From: "Laszlo Ersek" <lersek@redhat.com>
To: Vitaly Cheptsov <cheptsov@ispras.ru>, devel@edk2.groups.io
Cc: "Andrew Fish" <afish@apple.com>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Bret Barkelew" <bret.barkelew@microsoft.com>,
"Brian J . Johnson" <brian.johnson@hpe.com>,
"Chasel Chiu" <chasel.chiu@intel.com>,
"Jordan Justen" <jordan.l.justen@intel.com>,
"Leif Lindholm" <leif@nuviainc.com>,
"Liming Gao" <liming.gao@intel.com>,
"Marvin Häuser" <mhaeuser@outlook.de>,
"Mike Kinney" <michael.d.kinney@intel.com>,
"Vincent Zimmer" <vincent.zimmer@intel.com>,
"Zhichao Gao" <zhichao.gao@intel.com>
Subject: Re: [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
Date: Thu, 14 May 2020 15:35:02 +0200 [thread overview]
Message-ID: <48038e02-5340-b13c-a48b-7418b7cc2791@redhat.com> (raw)
In-Reply-To: <20200514092537.29609-2-cheptsov@ispras.ru>
On 05/14/20 11:25, Vitaly Cheptsov wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>
> Runtime checks returned via status return code should not work as
> assertions to permit parsing not trusted data with SafeString
> interfaces.
>
> CC: Andrew Fish <afish@apple.com>
> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> CC: Bret Barkelew <bret.barkelew@microsoft.com>
> CC: Brian J. Johnson <brian.johnson@hpe.com>
> CC: Chasel Chiu <chasel.chiu@intel.com>
> CC: Jordan Justen <jordan.l.justen@intel.com>
> CC: Laszlo Ersek <lersek@redhat.com>
> CC: Leif Lindholm <leif@nuviainc.com>
> CC: Liming Gao <liming.gao@intel.com>
> CC: Marvin Häuser <mhaeuser@outlook.de>
> CC: Mike Kinney <michael.d.kinney@intel.com>
> CC: Vincent Zimmer <vincent.zimmer@intel.com>
> CC: Zhichao Gao <zhichao.gao@intel.com>
> Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
> ---
> MdePkg/Include/Library/BaseLib.h | 120 ++------------------
> MdePkg/Library/BaseLib/SafeString.c | 80 -------------
> 2 files changed, 7 insertions(+), 193 deletions(-)
This patch is a lot harder to review than it initially seems, for two
reasons:
- The existent comment blocks on the functions are absolutely huge.
- The comment blocks are duplicated between the lib class header and the
implementation.
Therefore, I reviewed this patch as follows: displayed the lib class
header diff to the left with 40 lines of context, displayed the
implementation diff to the right (with 40 lines of context again), and
compared those. I also made an effor to check whether the code behavior
would be in sync with the updated comments.
I'm not going to quote any context from the patch, because the context
is too small for helping me convey my points; I'll just list my remarks.
(1) The comment update on AsciiStrCpyS() only covers the header, the
implementation's comment was missed.
(2) Ditto for StrToIpv6Address().
(3) Ditto for StrToIpv4Address().
(4) Even in the lib class header, the leading comment on
StrToIpv4Address() is not updated correctly. The third ASSERT()
paragraph that's being removed (referencing
PcdMaximumUnicodeStringLength) is not fully removed; only its last line
is removed.
(5) The comment update on StrToGuid() only covers the header, the
implementation's comment was missed.
(6) Ditto for StrHexToBytes().
(7) Regarding the UnicodeStrnToAsciiStrS() function, the comment updates
between lib class header and implementation are inconsistent. Namely,
the header file also received such comment updates that:
(7aa) are semantic fixes (not related to whether we assert a particular
condition or not), such as "MIN", and near "DestinationLength",
(7b) are indentation / wrapping updates (near DestMax").
While these comment updates may be valid too, they should be split to
separate patches.
(8) The comment update on AsciiStrToUnicodeStrS() only covers the
header, the implementation's comment was missed.
Thanks
Laszlo
next prev parent reply other threads:[~2020-05-14 13:35 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 9:25 [PATCH V6 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14 9:25 ` [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-14 13:35 ` Laszlo Ersek [this message]
2020-05-14 16:38 ` [edk2-devel] " Michael D Kinney
2020-05-14 17:39 ` Vitaly Cheptsov
2020-05-14 17:58 ` Michael D Kinney
2020-05-14 18:59 ` Vitaly Cheptsov
2020-05-14 19:45 ` Ard Biesheuvel
2020-05-14 21:07 ` Michael D Kinney
2020-05-14 21:15 ` [EXTERNAL] " Bret Barkelew
2020-05-14 22:14 ` Michael D Kinney
2020-05-15 9:28 ` Marvin Häuser
2020-05-15 9:30 ` [EXTERNAL] " Vitaly Cheptsov
2020-05-15 15:26 ` Bret Barkelew
2020-05-14 11:33 ` [edk2-devel] [PATCH V6 0/1] Disable safe string constraint assertions Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48038e02-5340-b13c-a48b-7418b7cc2791@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox