From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ispras.ru (mail.ispras.ru []) by mx.groups.io with SMTP id smtpd.web11.10194.1589302965578636171 for ; Tue, 12 May 2020 10:02:47 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: ispras.ru, ip: , mailfrom: cheptsov@ispras.ru) Received: from localhost.localdomain (unknown [77.232.9.83]) by mail.ispras.ru (Postfix) with ESMTPSA id 6E21ECD47F; Tue, 12 May 2020 20:02:45 +0300 (MSK) From: "Vitaly Cheptsov" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao Subject: [PATCH V5 27/27] MdePkg: Use assertion on constraint violation bit in SafeString Date: Tue, 12 May 2020 20:02:37 +0300 Message-Id: <20200512170237.19796-28-cheptsov@ispras.ru> X-Mailer: git-send-email 2.24.2 (Apple Git-127) In-Reply-To: <20200512170237.19796-1-cheptsov@ispras.ru> References: <20200512170237.19796-1-cheptsov@ispras.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 This change allows using SafeString interfaces for untrusted data checking when constraint violation assertions are disabled. Note, for packages with constraint assertions disabled this change turn off the assertions on constraint violations. CC: Michael D Kinney CC: Liming Gao Signed-off-by: Vitaly Cheptsov --- MdePkg/Include/Library/BaseLib.h | 120 ++++++++++---------- MdePkg/Library/BaseLib/SafeString.c | 2 +- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index b0bbe8cef8..9c9f9fe25f 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -216,7 +216,7 @@ StrnSizeS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -252,7 +252,7 @@ StrCpyS ( =0D If Length > 0 and Destination is not aligned on a 16-bit boundary, then = ASSERT().=0D If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSER= T().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -290,7 +290,7 @@ StrnCpyS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -330,7 +330,7 @@ StrCatS ( =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -377,12 +377,12 @@ StrnCatS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -433,12 +433,12 @@ StrDecimalToUintnS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -494,12 +494,12 @@ StrDecimalToUint64S ( the first character that is a not a valid hexadecimal character or NULL,= =0D whichever one comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -555,12 +555,12 @@ StrHexToUintnS ( the first character that is a not a valid hexadecimal character or NULL,= =0D whichever one comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -649,7 +649,7 @@ AsciiStrnSizeS ( =0D This function is similar as strcpy_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -683,7 +683,7 @@ AsciiStrCpyS ( =0D This function is similar as strncpy_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -719,7 +719,7 @@ AsciiStrnCpyS ( =0D This function is similar as strcat_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -757,7 +757,7 @@ AsciiStrCatS ( =0D This function is similar as strncat_s defined in C11.=0D =0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -804,11 +804,11 @@ AsciiStrnCatS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -859,11 +859,11 @@ AsciiStrDecimalToUintnS ( be ignored. Then, the function stops at the first character that is a no= t a=0D valid decimal character or a Null-terminator, whichever one comes first.= =0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid decimal digits in the above format, then 0 is sto= red=0D at the location pointed to by Data.=0D @@ -918,11 +918,11 @@ AsciiStrDecimalToUint64S ( character that is a not a valid hexadecimal character or Null-terminator= ,=0D whichever on comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -977,11 +977,11 @@ AsciiStrHexToUintnS ( character that is a not a valid hexadecimal character or Null-terminator= ,=0D whichever on comes first.=0D =0D - If String is NULL, then ASSERT().=0D - If Data is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Data is NULL, then ASSERT_CONSTRAINT().=0D If PcdMaximumAsciiStringLength is not zero, and String contains more tha= n=0D PcdMaximumAsciiStringLength Ascii characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If String has no valid hexadecimal digits in the above format, then 0 is= =0D stored at the location pointed to by Data.=0D @@ -1533,15 +1533,15 @@ StrHexToUint64 ( "::" can be used to compress one or more groups of X when X contains onl= y 0.=0D The "::" can only appear once in the String.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -1594,15 +1594,15 @@ StrToIpv6Address ( When /P is in the String, the function stops at the first character that= is not=0D a valid decimal digit character after P is converted.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D If PcdMaximumUnicodeStringLength is not zero, and String contains more t= han=0D PcdMaximumUnicodeStringLength Unicode characters, not including the=0D - Null-terminator, then ASSERT().=0D + Null-terminator, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -1667,8 +1667,8 @@ StrToIpv4Address ( oo Data4[48:55]=0D pp Data4[56:63]=0D =0D - If String is NULL, then ASSERT().=0D - If Guid is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Guid is NULL, then ASSERT_CONSTRAINT().=0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D @param String Pointer to a Null-terminated Unicode st= ring.=0D @@ -1703,16 +1703,16 @@ StrToGuid ( =0D If String is not aligned in a 16-bit boundary, then ASSERT().=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Buffer is NULL, then ASSERT().=0D + If Buffer is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Length is not multiple of 2, then ASSERT().=0D + If Length is not multiple of 2, then ASSERT_CONSTRAINT().=0D =0D If PcdMaximumUnicodeStringLength is not zero and Length is greater than= =0D - PcdMaximumUnicodeStringLength, then ASSERT().=0D + PcdMaximumUnicodeStringLength, then ASSERT_CONSTRAINT().=0D =0D - If MaxBufferSize is less than (Length / 2), then ASSERT().=0D + If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated Unicode st= ring.=0D @param Length The number of Unicode characters to dec= ode.=0D @@ -1804,7 +1804,7 @@ UnicodeStrToAsciiStr ( the upper 8 bits, then ASSERT().=0D =0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -1851,7 +1851,7 @@ UnicodeStrToAsciiStrS ( If any Unicode characters in Source contain non-zero value in the upper = 8=0D bits, then ASSERT().=0D If Source is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -2415,9 +2415,9 @@ AsciiStrHexToUint64 ( "::" can be used to compress one or more groups of X when X contains onl= y 0.=0D The "::" can only appear once in the String.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -2470,9 +2470,9 @@ AsciiStrToIpv6Address ( When /P is in the String, the function stops at the first character that= is not=0D a valid decimal digit character after P is converted.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Address is NULL, then ASSERT().=0D + If Address is NULL, then ASSERT_CONSTRAINT().=0D =0D If EndPointer is not NULL and Address is translated from String, a point= er=0D to the character that stopped the scan is stored at the location pointed= to=0D @@ -2535,8 +2535,8 @@ AsciiStrToIpv4Address ( oo Data4[48:55]=0D pp Data4[56:63]=0D =0D - If String is NULL, then ASSERT().=0D - If Guid is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D + If Guid is NULL, then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated ASCII stri= ng.=0D @param Guid Pointer to the converted GUID.=0D @@ -2568,16 +2568,16 @@ AsciiStrToGuid ( decoding stops after Length of characters and outputs Buffer containing= =0D (Length / 2) bytes.=0D =0D - If String is NULL, then ASSERT().=0D + If String is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Buffer is NULL, then ASSERT().=0D + If Buffer is NULL, then ASSERT_CONSTRAINT().=0D =0D - If Length is not multiple of 2, then ASSERT().=0D + If Length is not multiple of 2, then ASSERT_CONSTRAINT().=0D =0D If PcdMaximumAsciiStringLength is not zero and Length is greater than=0D - PcdMaximumAsciiStringLength, then ASSERT().=0D + PcdMaximumAsciiStringLength, then ASSERT_CONSTRAINT().=0D =0D - If MaxBufferSize is less than (Length / 2), then ASSERT().=0D + If MaxBufferSize is less than (Length / 2), then ASSERT_CONSTRAINT().=0D =0D @param String Pointer to a Null-terminated ASCII stri= ng.=0D @param Length The number of ASCII characters to decod= e.=0D @@ -2659,7 +2659,7 @@ AsciiStrToUnicodeStr ( equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in = bytes.=0D =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then the Destination is unmodified.=0D =0D @@ -2705,7 +2705,7 @@ AsciiStrToUnicodeStrS ( ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.=0D =0D If Destination is not aligned on a 16-bit boundary, then ASSERT().=0D - If an error would be returned, then the function will also ASSERT().=0D + If an error would be returned, then the function will also ASSERT_CONSTR= AINT().=0D =0D If an error is returned, then Destination and DestinationLength are=0D unmodified.=0D diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/S= afeString.c index 7dc03d2caa..f6cdd76c82 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -14,7 +14,7 @@ =0D #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \=0D do { \=0D - ASSERT (Expression); \=0D + ASSERT_CONSTRAINT (Expression); \=0D if (!(Expression)) { \=0D return Status; \=0D } \=0D --=20 2.24.2 (Apple Git-127)