From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <liming.gao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.65; helo=mga03.intel.com;
 envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 75B2C2034B43D
 for <edk2-devel@lists.01.org>; Wed, 27 Dec 2017 17:51:54 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 27 Dec 2017 17:56:50 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.45,468,1508828400"; 
   d="scan'208";a="6075091"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by orsmga008.jf.intel.com with ESMTP; 27 Dec 2017 17:56:50 -0800
Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 27 Dec 2017 17:56:50 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 27 Dec 2017 17:56:49 -0800
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.152]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.218]) with mapi id 14.03.0319.002;
 Thu, 28 Dec 2017 09:56:47 +0800
From: "Gao, Liming" <liming.gao@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>, "Kinney, Michael D"
 <michael.d.kinney@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, "Zeng, Star" <star.zeng@intel.com>
Thread-Topic: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision
 position calculation
Thread-Index: AQHTfSVPCugb76Q050iyHeS+BUJjMqNV8FuAgADxTwCAAIOzAIAAnfmA
Date: Thu, 28 Dec 2017 01:56:47 +0000
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E199A4E@SHSMSX104.ccr.corp.intel.com>
References: <20171225020847.14076-1-jian.j.wang@intel.com>
 <D827630B58408649ACB04F44C510003624CC506B@SHSMSX103.ccr.corp.intel.com>
 <E92EE9817A31E24EB0585FDF735412F5A7DF2FE3@ORSMSX113.amr.corp.intel.com>
 <D827630B58408649ACB04F44C510003624CC7C0A@SHSMSX103.ccr.corp.intel.com>
In-Reply-To: <D827630B58408649ACB04F44C510003624CC7C0A@SHSMSX103.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Dec 2017 01:51:54 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Jian:
  MdePkg/Library/BasePrintLib/PrintLibInternal.c line 1171 has the similar =
issue. Could you fix it also?

  And, MdeModulePkg\Library\DxePrintLibPrint2Protocol\PrintLib.c have the s=
ame issue. Could you sync this fix to it?

Thanks
Liming
> -----Original Message-----
> From: Wang, Jian J
> Sent: Thursday, December 28, 2017 8:29 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.o=
rg
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>;=
 Gao, Liming <liming.gao@intel.com>
> Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision =
position calculation
>=20
> I revisit the code again. You're right that the commit log is not correct=
.
> The '\0' would be read and even the one pass it.
>=20
> Regards,
> Jian
>=20
>=20
> > -----Original Message-----
> > From: Kinney, Michael D
> > Sent: Thursday, December 28, 2017 12:38 AM
> > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinn=
ey,
> > Michael D <michael.d.kinney@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com=
>;
> > Gao, Liming <liming.gao@intel.com>
> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precisio=
n
> > position calculation
> >
> > Is the commit log correct?
> >
> > Is the issue that the character past the '\0' could be read?
> >
> > Mike
> >
> > > -----Original Message-----
> > > From: Wang, Jian J
> > > Sent: Tuesday, December 26, 2017 6:14 PM
> > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-
> > > devel@lists.01.org
> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao,
> > > Jiewen <jiewen.yao@intel.com>; Zeng, Star
> > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>
> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > incorrect Precision position calculation
> > >
> > > Mike and Liming,
> > >
> > > Could you take a look at this patch?
> > >
> > > Regards,
> > > Jian
> > >
> > >
> > > > -----Original Message-----
> > > > From: edk2-devel [mailto:edk2-devel-
> > > bounces@lists.01.org] On Behalf Of Jian J
> > > > Wang
> > > > Sent: Monday, December 25, 2017 10:09 AM
> > > > To: edk2-devel@lists.01.org
> > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>;
> > > Yao, Jiewen
> > > > <jiewen.yao@intel.com>; Zeng, Star
> > > <star.zeng@intel.com>; Gao, Liming
> > > > <liming.gao@intel.com>
> > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix
> > > incorrect Precision position
> > > > calculation
> > > >
> > > > Due to the a potential hole in the stop condition of
> > > for-loop, the two
> > > > continuous access to ArgumentString (index, index+1)
> > > inside the loop
> > > > might cause the string ending character ('\0') to be
> > > read.
> > > >
> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > Cc: Liming Gao <liming.gao@intel.com>
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Star Zeng <star.zeng@intel.com>
> > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > > ---
> > > >  MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5
> > > ++++-
> > > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git
> > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > index 28d946472f..297d5a05b5 100644
> > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
> > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
> > > >        // Compute the number of characters in
> > > ArgumentString and store it in
> > > > Count
> > > >        // ArgumentString is either null-terminated, or
> > > it contains Precision
> > > > characters
> > > >        //
> > > > -      for (Count =3D 0; Count < Precision || ((Flags &
> > > PRECISION) =3D=3D 0); Count++) {
> > > > +      for (Count =3D 0;
> > > > +            ArgumentString[Count *
> > > BytesPerArgumentCharacter] !=3D '\0' &&
> > > > +            (Count < Precision || ((Flags & PRECISION)
> > > =3D=3D 0));
> > > > +              Count++) {
> > > >          ArgumentCharacter =3D ((ArgumentString[Count *
> > > > BytesPerArgumentCharacter] & 0xff) |
> > > ((ArgumentString[Count *
> > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
> > > >          if (ArgumentCharacter =3D=3D 0) {
> > > >            break;
> > > > --
> > > > 2.15.1.windows.2
> > > >
> > > > _______________________________________________
> > > > edk2-devel mailing list
> > > > edk2-devel@lists.01.org
> > > > https://lists.01.org/mailman/listinfo/edk2-devel