkg: " Vitaly Cheptsov
2020-05-11 15:40 ` [PATCH V4 04/27] MdeModulePkg: " Vitaly Cheptsov
2020-05-11 15:40 ` [PATCH V4 05/27] ArmPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 06/27] ArmPlatformPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 07/27] ArmVirtPkg: " Vitaly Cheptsov
2020-05-11 20:42 ` [edk2-devel] " Laszlo Ersek
2020-05-11 15:41 ` [PATCH V4 08/27] CryptoPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 09/27] DynamicTablesPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 10/27] EmbeddedPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 11/27] EmulatorPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 12/27] FatPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 13/27] FmpDevicePkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 14/27] IntelFsp2Pkg: " Vitaly Cheptsov
2020-05-12 0:49 ` [edk2-devel] " Chiu, Chasel
2020-05-11 15:41 ` [PATCH V4 15/27] IntelFsp2WrapperPkg: " Vitaly Cheptsov
2020-05-12 0:47 ` [edk2-devel] " Chiu, Chasel
2020-05-11 15:41 ` [PATCH V4 16/27] OvmfPkg: " Vitaly Cheptsov
2020-05-11 20:49 ` [edk2-devel] " Laszlo Ersek
2020-05-11 15:41 ` [PATCH V4 17/27] NetworkPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 18/27] ShellPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 19/27] SecurityPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 20/27] PcAtChipsetPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 21/27] SignedCapsulePkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 22/27] SourceLevelDebugPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 23/27] StandaloneMmPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 24/27] UefiCpuPkg: " Vitaly Cheptsov
2020-05-11 20:52 ` [edk2-devel] " Laszlo Ersek
2020-05-11 15:41 ` [PATCH V4 25/27] UefiPayloadPkg: " Vitaly Cheptsov
2020-05-11 15:41 ` [PATCH V4 26/27] MdePkg: Introduce assertion on constraint debug mask bit Vitaly Cheptsov
2020-05-11 20:58 ` [edk2-devel] " Laszlo Ersek
2020-05-11 22:12 ` Laszlo Ersek
2020-05-11 15:41 ` Vitaly Cheptsov [this message]
2020-05-11 21:04 ` [edk2-devel] [PATCH V4 27/27] MdePkg: Use assertion on constraint violation bit in SafeString Laszlo Ersek
2020-05-11 22:40 ` [PATCH V4 00/27] Disabling safe string constraint assertions Michael D Kinney
2020-05-12 9:50 ` Laszlo Ersek
2020-05-12 17:03 ` Vitaly Cheptsov
2020-05-12 18:18 ` [edk2-devel] " Michael D Kinney
2020-05-12 18:57 ` Vitaly Cheptsov
2020-05-13 17:59 ` Liming Gao
2020-05-13 18:37 ` Vitaly Cheptsov
2020-05-13 9:16 ` Laszlo Ersek
2020-05-13 14:41 ` [EXTERNAL] " Bret Barkelew
2020-05-13 20:14 ` Brian J. Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200511154121.3878-28-cheptsov@ispras.ru \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox