[PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
@ 2017-12-25  2:08 Jian J Wang
  2017-12-27  2:14 ` Wang, Jian J
  0 siblings, 1 reply; 6+ messages in thread
From: Jian J Wang @ 2017-12-25  2:08 UTC (permalink / raw)
  To: edk2-devel; +Cc: Michael D Kinney, Liming Gao, Jiewen Yao, Star Zeng

Due to the a potential hole in the stop condition of for-loop, the two
continuous access to ArgumentString (index, index+1) inside the loop
might cause the string ending character ('\0') to be read.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
index 28d946472f..297d5a05b5 100644
--- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
+++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
@@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
       // Compute the number of characters in ArgumentString and store it in Count
       // ArgumentString is either null-terminated, or it contains Precision characters
       //
-      for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); Count++) {
+      for (Count = 0;
+            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
+            (Count < Precision || ((Flags & PRECISION) == 0));
+              Count++) {
         ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
         if (ArgumentCharacter == 0) {
           break;
-- 
2.15.1.windows.2



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
  2017-12-25  2:08 [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation Jian J Wang
@ 2017-12-27  2:14 ` Wang, Jian J
  2017-12-27 16:37   ` Kinney, Michael D
  0 siblings, 1 reply; 6+ messages in thread
From: Wang, Jian J @ 2017-12-27  2:14 UTC (permalink / raw)
  To: Wang, Jian J, edk2-devel@lists.01.org
  Cc: Kinney, Michael D, Yao, Jiewen, Zeng, Star, Gao, Liming

Mike and Liming,

Could you take a look at this patch?

Regards,
Jian


> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian J
> Wang
> Sent: Monday, December 25, 2017 10:09 AM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; Gao, Liming
> <liming.gao@intel.com>
> Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position
> calculation
> 
> Due to the a potential hole in the stop condition of for-loop, the two
> continuous access to ArgumentString (index, index+1) inside the loop
> might cause the string ending character ('\0') to be read.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> index 28d946472f..297d5a05b5 100644
> --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
>        // Compute the number of characters in ArgumentString and store it in
> Count
>        // ArgumentString is either null-terminated, or it contains Precision
> characters
>        //
> -      for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); Count++) {
> +      for (Count = 0;
> +            ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
> +            (Count < Precision || ((Flags & PRECISION) == 0));
> +              Count++) {
>          ArgumentCharacter = ((ArgumentString[Count *
> BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count *
> BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
>          if (ArgumentCharacter == 0) {
>            break;
> --
> 2.15.1.windows.2
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
  2017-12-27  2:14 ` Wang, Jian J
@ 2017-12-27 16:37   ` Kinney, Michael D
  2017-12-28  0:29     ` Wang, Jian J
  0 siblings, 1 reply; 6+ messages in thread
From: Kinney, Michael D @ 2017-12-27 16:37 UTC (permalink / raw)
  To: Wang, Jian J, edk2-devel@lists.01.org, Kinney, Michael D
  Cc: Yao, Jiewen, Zeng, Star, Gao, Liming

Is the commit log correct?

Is the issue that the character past the '\0' could be read?

Mike

> -----Original Message-----
> From: Wang, Jian J
> Sent: Tuesday, December 26, 2017 6:14 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-
> devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> incorrect Precision position calculation
> 
> Mike and Liming,
> 
> Could you take a look at this patch?
> 
> Regards,
> Jian
> 
> 
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-
> bounces@lists.01.org] On Behalf Of Jian J
> > Wang
> > Sent: Monday, December 25, 2017 10:09 AM
> > To: edk2-devel@lists.01.org
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> Yao, Jiewen
> > <jiewen.yao@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Gao, Liming
> > <liming.gao@intel.com>
> > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> incorrect Precision position
> > calculation
> >
> > Due to the a potential hole in the stop condition of
> for-loop, the two
> > continuous access to ArgumentString (index, index+1)
> inside the loop
> > might cause the string ending character ('\0') to be
> read.
> >
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Star Zeng <star.zeng@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > ---
> >  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5
> ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git
> a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > index 28d946472f..297d5a05b5 100644
> > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
> >        // Compute the number of characters in
> ArgumentString and store it in
> > Count
> >        // ArgumentString is either null-terminated, or
> it contains Precision
> > characters
> >        //
> > -      for (Count = 0; Count < Precision || ((Flags &
> PRECISION) == 0); Count++) {
> > +      for (Count = 0;
> > +            ArgumentString[Count *
> BytesPerArgumentCharacter] != '\0' &&
> > +            (Count < Precision || ((Flags & PRECISION)
> == 0));
> > +              Count++) {
> >          ArgumentCharacter = ((ArgumentString[Count *
> > BytesPerArgumentCharacter] & 0xff) |
> ((ArgumentString[Count *
> > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
> >          if (ArgumentCharacter == 0) {
> >            break;
> > --
> > 2.15.1.windows.2
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
  2017-12-27 16:37   ` Kinney, Michael D
@ 2017-12-28  0:29     ` Wang, Jian J
  2017-12-28  1:56       ` Gao, Liming
  0 siblings, 1 reply; 6+ messages in thread
From: Wang, Jian J @ 2017-12-28  0:29 UTC (permalink / raw)
  To: Kinney, Michael D, edk2-devel@lists.01.org
  Cc: Yao, Jiewen, Zeng, Star, Gao, Liming

I revisit the code again. You're right that the commit log is not correct.
The '\0' would be read and even the one pass it.

Regards,
Jian


> -----Original Message-----
> From: Kinney, Michael D
> Sent: Thursday, December 28, 2017 12:38 AM
> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;
> Gao, Liming <liming.gao@intel.com>
> Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
> position calculation
> 
> Is the commit log correct?
> 
> Is the issue that the character past the '\0' could be read?
> 
> Mike
> 
> > -----Original Message-----
> > From: Wang, Jian J
> > Sent: Tuesday, December 26, 2017 6:14 PM
> > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-
> > devel@lists.01.org
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao,
> > Jiewen <jiewen.yao@intel.com>; Zeng, Star
> > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > incorrect Precision position calculation
> >
> > Mike and Liming,
> >
> > Could you take a look at this patch?
> >
> > Regards,
> > Jian
> >
> >
> > > -----Original Message-----
> > > From: edk2-devel [mailto:edk2-devel-
> > bounces@lists.01.org] On Behalf Of Jian J
> > > Wang
> > > Sent: Monday, December 25, 2017 10:09 AM
> > > To: edk2-devel@lists.01.org
> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> > Yao, Jiewen
> > > <jiewen.yao@intel.com>; Zeng, Star
> > <star.zeng@intel.com>; Gao, Liming
> > > <liming.gao@intel.com>
> > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > incorrect Precision position
> > > calculation
> > >
> > > Due to the a potential hole in the stop condition of
> > for-loop, the two
> > > continuous access to ArgumentString (index, index+1)
> > inside the loop
> > > might cause the string ending character ('\0') to be
> > read.
> > >
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Cc: Liming Gao <liming.gao@intel.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Star Zeng <star.zeng@intel.com>
> > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > ---
> > >  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5
> > ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git
> > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > index 28d946472f..297d5a05b5 100644
> > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
> > >        // Compute the number of characters in
> > ArgumentString and store it in
> > > Count
> > >        // ArgumentString is either null-terminated, or
> > it contains Precision
> > > characters
> > >        //
> > > -      for (Count = 0; Count < Precision || ((Flags &
> > PRECISION) == 0); Count++) {
> > > +      for (Count = 0;
> > > +            ArgumentString[Count *
> > BytesPerArgumentCharacter] != '\0' &&
> > > +            (Count < Precision || ((Flags & PRECISION)
> > == 0));
> > > +              Count++) {
> > >          ArgumentCharacter = ((ArgumentString[Count *
> > > BytesPerArgumentCharacter] & 0xff) |
> > ((ArgumentString[Count *
> > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
> > >          if (ArgumentCharacter == 0) {
> > >            break;
> > > --
> > > 2.15.1.windows.2
> > >
> > > _______________________________________________
> > > edk2-devel mailing list
> > > edk2-devel@lists.01.org
> > > https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
  2017-12-28  0:29     ` Wang, Jian J
@ 2017-12-28  1:56       ` Gao, Liming
  2017-12-28  2:05         ` Wang, Jian J
  0 siblings, 1 reply; 6+ messages in thread
From: Gao, Liming @ 2017-12-28  1:56 UTC (permalink / raw)
  To: Wang, Jian J, Kinney, Michael D, edk2-devel@lists.01.org
  Cc: Yao, Jiewen, Zeng, Star

Jian:
  MdePkg/Library/BasePrintLib/PrintLibInternal.c line 1171 has the similar issue. Could you fix it also?

  And, MdeModulePkg\Library\DxePrintLibPrint2Protocol\PrintLib.c have the same issue. Could you sync this fix to it?

Thanks
Liming
> -----Original Message-----
> From: Wang, Jian J
> Sent: Thursday, December 28, 2017 8:29 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
> 
> I revisit the code again. You're right that the commit log is not correct.
> The '\0' would be read and even the one pass it.
> 
> Regards,
> Jian
> 
> 
> > -----Original Message-----
> > From: Kinney, Michael D
> > Sent: Thursday, December 28, 2017 12:38 AM
> > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;
> > Gao, Liming <liming.gao@intel.com>
> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
> > position calculation
> >
> > Is the commit log correct?
> >
> > Is the issue that the character past the '\0' could be read?
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: Wang, Jian J
> > > Sent: Tuesday, December 26, 2017 6:14 PM
> > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-
> > > devel@lists.01.org
> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao,
> > > Jiewen <jiewen.yao@intel.com>; Zeng, Star
> > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > incorrect Precision position calculation
> > >
> > > Mike and Liming,
> > >
> > > Could you take a look at this patch?
> > >
> > > Regards,
> > > Jian
> > >
> > >
> > > > -----Original Message-----
> > > > From: edk2-devel [mailto:edk2-devel-
> > > bounces@lists.01.org] On Behalf Of Jian J
> > > > Wang
> > > > Sent: Monday, December 25, 2017 10:09 AM
> > > > To: edk2-devel@lists.01.org
> > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > Yao, Jiewen
> > > > <jiewen.yao@intel.com>; Zeng, Star
> > > <star.zeng@intel.com>; Gao, Liming
> > > > <liming.gao@intel.com>
> > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > incorrect Precision position
> > > > calculation
> > > >
> > > > Due to the a potential hole in the stop condition of
> > > for-loop, the two
> > > > continuous access to ArgumentString (index, index+1)
> > > inside the loop
> > > > might cause the string ending character ('\0') to be
> > > read.
> > > >
> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > Cc: Liming Gao <liming.gao@intel.com>
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Star Zeng <star.zeng@intel.com>
> > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > > ---
> > > >  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5
> > > ++++-
> > > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git
> > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > index 28d946472f..297d5a05b5 100644
> > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
> > > >        // Compute the number of characters in
> > > ArgumentString and store it in
> > > > Count
> > > >        // ArgumentString is either null-terminated, or
> > > it contains Precision
> > > > characters
> > > >        //
> > > > -      for (Count = 0; Count < Precision || ((Flags &
> > > PRECISION) == 0); Count++) {
> > > > +      for (Count = 0;
> > > > +            ArgumentString[Count *
> > > BytesPerArgumentCharacter] != '\0' &&
> > > > +            (Count < Precision || ((Flags & PRECISION)
> > > == 0));
> > > > +              Count++) {
> > > >          ArgumentCharacter = ((ArgumentString[Count *
> > > > BytesPerArgumentCharacter] & 0xff) |
> > > ((ArgumentString[Count *
> > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
> > > >          if (ArgumentCharacter == 0) {
> > > >            break;
> > > > --
> > > > 2.15.1.windows.2
> > > >
> > > > _______________________________________________
> > > > edk2-devel mailing list
> > > > edk2-devel@lists.01.org
> > > > https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
  2017-12-28  1:56       ` Gao, Liming
@ 2017-12-28  2:05         ` Wang, Jian J
  0 siblings, 0 replies; 6+ messages in thread
From: Wang, Jian J @ 2017-12-28  2:05 UTC (permalink / raw)
  To: Gao, Liming, Kinney, Michael D, edk2-devel@lists.01.org
  Cc: Yao, Jiewen, Zeng, Star

Sure.

Regards,
Jian


> -----Original Message-----
> From: Gao, Liming
> Sent: Thursday, December 28, 2017 9:57 AM
> To: Wang, Jian J <jian.j.wang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
> position calculation
> 
> Jian:
>   MdePkg/Library/BasePrintLib/PrintLibInternal.c line 1171 has the similar issue.
> Could you fix it also?
> 
>   And, MdeModulePkg\Library\DxePrintLibPrint2Protocol\PrintLib.c have the
> same issue. Could you sync this fix to it?
> 
> Thanks
> Liming
> > -----Original Message-----
> > From: Wang, Jian J
> > Sent: Thursday, December 28, 2017 8:29 AM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.org
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;
> Gao, Liming <liming.gao@intel.com>
> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
> position calculation
> >
> > I revisit the code again. You're right that the commit log is not correct.
> > The '\0' would be read and even the one pass it.
> >
> > Regards,
> > Jian
> >
> >
> > > -----Original Message-----
> > > From: Kinney, Michael D
> > > Sent: Thursday, December 28, 2017 12:38 AM
> > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney,
> > > Michael D <michael.d.kinney@intel.com>
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;
> > > Gao, Liming <liming.gao@intel.com>
> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
> > > position calculation
> > >
> > > Is the commit log correct?
> > >
> > > Is the issue that the character past the '\0' could be read?
> > >
> > > Mike
> > >
> > > > -----Original Message-----
> > > > From: Wang, Jian J
> > > > Sent: Tuesday, December 26, 2017 6:14 PM
> > > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-
> > > > devel@lists.01.org
> > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao,
> > > > Jiewen <jiewen.yao@intel.com>; Zeng, Star
> > > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> > > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > > incorrect Precision position calculation
> > > >
> > > > Mike and Liming,
> > > >
> > > > Could you take a look at this patch?
> > > >
> > > > Regards,
> > > > Jian
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: edk2-devel [mailto:edk2-devel-
> > > > bounces@lists.01.org] On Behalf Of Jian J
> > > > > Wang
> > > > > Sent: Monday, December 25, 2017 10:09 AM
> > > > > To: edk2-devel@lists.01.org
> > > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > > Yao, Jiewen
> > > > > <jiewen.yao@intel.com>; Zeng, Star
> > > > <star.zeng@intel.com>; Gao, Liming
> > > > > <liming.gao@intel.com>
> > > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > > incorrect Precision position
> > > > > calculation
> > > > >
> > > > > Due to the a potential hole in the stop condition of
> > > > for-loop, the two
> > > > > continuous access to ArgumentString (index, index+1)
> > > > inside the loop
> > > > > might cause the string ending character ('\0') to be
> > > > read.
> > > > >
> > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > > Cc: Liming Gao <liming.gao@intel.com>
> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > Cc: Star Zeng <star.zeng@intel.com>
> > > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > > > ---
> > > > >  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5
> > > > ++++-
> > > > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > > >
> > > > > diff --git
> > > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > > index 28d946472f..297d5a05b5 100644
> > > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
> > > > >        // Compute the number of characters in
> > > > ArgumentString and store it in
> > > > > Count
> > > > >        // ArgumentString is either null-terminated, or
> > > > it contains Precision
> > > > > characters
> > > > >        //
> > > > > -      for (Count = 0; Count < Precision || ((Flags &
> > > > PRECISION) == 0); Count++) {
> > > > > +      for (Count = 0;
> > > > > +            ArgumentString[Count *
> > > > BytesPerArgumentCharacter] != '\0' &&
> > > > > +            (Count < Precision || ((Flags & PRECISION)
> > > > == 0));
> > > > > +              Count++) {
> > > > >          ArgumentCharacter = ((ArgumentString[Count *
> > > > > BytesPerArgumentCharacter] & 0xff) |
> > > > ((ArgumentString[Count *
> > > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
> > > > >          if (ArgumentCharacter == 0) {
> > > > >            break;
> > > > > --
> > > > > 2.15.1.windows.2
> > > > >
> > > > > _______________________________________________
> > > > > edk2-devel mailing list
> > > > > edk2-devel@lists.01.org
> > > > > https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2017-12-28  2:00 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-25  2:08 [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation Jian J Wang
2017-12-27  2:14 ` Wang, Jian J
2017-12-27 16:37   ` Kinney, Michael D
2017-12-28  0:29     ` Wang, Jian J
2017-12-28  1:56       ` Gao, Liming
2017-12-28  2:05         ` Wang, Jian J

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox