From: "Vitaly Cheptsov" <cheptsov@ispras.ru>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <liming.gao@intel.com>
Subject: [PATCH V5 27/27] MdePkg: Use assertion on constraint violation bit in SafeString
Date: Tue, 12 May 2020 20:02:37 +0300 [thread overview]
Message-ID: <20200512170237.19796-28-cheptsov@ispras.ru> (raw)
In-Reply-To: <20200512170237.19796-1-cheptsov@ispras.ru>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
This change allows using SafeString interfaces for untrusted data
checking when constraint violation assertions are disabled.
Note, for packages with constraint assertions disabled this change
turn off the assertions on constraint violations.
CC: Michael D Kinney <michael.d.kinney@intel.com>
CC: Liming Gao <liming.gao@intel.com>
Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
---
MdePkg/Include/Library/BaseLib.h | 120 ++++++++++----------
MdePkg/Library/BaseLib/SafeString.c | 2 +-
2 files changed, 61 insertions(+), 61 deletions(-)
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index b0bbe8cef8..9c9f9fe25f 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -216,7 +216,7 @@ StrnSizeS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -252,7 +252,7 @@ StrCpyS (
If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -290,7 +290,7 @@ StrnCpyS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -330,7 +330,7 @@ StrCatS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -377,12 +377,12 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -433,12 +433,12 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -494,12 +494,12 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -555,12 +555,12 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -649,7 +649,7 @@ AsciiStrnSizeS (
This function is similar as strcpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -683,7 +683,7 @@ AsciiStrCpyS (
This function is similar as strncpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -719,7 +719,7 @@ AsciiStrnCpyS (
This function is similar as strcat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -757,7 +757,7 @@ AsciiStrCatS (
This function is similar as strncat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -804,11 +804,11 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -859,11 +859,11 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -918,11 +918,11 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -977,11 +977,11 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Data is NULL, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -1533,15 +1533,15 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -1594,15 +1594,15 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
+ Null-terminator, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -1667,8 +1667,8 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Guid is NULL, then ASSERT_CONSTRAINT().
If String is not aligned in a 16-bit boundary, then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@@ -1703,16 +1703,16 @@ StrToGuid (
If String is not aligned in a 16-bit boundary, then ASSERT().
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Buffer is NULL, then ASSERT().
+ If Buffer is NULL, then ASSERT_CONSTRAINT().
- If Length is not multiple of 2, then ASSERT().
+ If Length is not multiple of 2, then ASSERT_CONSTRAINT().
If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
+ PcdMaximumUnicodeStringLength, then ASSERT_CONSTRAINT().
- If MaxBufferSize is less than (Length / 2), then ASSERT().
+ If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@@ -1804,7 +1804,7 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -1851,7 +1851,7 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -2415,9 +2415,9 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -2470,9 +2470,9 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Address is NULL, then ASSERT().
+ If Address is NULL, then ASSERT_CONSTRAINT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
@@ -2535,8 +2535,8 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
+ If Guid is NULL, then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.
@@ -2568,16 +2568,16 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.
- If String is NULL, then ASSERT().
+ If String is NULL, then ASSERT_CONSTRAINT().
- If Buffer is NULL, then ASSERT().
+ If Buffer is NULL, then ASSERT_CONSTRAINT().
- If Length is not multiple of 2, then ASSERT().
+ If Length is not multiple of 2, then ASSERT_CONSTRAINT().
If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
+ PcdMaximumAsciiStringLength, then ASSERT_CONSTRAINT().
- If MaxBufferSize is less than (Length / 2), then ASSERT().
+ If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@@ -2659,7 +2659,7 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then the Destination is unmodified.
@@ -2705,7 +2705,7 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
+ If an error would be returned, then the function will also ASSERT_CONSTRAINT().
If an error is returned, then Destination and DestinationLength are
unmodified.
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..f6cdd76c82 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,7 +14,7 @@
#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
- ASSERT (Expression); \
+ ASSERT_CONSTRAINT (Expression); \
if (!(Expression)) { \
return Status; \
} \
--
2.24.2 (Apple Git-127)
prev parent reply other threads:[~2020-05-12 17:02 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-12 17:02 [PATCH V5 00/27] Disabling safe string constraint assertions Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 01/27] MdePkg: Introduce DebugCommonLib interface and BaseDebugCommonLib Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 02/27] UnitTestFrameworkPkg: Add support for DebugCommonLib Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 03/27] MdePkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 04/27] MdeModulePkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 05/27] ArmPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 06/27] ArmPlatformPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 07/27] ArmVirtPkg: " Vitaly Cheptsov
2020-05-13 11:05 ` [edk2-devel] " Laszlo Ersek
2020-05-12 17:02 ` [PATCH V5 08/27] CryptoPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 09/27] DynamicTablesPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 10/27] EmbeddedPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 11/27] EmulatorPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 12/27] FatPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 13/27] FmpDevicePkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 14/27] IntelFsp2Pkg: " Vitaly Cheptsov
2020-05-13 0:09 ` Chiu, Chasel
2020-05-12 17:02 ` [PATCH V5 15/27] IntelFsp2WrapperPkg: " Vitaly Cheptsov
2020-05-13 0:06 ` Chiu, Chasel
2020-05-12 17:02 ` [PATCH V5 16/27] OvmfPkg: " Vitaly Cheptsov
2020-05-13 11:11 ` [edk2-devel] " Laszlo Ersek
2020-05-12 17:02 ` [PATCH V5 17/27] NetworkPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 18/27] ShellPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 19/27] SecurityPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 20/27] PcAtChipsetPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 21/27] SignedCapsulePkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 22/27] SourceLevelDebugPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 23/27] StandaloneMmPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 24/27] UefiCpuPkg: " Vitaly Cheptsov
2020-05-13 11:07 ` [edk2-devel] " Laszlo Ersek
2020-05-13 14:43 ` [EXTERNAL] " Bret Barkelew
2020-05-13 15:37 ` Laszlo Ersek
2020-05-13 15:52 ` Laszlo Ersek
2020-05-13 16:06 ` Michael D Kinney
2020-05-12 17:02 ` [PATCH V5 25/27] UefiPayloadPkg: " Vitaly Cheptsov
2020-05-12 17:02 ` [PATCH V5 26/27] MdePkg: Introduce assertion on constraint debug mask bit Vitaly Cheptsov
2020-05-12 17:02 ` Vitaly Cheptsov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200512170237.19796-28-cheptsov@ispras.ru \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox