* [PATCH V7 0/1] Disable safe string constraint assertions
@ 2020-05-14 17:31 Vitaly Cheptsov
2020-05-14 17:31 ` [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
0 siblings, 1 reply; 6+ messages in thread
From: Vitaly Cheptsov @ 2020-05-14 17:31 UTC (permalink / raw)
To: devel
Cc: Andrew Fish, Ard Biesheuvel, Bret Barkelew, Brian J . Johnson,
Chasel Chiu, Jordan Justen, Laszlo Ersek, Leif Lindholm,
Liming Gao, Marvin Häuser, Mike Kinney, Vincent Zimmer,
Zhichao Gao
CC: Andrew Fish <afish@apple.com>
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
CC: Bret Barkelew <bret.barkelew@microsoft.com>
CC: Brian J. Johnson <brian.johnson@hpe.com>
CC: Chasel Chiu <chasel.chiu@intel.com>
CC: Jordan Justen <jordan.l.justen@intel.com>
CC: Laszlo Ersek <lersek@redhat.com>
CC: Leif Lindholm <leif@nuviainc.com>
CC: Liming Gao <liming.gao@intel.com>
CC: Marvin Häuser <mhaeuser@outlook.de>
CC: Mike Kinney <michael.d.kinney@intel.com>
CC: Vincent Zimmer <vincent.zimmer@intel.com>
CC: Zhichao Gao <zhichao.gao@intel.com>
V7 addressed review comments (only documentation changes).
Current implementation of SafeString does not let one parse untrusted
data with its interfaces as they ASSERT on failing runtime checks and
require one to effectively reimplement the function on the caller side.
All the former proposals made it clear that the attempts to introduce
a solution preserving this behaviour require a lot of changes
throughout the codebase including platform code (e.g. introducing
constraint assertions and updating all DebugLib implementations)
or require all sorts of hacks.
Since the original code has roughly no benefit except in some very
special cases and the effort required to preserve it is very high,
I propose to remove it as agreed on with several other parties.
Please note, that this patch does not change the behaviour of the
functions in RELEASE builds. I.e. they will still check for NULL
and return RETURN_INVALID_PARAMETER. In the future we may (or may
not) want them to simply ASSERT in this case. Regardless this should
be done in a separate BZ entry and a separate commit. For this reason
I ask everyone not to touch this subject.
Due to the amount of discussion this has already undergone after
almost a year I kindly request everyone to reduce the communication
to the minimum and abstain from proposing another approach.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
Requesting to merge this into edk2-stable202005.
Vitaly Cheptsov (1):
MdePkg: Fix SafeString performing assertions on runtime checks
MdePkg/Include/Library/BaseLib.h | 111 -------------------
MdePkg/Library/BaseLib/SafeString.c | 112 --------------------
2 files changed, 223 deletions(-)
--
2.24.2 (Apple Git-127)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
2020-05-14 17:31 [PATCH V7 0/1] Disable safe string constraint assertions Vitaly Cheptsov
@ 2020-05-14 17:31 ` Vitaly Cheptsov
2020-05-15 11:30 ` Laszlo Ersek
2020-05-18 17:04 ` [edk2-devel] " Michael D Kinney
0 siblings, 2 replies; 6+ messages in thread
From: Vitaly Cheptsov @ 2020-05-14 17:31 UTC (permalink / raw)
To: devel
Cc: Andrew Fish, Ard Biesheuvel, Bret Barkelew, Brian J . Johnson,
Chasel Chiu, Jordan Justen, Laszlo Ersek, Leif Lindholm,
Liming Gao, Marvin Häuser, Mike Kinney, Vincent Zimmer,
Zhichao Gao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
Runtime checks returned via status return code should not work as
assertions to permit parsing not trusted data with SafeString
interfaces.
CC: Andrew Fish <afish@apple.com>
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
CC: Bret Barkelew <bret.barkelew@microsoft.com>
CC: Brian J. Johnson <brian.johnson@hpe.com>
CC: Chasel Chiu <chasel.chiu@intel.com>
CC: Jordan Justen <jordan.l.justen@intel.com>
CC: Laszlo Ersek <lersek@redhat.com>
CC: Leif Lindholm <leif@nuviainc.com>
CC: Liming Gao <liming.gao@intel.com>
CC: Marvin Häuser <mhaeuser@outlook.de>
CC: Mike Kinney <michael.d.kinney@intel.com>
CC: Vincent Zimmer <vincent.zimmer@intel.com>
CC: Zhichao Gao <zhichao.gao@intel.com>
Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
---
MdePkg/Include/Library/BaseLib.h | 111 -------------------
MdePkg/Library/BaseLib/SafeString.c | 112 --------------------
2 files changed, 223 deletions(-)
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index ecadff8b23..2c194ad943 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -189,7 +189,6 @@ StrnSizeS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -225,7 +224,6 @@ StrCpyS (
If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -263,7 +261,6 @@ StrnCpyS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -303,7 +300,6 @@ StrCatS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -350,12 +346,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -406,12 +397,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -467,12 +453,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -528,12 +509,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -622,8 +598,6 @@ AsciiStrnSizeS (
This function is similar as strcpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -656,8 +630,6 @@ AsciiStrCpyS (
This function is similar as strncpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -692,8 +664,6 @@ AsciiStrnCpyS (
This function is similar as strcat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -730,8 +700,6 @@ AsciiStrCatS (
This function is similar as strncat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -777,12 +745,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -1506,16 +1450,8 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1567,16 +1503,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1640,8 +1568,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@@ -1676,17 +1602,6 @@ StrToGuid (
If String is not aligned in a 16-bit boundary, then ASSERT().
- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.
@@ -2541,17 +2443,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.
- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then Destination and DestinationLength are
unmodified.
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7dc03d2caa..41d9137b83 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -14,7 +14,6 @@
#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
- ASSERT (Expression); \
if (!(Expression)) { \
return Status; \
} \
@@ -197,7 +196,6 @@ StrnSizeS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -279,7 +277,6 @@ StrCpyS (
If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -372,7 +369,6 @@ StrnCpyS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -473,7 +469,6 @@ StrCatS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -590,12 +585,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -705,12 +695,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -825,12 +810,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -956,12 +936,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -1091,16 +1066,8 @@ StrHexToUint64S (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1317,16 +1284,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If String is not aligned in a 16-bit boundary, then ASSERT().
- If PcdMaximumUnicodeStringLength is not zero, and String contains more than
- PcdMaximumUnicodeStringLength Unicode characters, not including the
- Null-terminator, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1482,8 +1441,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@@ -1589,17 +1546,6 @@ StrToGuid (
If String is not aligned in a 16-bit boundary, then ASSERT().
- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumUnicodeStringLength is not zero and Length is greater than
- PcdMaximumUnicodeStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1779,8 +1725,6 @@ AsciiStrnSizeS (
This function is similar as strcpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -1856,8 +1800,6 @@ AsciiStrCpyS (
This function is similar as strncpy_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -1944,8 +1886,6 @@ AsciiStrnCpyS (
This function is similar as strcat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -2040,8 +1980,6 @@ AsciiStrCatS (
This function is similar as strncat_s defined in C11.
- If an error would be returned, then the function will also ASSERT().
-
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -2154,12 +2092,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
- If String is NULL, then ASSERT().
- If Data is NULL, then ASSERT().
- If PcdMaximumAsciiStringLength is not zero, and String contains more than
- PcdMaximumAsciiStringLength Ascii characters, not including the
- Null-terminator, then ASSERT().
-
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
the upper 8 bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
- If an error would be returned, then the function will also ASSERT().
If an error is returned, then Destination and DestinationLength are
unmodified.
@@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
- If String is NULL, then ASSERT().
-
- If Address is NULL, then ASSERT().
-
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
- If String is NULL, then ASSERT().
- If Guid is NULL, then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.
@@ -3550,17 +3449,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.
- If String is NULL, then ASSERT().
-
- If Buffer is NULL, then ASSERT().
-
- If Length is not multiple of 2, then ASSERT().
-
- If PcdMaximumAsciiStringLength is not zero and Length is greater than
- PcdMaximumAsciiStringLength, then ASSERT().
-
- If MaxBufferSize is less than (Length / 2), then ASSERT().
-
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
--
2.24.2 (Apple Git-127)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
2020-05-14 17:31 ` [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
@ 2020-05-15 11:30 ` Laszlo Ersek
2020-05-18 17:04 ` [edk2-devel] " Michael D Kinney
1 sibling, 0 replies; 6+ messages in thread
From: Laszlo Ersek @ 2020-05-15 11:30 UTC (permalink / raw)
To: Vitaly Cheptsov, devel
Cc: Andrew Fish, Ard Biesheuvel, Bret Barkelew, Brian J . Johnson,
Chasel Chiu, Jordan Justen, Leif Lindholm, Liming Gao,
Marvin Häuser, Mike Kinney, Vincent Zimmer, Zhichao Gao
On 05/14/20 19:31, Vitaly Cheptsov wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>
> Runtime checks returned via status return code should not work as
> assertions to permit parsing not trusted data with SafeString
> interfaces.
>
> CC: Andrew Fish <afish@apple.com>
> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> CC: Bret Barkelew <bret.barkelew@microsoft.com>
> CC: Brian J. Johnson <brian.johnson@hpe.com>
> CC: Chasel Chiu <chasel.chiu@intel.com>
> CC: Jordan Justen <jordan.l.justen@intel.com>
> CC: Laszlo Ersek <lersek@redhat.com>
> CC: Leif Lindholm <leif@nuviainc.com>
> CC: Liming Gao <liming.gao@intel.com>
> CC: Marvin Häuser <mhaeuser@outlook.de>
> CC: Mike Kinney <michael.d.kinney@intel.com>
> CC: Vincent Zimmer <vincent.zimmer@intel.com>
> CC: Zhichao Gao <zhichao.gao@intel.com>
> Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
> ---
> MdePkg/Include/Library/BaseLib.h | 111 -------------------
> MdePkg/Library/BaseLib/SafeString.c | 112 --------------------
> 2 files changed, 223 deletions(-)
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
2020-05-14 17:31 ` [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-15 11:30 ` Laszlo Ersek
@ 2020-05-18 17:04 ` Michael D Kinney
2020-05-18 18:07 ` Vitaly Cheptsov
1 sibling, 1 reply; 6+ messages in thread
From: Michael D Kinney @ 2020-05-18 17:04 UTC (permalink / raw)
To: devel@edk2.groups.io, cheptsov@ispras.ru, Kinney, Michael D
Cc: Andrew Fish, Ard Biesheuvel, Bret Barkelew, Brian J . Johnson,
Chiu, Chasel, Justen, Jordan L, Laszlo Ersek, Leif Lindholm,
Gao, Liming, Marvin Häuser, Zimmer, Vincent, Gao, Zhichao
Vitaly,
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
I agree that can go in now for the stable tag.
The only additional comment I have received is if a DEBUG() message
can be added where the ASSERT() was removed. Perhaps only at the
DEBUG_VERBOSE level that is not usually enabled by default. A
developer that wants to see SAFE_STRING_CONSTRAINT_CHECK() conditions
that fail would need to enable DEBUG_VERBOSE messages.
Thanks,
Mike
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On
> Behalf Of Vitaly Cheptsov
> Sent: Thursday, May 14, 2020 10:32 AM
> To: devel@edk2.groups.io
> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Bret Barkelew
> <bret.barkelew@microsoft.com>; Brian J . Johnson
> <brian.johnson@hpe.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Leif Lindholm <leif@nuviainc.com>;
> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
> <mhaeuser@outlook.de>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Gao, Zhichao
> <zhichao.gao@intel.com>
> Subject: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
> SafeString performing assertions on runtime checks
>
> REF:
> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>
> Runtime checks returned via status return code should
> not work as
> assertions to permit parsing not trusted data with
> SafeString
> interfaces.
>
> CC: Andrew Fish <afish@apple.com>
> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> CC: Bret Barkelew <bret.barkelew@microsoft.com>
> CC: Brian J. Johnson <brian.johnson@hpe.com>
> CC: Chasel Chiu <chasel.chiu@intel.com>
> CC: Jordan Justen <jordan.l.justen@intel.com>
> CC: Laszlo Ersek <lersek@redhat.com>
> CC: Leif Lindholm <leif@nuviainc.com>
> CC: Liming Gao <liming.gao@intel.com>
> CC: Marvin Häuser <mhaeuser@outlook.de>
> CC: Mike Kinney <michael.d.kinney@intel.com>
> CC: Vincent Zimmer <vincent.zimmer@intel.com>
> CC: Zhichao Gao <zhichao.gao@intel.com>
> Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
> ---
> MdePkg/Include/Library/BaseLib.h | 111 ------------
> -------
> MdePkg/Library/BaseLib/SafeString.c | 112 ------------
> --------
> 2 files changed, 223 deletions(-)
>
> diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
> index ecadff8b23..2c194ad943 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -189,7 +189,6 @@ StrnSizeS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -225,7 +224,6 @@ StrCpyS (
>
>
>
> If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
>
>
> If Length > 0 and Source is not aligned on a 16-bit
> boundary, then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -263,7 +261,6 @@ StrnCpyS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -303,7 +300,6 @@ StrCatS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -350,12 +346,7 @@ StrnCatS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -528,12 +509,7 @@ StrHexToUintnS (
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
>
>
>
> This function is similar as strcpy_s defined in C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -656,8 +630,6 @@ AsciiStrCpyS (
>
>
>
> This function is similar as strncpy_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
>
>
>
> This function is similar as strcat_s defined in C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -730,8 +700,6 @@ AsciiStrCatS (
>
>
>
> This function is similar as strncat_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -777,12 +745,6 @@ AsciiStrnCatS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
> "::" can be used to compress one or more groups of X
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -1567,16 +1503,8 @@ StrToIpv6Address (
> When /P is in the String, the function stops at the
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -1640,8 +1568,6 @@ StrToIpv4Address (
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> @param String Pointer to a Null-
> terminated Unicode string.
>
>
> @@ -1676,17 +1602,6 @@ StrToGuid (
>
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumUnicodeStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumUnicodeStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated Unicode string.
>
>
> @param Length The number of
> Unicode characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> @@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
> the upper 8 bits, then ASSERT().
>
>
>
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
> If any Unicode characters in Source contain non-zero
> value in the upper 8
>
>
> bits, then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
> "::" can be used to compress one or more groups of X
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
> When /P is in the String, the function stops at the
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated ASCII string.
>
>
> @param Guid Pointer to the
> converted GUID.
>
>
>
>
>
> @@ -2541,17 +2443,6 @@ AsciiStrToGuid (
> decoding stops after Length of characters and
> outputs Buffer containing
>
>
> (Length / 2) bytes.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumAsciiStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated ASCII string.
>
>
> @param Length The number of ASCII
> characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> @@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
> equal or greater than ((AsciiStrLen (Source) + 1) *
> sizeof (CHAR16)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> index 7dc03d2caa..41d9137b83 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -14,7 +14,6 @@
>
>
>
> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
> Status) \
>
>
> do { \
>
>
> - ASSERT (Expression); \
>
>
> if (!(Expression)) { \
>
>
> return Status; \
>
>
> } \
>
>
> @@ -197,7 +196,6 @@ StrnSizeS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -279,7 +277,6 @@ StrCpyS (
>
>
>
> If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
>
>
> If Length > 0 and Source is not aligned on a 16-bit
> boundary, then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -372,7 +369,6 @@ StrnCpyS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -473,7 +469,6 @@ StrCatS (
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -590,12 +585,7 @@ StrnCatS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -956,12 +936,7 @@ StrHexToUintnS (
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -1091,16 +1066,8 @@ StrHexToUint64S (
> "::" can be used to compress one or more groups of X
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -1317,16 +1284,8 @@ StrToIpv6Address (
> When /P is in the String, the function stops at the
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -1482,8 +1441,6 @@ StrToIpv4Address (
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> @param String Pointer to a Null-
> terminated Unicode string.
>
>
> @@ -1589,17 +1546,6 @@ StrToGuid (
>
>
>
> If String is not aligned in a 16-bit boundary, then
> ASSERT().
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumUnicodeStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumUnicodeStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated Unicode string.
>
>
> @param Length The number of
> Unicode characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> @@ -1779,8 +1725,6 @@ AsciiStrnSizeS (
>
>
>
> This function is similar as strcpy_s defined in C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -1856,8 +1800,6 @@ AsciiStrCpyS (
>
>
>
> This function is similar as strncpy_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -1944,8 +1886,6 @@ AsciiStrnCpyS (
>
>
>
> This function is similar as strcat_s defined in C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -2040,8 +1980,6 @@ AsciiStrCatS (
>
>
>
> This function is similar as strncat_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -2154,12 +2092,6 @@ AsciiStrnCatS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
> the upper 8 bits, then ASSERT().
>
>
>
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
> If any Unicode characters in Source contain non-zero
> value in the upper 8
>
>
> bits, then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary, then
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> @@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
> equal or greater than ((AsciiStrLen (Source) + 1) *
> sizeof (CHAR16)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> @@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
> "::" can be used to compress one or more groups of X
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
> When /P is in the String, the function stops at the
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is translated
> from String, a pointer
>
>
> to the character that stopped the scan is stored at
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated ASCII string.
>
>
> @param Guid Pointer to the
> converted GUID.
>
>
>
>
>
> @@ -3550,17 +3449,6 @@ AsciiStrToGuid (
> decoding stops after Length of characters and
> outputs Buffer containing
>
>
> (Length / 2) bytes.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumAsciiStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a Null-
> terminated ASCII string.
>
>
> @param Length The number of ASCII
> characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> --
> 2.24.2 (Apple Git-127)
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
2020-05-18 17:04 ` [edk2-devel] " Michael D Kinney
@ 2020-05-18 18:07 ` Vitaly Cheptsov
2020-05-20 2:48 ` Michael D Kinney
0 siblings, 1 reply; 6+ messages in thread
From: Vitaly Cheptsov @ 2020-05-18 18:07 UTC (permalink / raw)
To: Kinney, Michael D
Cc: devel@edk2.groups.io, Andrew Fish, Ard Biesheuvel, Bret Barkelew,
Brian J . Johnson, Chiu, Chasel, Justen, Jordan L, Laszlo Ersek,
Leif Lindholm, Gao, Liming, Marvin Häuser, Zimmer, Vincent,
Gao, Zhichao
[-- Attachment #1: Type: text/plain, Size: 38794 bytes --]
Mike,
Your suggestion sounds ok to me. As long as it is verbose I will not mind its addition. However, I do not have a good idea of how can it look like. If you post something I can include it.
Thanks,
Vitaly
> 18 мая 2020 г., в 20:04, Kinney, Michael D <michael.d.kinney@intel.com> написал(а):
>
> Vitaly,
>
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>
> I agree that can go in now for the stable tag.
>
> The only additional comment I have received is if a DEBUG() message
> can be added where the ASSERT() was removed. Perhaps only at the
> DEBUG_VERBOSE level that is not usually enabled by default. A
> developer that wants to see SAFE_STRING_CONSTRAINT_CHECK() conditions
> that fail would need to enable DEBUG_VERBOSE messages.
>
> Thanks,
>
> Mike
>
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On
>> Behalf Of Vitaly Cheptsov
>> Sent: Thursday, May 14, 2020 10:32 AM
>> To: devel@edk2.groups.io
>> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org>; Bret Barkelew
>> <bret.barkelew@microsoft.com>; Brian J . Johnson
>> <brian.johnson@hpe.com>; Chiu, Chasel
>> <chasel.chiu@intel.com>; Justen, Jordan L
>> <jordan.l.justen@intel.com>; Laszlo Ersek
>> <lersek@redhat.com>; Leif Lindholm <leif@nuviainc.com>;
>> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
>> <mhaeuser@outlook.de>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; Zimmer, Vincent
>> <vincent.zimmer@intel.com>; Gao, Zhichao
>> <zhichao.gao@intel.com>
>> Subject: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
>> SafeString performing assertions on runtime checks
>>
>> REF:
>> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>>
>> Runtime checks returned via status return code should
>> not work as
>> assertions to permit parsing not trusted data with
>> SafeString
>> interfaces.
>>
>> CC: Andrew Fish <afish@apple.com>
>> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> CC: Bret Barkelew <bret.barkelew@microsoft.com>
>> CC: Brian J. Johnson <brian.johnson@hpe.com>
>> CC: Chasel Chiu <chasel.chiu@intel.com>
>> CC: Jordan Justen <jordan.l.justen@intel.com>
>> CC: Laszlo Ersek <lersek@redhat.com>
>> CC: Leif Lindholm <leif@nuviainc.com>
>> CC: Liming Gao <liming.gao@intel.com>
>> CC: Marvin Häuser <mhaeuser@outlook.de>
>> CC: Mike Kinney <michael.d.kinney@intel.com>
>> CC: Vincent Zimmer <vincent.zimmer@intel.com>
>> CC: Zhichao Gao <zhichao.gao@intel.com>
>> Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
>> ---
>> MdePkg/Include/Library/BaseLib.h | 111 ------------
>> -------
>> MdePkg/Library/BaseLib/SafeString.c | 112 ------------
>> --------
>> 2 files changed, 223 deletions(-)
>>
>> diff --git a/MdePkg/Include/Library/BaseLib.h
>> b/MdePkg/Include/Library/BaseLib.h
>> index ecadff8b23..2c194ad943 100644
>> --- a/MdePkg/Include/Library/BaseLib.h
>> +++ b/MdePkg/Include/Library/BaseLib.h
>> @@ -189,7 +189,6 @@ StrnSizeS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -225,7 +224,6 @@ StrCpyS (
>>
>>
>>
>> If Length > 0 and Destination is not aligned on a
>> 16-bit boundary, then ASSERT().
>>
>>
>> If Length > 0 and Source is not aligned on a 16-bit
>> boundary, then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -263,7 +261,6 @@ StrnCpyS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -303,7 +300,6 @@ StrCatS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -350,12 +346,7 @@ StrnCatS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
>> the first character that is a not a valid
>> hexadecimal character or NULL,
>>
>>
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> @@ -528,12 +509,7 @@ StrHexToUintnS (
>> the first character that is a not a valid
>> hexadecimal character or NULL,
>>
>>
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
>>
>>
>>
>> This function is similar as strcpy_s defined in C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -656,8 +630,6 @@ AsciiStrCpyS (
>>
>>
>>
>> This function is similar as strncpy_s defined in
>> C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
>>
>>
>>
>> This function is similar as strcat_s defined in C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -730,8 +700,6 @@ AsciiStrCatS (
>>
>>
>>
>> This function is similar as strncat_s defined in
>> C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -777,12 +745,6 @@ AsciiStrnCatS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINTN, then
>>
>>
>> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINT64, then
>>
>>
>> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
>> character that is a not a valid hexadecimal
>> character or Null-terminator,
>>
>>
>> whichever on comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINTN, then
>>
>>
>> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
>> character that is a not a valid hexadecimal
>> character or Null-terminator,
>>
>>
>> whichever on comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINT64, then
>>
>>
>> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
>> "::" can be used to compress one or more groups of X
>> when X contains only 0.
>>
>>
>> The "::" can only appear once in the String.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -1567,16 +1503,8 @@ StrToIpv6Address (
>> When /P is in the String, the function stops at the
>> first character that is not
>>
>>
>> a valid decimal digit character after P is
>> converted.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -1640,8 +1568,6 @@ StrToIpv4Address (
>> oo Data4[48:55]
>>
>>
>> pp Data4[56:63]
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Guid is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> @param String Pointer to a Null-
>> terminated Unicode string.
>>
>>
>> @@ -1676,17 +1602,6 @@ StrToGuid (
>>
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Buffer is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Length is not multiple of 2, then ASSERT().
>>
>>
>> -
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero and
>> Length is greater than
>>
>>
>> - PcdMaximumUnicodeStringLength, then ASSERT().
>>
>>
>> -
>>
>>
>> - If MaxBufferSize is less than (Length / 2), then
>> ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated Unicode string.
>>
>>
>> @param Length The number of
>> Unicode characters to decode.
>>
>>
>> @param Buffer Pointer to the
>> converted bytes array.
>>
>>
>> @@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
>> the upper 8 bits, then ASSERT().
>>
>>
>>
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
>> If any Unicode characters in Source contain non-zero
>> value in the upper 8
>>
>>
>> bits, then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
>> "::" can be used to compress one or more groups of X
>> when X contains only 0.
>>
>>
>> The "::" can only appear once in the String.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
>> When /P is in the String, the function stops at the
>> first character that is not
>>
>>
>> a valid decimal digit character after P is
>> converted.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
>> oo Data4[48:55]
>>
>>
>> pp Data4[56:63]
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Guid is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated ASCII string.
>>
>>
>> @param Guid Pointer to the
>> converted GUID.
>>
>>
>>
>>
>>
>> @@ -2541,17 +2443,6 @@ AsciiStrToGuid (
>> decoding stops after Length of characters and
>> outputs Buffer containing
>>
>>
>> (Length / 2) bytes.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Buffer is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Length is not multiple of 2, then ASSERT().
>>
>>
>> -
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero and
>> Length is greater than
>>
>>
>> - PcdMaximumAsciiStringLength, then ASSERT().
>>
>>
>> -
>>
>>
>> - If MaxBufferSize is less than (Length / 2), then
>> ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated ASCII string.
>>
>>
>> @param Length The number of ASCII
>> characters to decode.
>>
>>
>> @param Buffer Pointer to the
>> converted bytes array.
>>
>>
>> @@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
>> equal or greater than ((AsciiStrLen (Source) + 1) *
>> sizeof (CHAR16)) in bytes.
>>
>>
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>> (CHAR8)) in bytes.
>>
>>
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then Destination and
>> DestinationLength are
>>
>>
>> unmodified.
>>
>>
>> diff --git a/MdePkg/Library/BaseLib/SafeString.c
>> b/MdePkg/Library/BaseLib/SafeString.c
>> index 7dc03d2caa..41d9137b83 100644
>> --- a/MdePkg/Library/BaseLib/SafeString.c
>> +++ b/MdePkg/Library/BaseLib/SafeString.c
>> @@ -14,7 +14,6 @@
>>
>>
>>
>> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
>> Status) \
>>
>>
>> do { \
>>
>>
>> - ASSERT (Expression); \
>>
>>
>> if (!(Expression)) { \
>>
>>
>> return Status; \
>>
>>
>> } \
>>
>>
>> @@ -197,7 +196,6 @@ StrnSizeS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -279,7 +277,6 @@ StrCpyS (
>>
>>
>>
>> If Length > 0 and Destination is not aligned on a
>> 16-bit boundary, then ASSERT().
>>
>>
>> If Length > 0 and Source is not aligned on a 16-bit
>> boundary, then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -372,7 +369,6 @@ StrnCpyS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -473,7 +469,6 @@ StrCatS (
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -590,12 +585,7 @@ StrnCatS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
>> the first character that is a not a valid
>> hexadecimal character or NULL,
>>
>>
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> @@ -956,12 +936,7 @@ StrHexToUintnS (
>> the first character that is a not a valid
>> hexadecimal character or NULL,
>>
>>
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>>
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> @@ -1091,16 +1066,8 @@ StrHexToUint64S (
>> "::" can be used to compress one or more groups of X
>> when X contains only 0.
>>
>>
>> The "::" can only appear once in the String.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -1317,16 +1284,8 @@ StrToIpv6Address (
>> When /P is in the String, the function stops at the
>> first character that is not
>>
>>
>> a valid decimal digit character after P is
>> converted.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumUnicodeStringLength Unicode characters,
>> not including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -1482,8 +1441,6 @@ StrToIpv4Address (
>> oo Data4[48:55]
>>
>>
>> pp Data4[56:63]
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Guid is NULL, then ASSERT().
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> @param String Pointer to a Null-
>> terminated Unicode string.
>>
>>
>> @@ -1589,17 +1546,6 @@ StrToGuid (
>>
>>
>>
>> If String is not aligned in a 16-bit boundary, then
>> ASSERT().
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Buffer is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Length is not multiple of 2, then ASSERT().
>>
>>
>> -
>>
>>
>> - If PcdMaximumUnicodeStringLength is not zero and
>> Length is greater than
>>
>>
>> - PcdMaximumUnicodeStringLength, then ASSERT().
>>
>>
>> -
>>
>>
>> - If MaxBufferSize is less than (Length / 2), then
>> ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated Unicode string.
>>
>>
>> @param Length The number of
>> Unicode characters to decode.
>>
>>
>> @param Buffer Pointer to the
>> converted bytes array.
>>
>>
>> @@ -1779,8 +1725,6 @@ AsciiStrnSizeS (
>>
>>
>>
>> This function is similar as strcpy_s defined in C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -1856,8 +1800,6 @@ AsciiStrCpyS (
>>
>>
>>
>> This function is similar as strncpy_s defined in
>> C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -1944,8 +1886,6 @@ AsciiStrnCpyS (
>>
>>
>>
>> This function is similar as strcat_s defined in C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -2040,8 +1980,6 @@ AsciiStrCatS (
>>
>>
>>
>> This function is similar as strncat_s defined in
>> C11.
>>
>>
>>
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>> -
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @param Destination A pointer to a
>> Null-terminated Ascii string.
>>
>>
>> @@ -2154,12 +2092,6 @@ AsciiStrnCatS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINTN, then
>>
>>
>> @@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
>> be ignored. Then, the function stops at the first
>> character that is a not a
>>
>>
>> valid decimal character or a Null-terminator,
>> whichever one comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid decimal digits in the above
>> format, then 0 is stored
>>
>>
>> at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINT64, then
>>
>>
>> @@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
>> character that is a not a valid hexadecimal
>> character or Null-terminator,
>>
>>
>> whichever on comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINTN, then
>>
>>
>> @@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
>> character that is a not a valid hexadecimal
>> character or Null-terminator,
>>
>>
>> whichever on comes first.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Data is NULL, then ASSERT().
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero, and
>> String contains more than
>>
>>
>> - PcdMaximumAsciiStringLength Ascii characters, not
>> including the
>>
>>
>> - Null-terminator, then ASSERT().
>>
>>
>> -
>>
>>
>> If String has no valid hexadecimal digits in the
>> above format, then 0 is
>>
>>
>> stored at the location pointed to by Data.
>>
>>
>> If the number represented by String exceeds the
>> range defined by UINT64, then
>>
>>
>> @@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
>> the upper 8 bits, then ASSERT().
>>
>>
>>
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
>> If any Unicode characters in Source contain non-zero
>> value in the upper 8
>>
>>
>> bits, then ASSERT().
>>
>>
>> If Source is not aligned on a 16-bit boundary, then
>> ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then Destination and
>> DestinationLength are
>>
>>
>> unmodified.
>>
>>
>> @@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
>> equal or greater than ((AsciiStrLen (Source) + 1) *
>> sizeof (CHAR16)) in bytes.
>>
>>
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then the Destination is
>> unmodified.
>>
>>
>>
>>
>>
>> @@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>> (CHAR8)) in bytes.
>>
>>
>>
>>
>>
>> If Destination is not aligned on a 16-bit boundary,
>> then ASSERT().
>>
>>
>> - If an error would be returned, then the function
>> will also ASSERT().
>>
>>
>>
>>
>>
>> If an error is returned, then Destination and
>> DestinationLength are
>>
>>
>> unmodified.
>>
>>
>> @@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
>> "::" can be used to compress one or more groups of X
>> when X contains only 0.
>>
>>
>> The "::" can only appear once in the String.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
>> When /P is in the String, the function stops at the
>> first character that is not
>>
>>
>> a valid decimal digit character after P is
>> converted.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Address is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> If EndPointer is not NULL and Address is translated
>> from String, a pointer
>>
>>
>> to the character that stopped the scan is stored at
>> the location pointed to
>>
>>
>> by EndPointer.
>>
>>
>> @@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
>> oo Data4[48:55]
>>
>>
>> pp Data4[56:63]
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> - If Guid is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated ASCII string.
>>
>>
>> @param Guid Pointer to the
>> converted GUID.
>>
>>
>>
>>
>>
>> @@ -3550,17 +3449,6 @@ AsciiStrToGuid (
>> decoding stops after Length of characters and
>> outputs Buffer containing
>>
>>
>> (Length / 2) bytes.
>>
>>
>>
>>
>>
>> - If String is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Buffer is NULL, then ASSERT().
>>
>>
>> -
>>
>>
>> - If Length is not multiple of 2, then ASSERT().
>>
>>
>> -
>>
>>
>> - If PcdMaximumAsciiStringLength is not zero and
>> Length is greater than
>>
>>
>> - PcdMaximumAsciiStringLength, then ASSERT().
>>
>>
>> -
>>
>>
>> - If MaxBufferSize is less than (Length / 2), then
>> ASSERT().
>>
>>
>> -
>>
>>
>> @param String Pointer to a Null-
>> terminated ASCII string.
>>
>>
>> @param Length The number of ASCII
>> characters to decode.
>>
>>
>> @param Buffer Pointer to the
>> converted bytes array.
>>
>>
>> --
>> 2.24.2 (Apple Git-127)
>>
>>
>>
>
[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
2020-05-18 18:07 ` Vitaly Cheptsov
@ 2020-05-20 2:48 ` Michael D Kinney
0 siblings, 0 replies; 6+ messages in thread
From: Michael D Kinney @ 2020-05-20 2:48 UTC (permalink / raw)
To: Vitaly Cheptsov, Kinney, Michael D
Cc: devel@edk2.groups.io, Andrew Fish, Ard Biesheuvel, Bret Barkelew,
Brian J . Johnson, Chiu, Chasel, Justen, Jordan L, Laszlo Ersek,
Leif Lindholm, Gao, Liming, Marvin Häuser, Zimmer, Vincent,
Gao, Zhichao
Hi Vitaly,
I think this should work. ASSERT() removed. DEBUG_VERBOSE message added.
#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
do { \
if (!(Expression)) { \
DEBUG ((DEBUG_VERBOSE, "SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r\n", #Expression, Status)); \
return Status; \
} \
} while (FALSE)
I have made this change in the following PR to run the all the CI checks
and also added a unit test to verify the ASSERT() has been replaced with
a DEBUG_VERBOSE message. I made some minor updates to the commit
messages to pass PatchCheck.py.
https://github.com/tianocore/edk2/pull/632
This is a portion of the CI build log that shows the host based unit
test running and generates the DEBUG_VERBOSE messages for the negative
test cases sent to StrCpyS().
INFO - ---------------------------------------------------------
INFO - RUNNING TEST SUITE: Safe String
INFO - ---------------------------------------------------------
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(236) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((Destination != NULL)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(237) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((Source != NULL)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(243) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax <= RSIZE_MAX)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(249) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax != 0)) failed. Return Invalid Parameter
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(255) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax > SourceLen)) failed. Return Buffer Too Small
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(255) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK((DestMax > SourceLen)) failed. Return Buffer Too Small
INFO - d:\a\1\s\MdePkg\Library\BaseLib\SafeString.c(260) StrCpyS: SAFE_STRING_CONSTRAINT_CHECK(InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1)) failed. Return Access Denied
INFO - ------------------------------------------------
INFO - --------------Cmd Output Finished---------------
I will send the updated V8 series email patches for review shortly.
Best regards,
Mike
> -----Original Message-----
> From: Vitaly Cheptsov <cheptsov@ispras.ru>
> Sent: Monday, May 18, 2020 11:08 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: devel@edk2.groups.io; Andrew Fish
> <afish@apple.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Bret Barkelew
> <bret.barkelew@microsoft.com>; Brian J . Johnson
> <brian.johnson@hpe.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Leif Lindholm <leif@nuviainc.com>;
> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
> <mhaeuser@outlook.de>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Gao, Zhichao
> <zhichao.gao@intel.com>
> Subject: Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
> SafeString performing assertions on runtime checks
>
> Mike,
>
> Your suggestion sounds ok to me. As long as it is
> verbose I will not mind its addition. However, I do not
> have a good idea of how can it look like. If you post
> something I can include it.
>
> Thanks,
> Vitaly
>
> > 18 мая 2020 г., в 20:04, Kinney, Michael D
> <michael.d.kinney@intel.com> написал(а):
> >
> > Vitaly,
> >
> > Reviewed-by: Michael D Kinney
> <michael.d.kinney@intel.com>
> >
> > I agree that can go in now for the stable tag.
> >
> > The only additional comment I have received is if a
> DEBUG() message
> > can be added where the ASSERT() was removed. Perhaps
> only at the
> > DEBUG_VERBOSE level that is not usually enabled by
> default. A
> > developer that wants to see
> SAFE_STRING_CONSTRAINT_CHECK() conditions
> > that fail would need to enable DEBUG_VERBOSE
> messages.
> >
> > Thanks,
> >
> > Mike
> >
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io <devel@edk2.groups.io> On
> >> Behalf Of Vitaly Cheptsov
> >> Sent: Thursday, May 14, 2020 10:32 AM
> >> To: devel@edk2.groups.io
> >> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
> >> <ard.biesheuvel@linaro.org>; Bret Barkelew
> >> <bret.barkelew@microsoft.com>; Brian J . Johnson
> >> <brian.johnson@hpe.com>; Chiu, Chasel
> >> <chasel.chiu@intel.com>; Justen, Jordan L
> >> <jordan.l.justen@intel.com>; Laszlo Ersek
> >> <lersek@redhat.com>; Leif Lindholm
> <leif@nuviainc.com>;
> >> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
> >> <mhaeuser@outlook.de>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Zimmer, Vincent
> >> <vincent.zimmer@intel.com>; Gao, Zhichao
> >> <zhichao.gao@intel.com>
> >> Subject: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
> >> SafeString performing assertions on runtime checks
> >>
> >> REF:
> >> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
> >>
> >> Runtime checks returned via status return code
> should
> >> not work as
> >> assertions to permit parsing not trusted data with
> >> SafeString
> >> interfaces.
> >>
> >> CC: Andrew Fish <afish@apple.com>
> >> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> CC: Bret Barkelew <bret.barkelew@microsoft.com>
> >> CC: Brian J. Johnson <brian.johnson@hpe.com>
> >> CC: Chasel Chiu <chasel.chiu@intel.com>
> >> CC: Jordan Justen <jordan.l.justen@intel.com>
> >> CC: Laszlo Ersek <lersek@redhat.com>
> >> CC: Leif Lindholm <leif@nuviainc.com>
> >> CC: Liming Gao <liming.gao@intel.com>
> >> CC: Marvin Häuser <mhaeuser@outlook.de>
> >> CC: Mike Kinney <michael.d.kinney@intel.com>
> >> CC: Vincent Zimmer <vincent.zimmer@intel.com>
> >> CC: Zhichao Gao <zhichao.gao@intel.com>
> >> Signed-off-by: Vitaly Cheptsov
> <vit9696@protonmail.com>
> >> ---
> >> MdePkg/Include/Library/BaseLib.h | 111 ----------
> --
> >> -------
> >> MdePkg/Library/BaseLib/SafeString.c | 112 ----------
> --
> >> --------
> >> 2 files changed, 223 deletions(-)
> >>
> >> diff --git a/MdePkg/Include/Library/BaseLib.h
> >> b/MdePkg/Include/Library/BaseLib.h
> >> index ecadff8b23..2c194ad943 100644
> >> --- a/MdePkg/Include/Library/BaseLib.h
> >> +++ b/MdePkg/Include/Library/BaseLib.h
> >> @@ -189,7 +189,6 @@ StrnSizeS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -225,7 +224,6 @@ StrCpyS (
> >>
> >>
> >>
> >> If Length > 0 and Destination is not aligned on a
> >> 16-bit boundary, then ASSERT().
> >>
> >>
> >> If Length > 0 and Source is not aligned on a 16-
> bit
> >> boundary, then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -263,7 +261,6 @@ StrnCpyS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -303,7 +300,6 @@ StrCatS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -350,12 +346,7 @@ StrnCatS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
> >> the first character that is a not a valid
> >> hexadecimal character or NULL,
> >>
> >>
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> @@ -528,12 +509,7 @@ StrHexToUintnS (
> >> the first character that is a not a valid
> >> hexadecimal character or NULL,
> >>
> >>
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
> >>
> >>
> >>
> >> This function is similar as strcpy_s defined in
> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -656,8 +630,6 @@ AsciiStrCpyS (
> >>
> >>
> >>
> >> This function is similar as strncpy_s defined in
> >> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
> >>
> >>
> >>
> >> This function is similar as strcat_s defined in
> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -730,8 +700,6 @@ AsciiStrCatS (
> >>
> >>
> >>
> >> This function is similar as strncat_s defined in
> >> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -777,12 +745,6 @@ AsciiStrnCatS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINTN, then
> >>
> >>
> >> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINT64, then
> >>
> >>
> >> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
> >> character that is a not a valid hexadecimal
> >> character or Null-terminator,
> >>
> >>
> >> whichever on comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINTN, then
> >>
> >>
> >> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
> >> character that is a not a valid hexadecimal
> >> character or Null-terminator,
> >>
> >>
> >> whichever on comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINT64, then
> >>
> >>
> >> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
> >> "::" can be used to compress one or more groups of
> X
> >> when X contains only 0.
> >>
> >>
> >> The "::" can only appear once in the String.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -1567,16 +1503,8 @@ StrToIpv6Address (
> >> When /P is in the String, the function stops at
> the
> >> first character that is not
> >>
> >>
> >> a valid decimal digit character after P is
> >> converted.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -1640,8 +1568,6 @@ StrToIpv4Address (
> >> oo Data4[48:55]
> >>
> >>
> >> pp Data4[56:63]
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Guid is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated Unicode string.
> >>
> >>
> >> @@ -1676,17 +1602,6 @@ StrToGuid (
> >>
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Buffer is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Length is not multiple of 2, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero and
> >> Length is greater than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If MaxBufferSize is less than (Length / 2), then
> >> ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated Unicode string.
> >>
> >>
> >> @param Length The number of
> >> Unicode characters to decode.
> >>
> >>
> >> @param Buffer Pointer to the
> >> converted bytes array.
> >>
> >>
> >> @@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
> >> the upper 8 bits, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
> >> If any Unicode characters in Source contain non-
> zero
> >> value in the upper 8
> >>
> >>
> >> bits, then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
> >> "::" can be used to compress one or more groups of
> X
> >> when X contains only 0.
> >>
> >>
> >> The "::" can only appear once in the String.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
> >> When /P is in the String, the function stops at
> the
> >> first character that is not
> >>
> >>
> >> a valid decimal digit character after P is
> >> converted.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
> >> oo Data4[48:55]
> >>
> >>
> >> pp Data4[56:63]
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Guid is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated ASCII string.
> >>
> >>
> >> @param Guid Pointer to the
> >> converted GUID.
> >>
> >>
> >>
> >>
> >>
> >> @@ -2541,17 +2443,6 @@ AsciiStrToGuid (
> >> decoding stops after Length of characters and
> >> outputs Buffer containing
> >>
> >>
> >> (Length / 2) bytes.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Buffer is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Length is not multiple of 2, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero and
> >> Length is greater than
> >>
> >>
> >> - PcdMaximumAsciiStringLength, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If MaxBufferSize is less than (Length / 2), then
> >> ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated ASCII string.
> >>
> >>
> >> @param Length The number of
> ASCII
> >> characters to decode.
> >>
> >>
> >> @param Buffer Pointer to the
> >> converted bytes array.
> >>
> >>
> >> @@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
> >> equal or greater than ((AsciiStrLen (Source) + 1)
> *
> >> sizeof (CHAR16)) in bytes.
> >>
> >>
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
> >> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> >> (CHAR8)) in bytes.
> >>
> >>
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then Destination and
> >> DestinationLength are
> >>
> >>
> >> unmodified.
> >>
> >>
> >> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> >> b/MdePkg/Library/BaseLib/SafeString.c
> >> index 7dc03d2caa..41d9137b83 100644
> >> --- a/MdePkg/Library/BaseLib/SafeString.c
> >> +++ b/MdePkg/Library/BaseLib/SafeString.c
> >> @@ -14,7 +14,6 @@
> >>
> >>
> >>
> >> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
> >> Status) \
> >>
> >>
> >> do { \
> >>
> >>
> >> - ASSERT (Expression); \
> >>
> >>
> >> if (!(Expression)) { \
> >>
> >>
> >> return Status; \
> >>
> >>
> >> } \
> >>
> >>
> >> @@ -197,7 +196,6 @@ StrnSizeS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -279,7 +277,6 @@ StrCpyS (
> >>
> >>
> >>
> >> If Length > 0 and Destination is not aligned on a
> >> 16-bit boundary, then ASSERT().
> >>
> >>
> >> If Length > 0 and Source is not aligned on a 16-
> bit
> >> boundary, then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -372,7 +369,6 @@ StrnCpyS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -473,7 +469,6 @@ StrCatS (
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -590,12 +585,7 @@ StrnCatS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
> >> the first character that is a not a valid
> >> hexadecimal character or NULL,
> >>
> >>
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> @@ -956,12 +936,7 @@ StrHexToUintnS (
> >> the first character that is a not a valid
> >> hexadecimal character or NULL,
> >>
> >>
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> @@ -1091,16 +1066,8 @@ StrHexToUint64S (
> >> "::" can be used to compress one or more groups of
> X
> >> when X contains only 0.
> >>
> >>
> >> The "::" can only appear once in the String.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -1317,16 +1284,8 @@ StrToIpv6Address (
> >> When /P is in the String, the function stops at
> the
> >> first character that is not
> >>
> >>
> >> a valid decimal digit character after P is
> >> converted.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength Unicode characters,
> >> not including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -1482,8 +1441,6 @@ StrToIpv4Address (
> >> oo Data4[48:55]
> >>
> >>
> >> pp Data4[56:63]
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Guid is NULL, then ASSERT().
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated Unicode string.
> >>
> >>
> >> @@ -1589,17 +1546,6 @@ StrToGuid (
> >>
> >>
> >>
> >> If String is not aligned in a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Buffer is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Length is not multiple of 2, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If PcdMaximumUnicodeStringLength is not zero and
> >> Length is greater than
> >>
> >>
> >> - PcdMaximumUnicodeStringLength, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If MaxBufferSize is less than (Length / 2), then
> >> ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated Unicode string.
> >>
> >>
> >> @param Length The number of
> >> Unicode characters to decode.
> >>
> >>
> >> @param Buffer Pointer to the
> >> converted bytes array.
> >>
> >>
> >> @@ -1779,8 +1725,6 @@ AsciiStrnSizeS (
> >>
> >>
> >>
> >> This function is similar as strcpy_s defined in
> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -1856,8 +1800,6 @@ AsciiStrCpyS (
> >>
> >>
> >>
> >> This function is similar as strncpy_s defined in
> >> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -1944,8 +1886,6 @@ AsciiStrnCpyS (
> >>
> >>
> >>
> >> This function is similar as strcat_s defined in
> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -2040,8 +1980,6 @@ AsciiStrCatS (
> >>
> >>
> >>
> >> This function is similar as strncat_s defined in
> >> C11.
> >>
> >>
> >>
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @param Destination A pointer to a
> >> Null-terminated Ascii string.
> >>
> >>
> >> @@ -2154,12 +2092,6 @@ AsciiStrnCatS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINTN, then
> >>
> >>
> >> @@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
> >> be ignored. Then, the function stops at the first
> >> character that is a not a
> >>
> >>
> >> valid decimal character or a Null-terminator,
> >> whichever one comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid decimal digits in the above
> >> format, then 0 is stored
> >>
> >>
> >> at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINT64, then
> >>
> >>
> >> @@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
> >> character that is a not a valid hexadecimal
> >> character or Null-terminator,
> >>
> >>
> >> whichever on comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINTN, then
> >>
> >>
> >> @@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
> >> character that is a not a valid hexadecimal
> >> character or Null-terminator,
> >>
> >>
> >> whichever on comes first.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Data is NULL, then ASSERT().
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero, and
> >> String contains more than
> >>
> >>
> >> - PcdMaximumAsciiStringLength Ascii characters, not
> >> including the
> >>
> >>
> >> - Null-terminator, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If String has no valid hexadecimal digits in the
> >> above format, then 0 is
> >>
> >>
> >> stored at the location pointed to by Data.
> >>
> >>
> >> If the number represented by String exceeds the
> >> range defined by UINT64, then
> >>
> >>
> >> @@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
> >> the upper 8 bits, then ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
> >> If any Unicode characters in Source contain non-
> zero
> >> value in the upper 8
> >>
> >>
> >> bits, then ASSERT().
> >>
> >>
> >> If Source is not aligned on a 16-bit boundary,
> then
> >> ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then Destination and
> >> DestinationLength are
> >>
> >>
> >> unmodified.
> >>
> >>
> >> @@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
> >> equal or greater than ((AsciiStrLen (Source) + 1)
> *
> >> sizeof (CHAR16)) in bytes.
> >>
> >>
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then the Destination is
> >> unmodified.
> >>
> >>
> >>
> >>
> >>
> >> @@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
> >> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> >> (CHAR8)) in bytes.
> >>
> >>
> >>
> >>
> >>
> >> If Destination is not aligned on a 16-bit
> boundary,
> >> then ASSERT().
> >>
> >>
> >> - If an error would be returned, then the function
> >> will also ASSERT().
> >>
> >>
> >>
> >>
> >>
> >> If an error is returned, then Destination and
> >> DestinationLength are
> >>
> >>
> >> unmodified.
> >>
> >>
> >> @@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
> >> "::" can be used to compress one or more groups of
> X
> >> when X contains only 0.
> >>
> >>
> >> The "::" can only appear once in the String.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
> >> When /P is in the String, the function stops at
> the
> >> first character that is not
> >>
> >>
> >> a valid decimal digit character after P is
> >> converted.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Address is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> If EndPointer is not NULL and Address is
> translated
> >> from String, a pointer
> >>
> >>
> >> to the character that stopped the scan is stored
> at
> >> the location pointed to
> >>
> >>
> >> by EndPointer.
> >>
> >>
> >> @@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
> >> oo Data4[48:55]
> >>
> >>
> >> pp Data4[56:63]
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> - If Guid is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated ASCII string.
> >>
> >>
> >> @param Guid Pointer to the
> >> converted GUID.
> >>
> >>
> >>
> >>
> >>
> >> @@ -3550,17 +3449,6 @@ AsciiStrToGuid (
> >> decoding stops after Length of characters and
> >> outputs Buffer containing
> >>
> >>
> >> (Length / 2) bytes.
> >>
> >>
> >>
> >>
> >>
> >> - If String is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Buffer is NULL, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If Length is not multiple of 2, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If PcdMaximumAsciiStringLength is not zero and
> >> Length is greater than
> >>
> >>
> >> - PcdMaximumAsciiStringLength, then ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> - If MaxBufferSize is less than (Length / 2), then
> >> ASSERT().
> >>
> >>
> >> -
> >>
> >>
> >> @param String Pointer to a
> Null-
> >> terminated ASCII string.
> >>
> >>
> >> @param Length The number of
> ASCII
> >> characters to decode.
> >>
> >>
> >> @param Buffer Pointer to the
> >> converted bytes array.
> >>
> >>
> >> --
> >> 2.24.2 (Apple Git-127)
> >>
> >>
> >>
> >
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-05-20 2:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-14 17:31 [PATCH V7 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14 17:31 ` [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-15 11:30 ` Laszlo Ersek
2020-05-18 17:04 ` [edk2-devel] " Michael D Kinney
2020-05-18 18:07 ` Vitaly Cheptsov
2020-05-20 2:48 ` Michael D Kinney
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox