From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <liming.gao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.115; helo=mga14.intel.com;
 envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5A12521E1B773
 for <edk2-devel@lists.01.org>; Wed, 27 Sep 2017 20:54:59 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 27 Sep 2017 20:58:13 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,448,1500966000"; d="scan'208";a="156952603"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by fmsmga006.fm.intel.com with ESMTP; 27 Sep 2017 20:58:13 -0700
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 27 Sep 2017 20:58:13 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 27 Sep 2017 20:58:12 -0700
Received: from shsmsx152.ccr.corp.intel.com ([169.254.6.93]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.213]) with mapi id 14.03.0319.002;
 Thu, 28 Sep 2017 11:58:11 +0800
From: "Gao, Liming" <liming.gao@intel.com>
To: "Wu, Hao A" <hao.a.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Shi, Steven" <steven.shi@intel.com>, "Kinney, Michael D"
 <michael.d.kinney@intel.com>
Thread-Topic: [PATCH v2 2/6] MdeModulePkg/PrintLib: Fix possible negative
 value left shift
Thread-Index: AQHTMqVYLUz69U4v+0uZEKgaa08TvaLJtrIA
Date: Thu, 28 Sep 2017 03:58:10 +0000
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E15EAC6@SHSMSX152.ccr.corp.intel.com>
References: <20170921064617.2628-1-hao.a.wu@intel.com>
 <20170921064617.2628-3-hao.a.wu@intel.com>
In-Reply-To: <20170921064617.2628-3-hao.a.wu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2 2/6] MdeModulePkg/PrintLib: Fix possible negative value left shift
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 03:54:59 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Liming Gao <liming.gao@intel.com>

>-----Original Message-----
>From: Wu, Hao A
>Sent: Thursday, September 21, 2017 2:46 PM
>To: edk2-devel@lists.01.org
>Cc: Wu, Hao A <hao.a.wu@intel.com>; Shi, Steven <steven.shi@intel.com>;
>Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
><liming.gao@intel.com>
>Subject: [PATCH v2 2/6] MdeModulePkg/PrintLib: Fix possible negative value
>left shift
>
>REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D702
>
>Within function InternalPrintLibSPrintMarker(), possible left shift of a
>negative value is found in:
>"(*(ArgumentString + 1) << 8)"
>
>which involves undefined behavior.
>
>Since '*(ArgumentString + 1)' is of type CONST CHAR8 (signed), it will be
>promoted to type int (signed) during the left shift operation. If
>'*(ArgumentString + 1)' is a negative value, the behavior will be
>undefined.
>
>According to the C11 spec, Section 6.5.7:
>> 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
>>   bits are filled with zeros. If E1 has an unsigned type, the value
>>   of the result is E1 * 2^E2 , reduced modulo one more than the
>>   maximum value representable in the result type. If E1 has a signed
>>   type and nonnegative value, and E1 * 2^E2 is representable in the
>>   result type, then that is the resulting value; otherwise, the
>>   behavior is undefined.
>
>This commit explicitly cast '*(ArgumentString + 1)' with UINT8 to resolve
>this issue.
>
>Cc: Steven Shi <steven.shi@intel.com>
>Cc: Michael Kinney <michael.d.kinney@intel.com>
>Cc: Liming Gao <liming.gao@intel.com>
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Hao Wu <hao.a.wu@intel.com>
>---
> MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
>b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
>index b58db8e011..56534e56c3 100644
>--- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
>+++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c
>@@ -2108,7 +2108,7 @@ InternalPrintLibSPrintMarker (
>     // Copy the string into the output buffer performing the required typ=
e
>conversions
>     //
>     while (Index < Count) {
>-      ArgumentCharacter =3D ((*ArgumentString & 0xff) | (*(ArgumentString=
 + 1)
><< 8)) & ArgumentMask;
>+      ArgumentCharacter =3D ((*ArgumentString & 0xff) |
>(((UINT8)*(ArgumentString + 1)) << 8)) & ArgumentMask;
>
>       LengthToReturn +=3D (1 * BytesPerOutputCharacter);
>       if ((Flags & COUNT_ONLY_NO_PRINT) =3D=3D 0 && Buffer !=3D NULL) {
>--
>2.12.0.windows.1