From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ispras.ru (mail.ispras.ru []) by mx.groups.io with SMTP id smtpd.web10.14607.1589211685436724774 for ; Mon, 11 May 2020 08:41:28 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: ispras.ru, ip: , mailfrom: cheptsov@ispras.ru) Received: from localhost.localdomain (unknown [77.232.9.83]) by mail.ispras.ru (Postfix) with ESMTPSA id 4738ACD469 for ; Mon, 11 May 2020 18:41:27 +0300 (MSK) From: "Vitaly Cheptsov" To: devel@edk2.groups.io Subject: [PATCH V4 27/27] MdePkg: Use assertion on constraint violation bit in SafeString Date: Mon, 11 May 2020 18:41:21 +0300 Message-Id: <20200511154121.3878-28-cheptsov@ispras.ru> X-Mailer: git-send-email 2.24.2 (Apple Git-127) In-Reply-To: <20200511154121.3878-1-cheptsov@ispras.ru> References: <20200511154121.3878-1-cheptsov@ispras.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 This change allows using SafeString interfaces for untrusted data checking when constraint violation assertions are disabled. Signed-off-by: Vitaly Cheptsov --- MdePkg/Include/Library/BaseLib.h | 120 ++++++++++---------- MdePkg/Library/BaseLib/SafeString.c | 2 +- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index b0bbe8cef8..9c9f9fe25f 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -216,7 +216,7 @@ StrnSizeS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -252,7 +252,7 @@ StrCpyS ( =0D If Length > 0 and Destination is not aligned on a 16-bit boundary, then = ASSERT().=0D If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSER= T().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -290,7 +290,7 @@ StrnCpyS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -330,7 +330,7 @@ StrCatS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -377,12 +377,12 @@ StrnCatS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -433,12 +433,12 @@ StrDecimalToUintnS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -494,12 +494,12 @@ StrDecimalToUint64S ( the first character that is a not a valid hexadecimal character or NULL,= =0D whichever one comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -555,12 +555,12 @@ StrHexToUintnS ( the first character that is a not a valid hexadecimal character or NULL,= =0D whichever one comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -649,7 +649,7 @@ AsciiStrnSizeS ( =0D This function is similar as strcpy_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -683,7 +683,7 @@ AsciiStrCpyS ( =0D This function is similar as strncpy_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -719,7 +719,7 @@ AsciiStrnCpyS ( =0D This function is similar as strcat_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -757,7 +757,7 @@ AsciiStrCatS ( =0D This function is similar as strncat_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -804,11 +804,11 @@ AsciiStrnCatS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -859,11 +859,11 @@ AsciiStrDecimalToUintnS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -918,11 +918,11 @@ AsciiStrDecimalToUint64S ( character that is a not a valid hexadecimal character or Null-terminator= ,=0D whichever on comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -977,11 +977,11 @@ AsciiStrHexToUintnS ( character that is a not a valid hexadecimal character or Null-terminator= ,=0D whichever on comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -1533,15 +1533,15 @@ StrHexToUint64 ( "::" can be used to compress one or more groups of X when X contains onl= y 0.=0D The "::" can only appear once in the String.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -1594,15 +1594,15 @@ StrToIpv6Address ( When /P is in the String, the function stops at the first character that= is not=0D a valid decimal digit character after P is converted.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -1667,8 +1667,8 @@ StrToIpv4Address ( oo Data4[48:55]=0D pp Data4[56:63]=0D =0D - If String is NULL, then ASSERT().=0D - If Guid is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Guid is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D @param String Pointer to a Null-terminated Unicode st= ring.=0D @@ -1703,16 +1703,16 @@ StrToGuid ( =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Buffer is NULL, then ASSERT().=0D + If Buffer is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Length is not multiple of 2, then ASSERT().=0D + If Length is not multiple of 2, then ASSERT_CONSTRAINT().=0D =0D If PcdMaximumUnicodeStringLength is not zero and Length is greater than= =0D - PcdMaximumUnicodeStringLength, then ASSERT().=0D + PcdMaximumUnicodeStringLength, then ASSERT_CONSTRAINT().=0D =0D - If MaxBufferSize is less than (Length / 2), then ASSERT().=0D + If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated Unicode st= ring.=0D @param Length The number of Unicode characters to dec= ode.=0D @@ -1804,7 +1804,7 @@ UnicodeStrToAsciiStr ( the upper 8 bits, then ASSERT().=0D =0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -1851,7 +1851,7 @@ UnicodeStrToAsciiStrS ( If any Unicode characters in Source contain non-zero value in the upper = 8=0D bits, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -2415,9 +2415,9 @@ AsciiStrHexToUint64 ( "::" can be used to compress one or more groups of X when X contains onl= y 0.=0D The "::" can only appear once in the String.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -2470,9 +2470,9 @@ AsciiStrToIpv6Address ( When /P is in the String, the function stops at the first character that= is not=0D a valid decimal digit character after P is converted.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -2535,8 +2535,8 @@ AsciiStrToIpv4Address ( oo Data4[48:55]=0D pp Data4[56:63]=0D =0D - If String is NULL, then ASSERT().=0D - If Guid is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Guid is NULL, then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated ASCII stri= ng.=0D @param Guid Pointer to the converted GUID.=0D @@ -2568,16 +2568,16 @@ AsciiStrToGuid ( decoding stops after Length of characters and outputs Buffer containing= =0D (Length / 2) bytes.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Buffer is NULL, then ASSERT().=0D + If Buffer is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Length is not multiple of 2, then ASSERT().=0D + If Length is not multiple of 2, then ASSERT_CONSTRAINT().=0D =0D If PcdMaximumAsciiStringLength is not zero and Length is greater than=0D - PcdMaximumAsciiStringLength, then ASSERT().=0D + PcdMaximumAsciiStringLength, then ASSERT_CONSTRAINT().=0D =0D - If MaxBufferSize is less than (Length / 2), then ASSERT().=0D + If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated ASCII stri= ng.=0D @param Length The number of ASCII characters to decod= e.=0D @@ -2659,7 +2659,7 @@ AsciiStrToUnicodeStr ( equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in = bytes.=0D =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -2705,7 +2705,7 @@ AsciiStrToUnicodeStrS ( ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.=0D =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then Destination and DestinationLength are=0D unmodified.=0D diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/S= afeString.c index 7dc03d2caa..f6cdd76c82 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -14,7 +14,7 @@ =0D #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \=0D do { \=0D - ASSERT (Expression); \=0D + ASSERT_CONSTRAINT (Expression); \=0D if (!(Expression)) { \=0D return Status; \=0D } \=0D --=20 2.24.2 (Apple Git-127)