From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jeff.fan@intel.com>
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id DB0AA81F06
 for <edk2-devel@lists.01.org>; Sun, 26 Feb 2017 22:59:26 -0800 (PST)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga105.jf.intel.com with ESMTP; 26 Feb 2017 22:59:26 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.35,213,1484035200"; d="scan'208";a="1135321340"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by fmsmga002.fm.intel.com with ESMTP; 26 Feb 2017 22:59:26 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Sun, 26 Feb 2017 22:59:26 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.204]) with mapi id 14.03.0248.002;
 Mon, 27 Feb 2017 14:59:20 +0800
From: "Fan, Jeff" <jeff.fan@intel.com>
To: "Wu, Hao A" <hao.a.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: [PATCH v3 3/6] IntelFrameworkModulePkg: Refine type cast for
 pointer subtraction
Thread-Index: AQHSjxxpZV5SIyVcYkmOk/xcui7+taF8b7zw
Date: Mon, 27 Feb 2017 06:59:19 +0000
Message-ID: <542CF652F8836A4AB8DBFAAD40ED192A4C549E7A@shsmsx102.ccr.corp.intel.com>
References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com>
 <1487995514-7628-4-git-send-email-hao.a.wu@intel.com>
In-Reply-To: <1487995514-7628-4-git-send-email-hao.a.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNWU4MDkyNWUtYjg5Mi00MTFlLWI5YmItYTY1MmFhNDQwY2JkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IkxEMlBjcXg2S2Rzd1wvWGVlZUVEZkNTZFlXTGtHXC91ZFRuNytYanZyWUpTTT0ifQ==
x-ctpclassification: CTP_IC
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v3 3/6] IntelFrameworkModulePkg: Refine type cast for pointer subtraction
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2017 06:59:27 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jeff Fan <jeff.fan@intel.com>

-----Original Message-----
From: Wu, Hao A=20
Sent: Saturday, February 25, 2017 12:05 PM
To: edk2-devel@lists.01.org
Cc: Wu, Hao A; Fan, Jeff
Subject: [PATCH v3 3/6] IntelFrameworkModulePkg: Refine type cast for point=
er subtraction

For pointer subtraction, the result is of type "ptrdiff_t". According to th=
e C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the same=
 array object, or one past the last element of the array object; the result=
 is the difference of the subscripts of the two array elements. The size of=
 the result is implementation-defined, and its type (a signed integer type)=
 is ptrdiff_t defined in the <stddef.h> header. If the result is not repres=
entable in an object of that type, the behavior is undefined."

In our codes, there are cases that the pointer subtraction is not performed=
 by pointers to elements of the same array object. This might lead to poten=
tial issues, since the behavior is undefined according to C11 standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some st=
atic code checkers may warn that the pointer subtraction might underflow fi=
rst and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff =3D (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each =
pointer to UINTN first and then perform the subtraction:

PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2;

Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
 IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c           | 4 ++--
 IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c         | 4 ++--
 IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c      | 4 ++--
 IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c         | 4 ++--
 IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c | 4 ++--  =
IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c | 6 +++---
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c b/IntelF=
rameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c
index 8f91a7d..c4c77ec 100644
--- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c
+++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c
@@ -1,6 +1,6 @@
 /** @file
=20
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
=20
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions @@ -318,7 +318,7 @@ GetPciLegacyRom (
       break;
     }
=20
-    if ((UINTN)(RomHeader.Raw - (UINT8 *) *Rom) + Pcir->ImageLength * 512 =
> *ImageSize) {
+    if (((UINTN)RomHeader.Raw - (UINTN)*Rom) + Pcir->ImageLength * 512=20
+ > *ImageSize) {
       break;
     }
    =20
diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c b/Inte=
lFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c
index bba62a8..628424d 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c
@@ -1,7 +1,7 @@
 /** @file
   BDS Lib functions which relate with create or process the boot option.
=20
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at @@ -1034,7 +1=
034,7 @@ BdsCreateDevOrder (
   DevOrderPtr->Length  =3D (UINT16) (sizeof (UINT16) + BEVCount * sizeof (=
UINT16));
   DevOrderPtr          =3D (LEGACY_DEV_ORDER_ENTRY *) BdsFillDevOrderBuf (=
BbsTable, BBS_BEV_DEVICE, BbsCount, DevOrderPtr->Data);
=20
-  ASSERT (TotalSize =3D=3D (UINTN) ((UINT8 *) DevOrderPtr - (UINT8 *) DevO=
rder));
+  ASSERT (TotalSize =3D=3D ((UINTN) DevOrderPtr - (UINTN) DevOrder));
=20
   //
   // Save device order for legacy boot device to variable.
diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c b/I=
ntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
index 1020e84..8f273ff 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c
@@ -1,7 +1,7 @@
 /** @file
   BDS Lib functions which contain all the code to connect console device
=20
-Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at @@ -873,7 +87=
3,7 @@ ConvertBmpToGopBlt (
=20
     }
=20
-    ImageIndex =3D (UINTN) (Image - ImageHeader);
+    ImageIndex =3D (UINTN)Image - (UINTN)ImageHeader;
     if ((ImageIndex % 4) !=3D 0) {
       //
       // Bmp Image starts each row on a 32-bit boundary!
diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c b/Inte=
lFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
index 24c1998..2ba511a 100644
--- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
+++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c
@@ -1,7 +1,7 @@
 /** @file
   Misc BDS library function
=20
-Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at @@ -669,7 +66=
9,7 @@ BdsLibVariableToOption (
   // Get load opion data.
   //
   LoadOptions     =3D TempPtr;
-  LoadOptionsSize =3D (UINT32) (VariableSize - (UINTN) (TempPtr - Variable=
));
+  LoadOptionsSize =3D (UINT32) (VariableSize - ((UINTN)TempPtr -=20
+ (UINTN)Variable));
=20
   //
   // The Console variables may have multiple device paths, so make diff --=
git a/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c b/Int=
elFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c
index c56a878..080a436 100644
--- a/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c
+++ b/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c
@@ -3,7 +3,7 @@
   and manage the legacy boot option, all legacy boot option is getting fro=
m
   the legacy BBS table.
=20
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at @@ -725,7 +72=
5,7 @@ LegacyBmCreateDevOrder (
   DevOrderPtr->Length  =3D (UINT16) (sizeof (UINT16) + BEVCount * sizeof (=
UINT16));
   DevOrderPtr          =3D (LEGACY_DEV_ORDER_ENTRY *) LegacyBmFillDevOrder=
Buf (BbsTable, BBS_BEV_DEVICE, BbsCount, DevOrderPtr->Data);
=20
-  ASSERT (TotalSize =3D=3D (UINTN) ((UINT8 *) DevOrderPtr - (UINT8 *) DevO=
rder));
+  ASSERT (TotalSize =3D=3D ((UINTN) DevOrderPtr - (UINTN) DevOrder));
=20
   //
   // Save device order for legacy boot device to variable.
diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.=
c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
index 5898fb3..6233a11 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c
@@ -5,7 +5,7 @@
=20
   Boot option manipulation
=20
-Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at @@ -1124,7 +1=
124,7 @@ BOpt_AppendFileName (
       // that overlap.
       //
       StrCpyS (TmpStr, MaxLen, Ptr + 3);
-      StrCpyS (LastSlash, MaxLen - (UINTN) (LastSlash - Str), TmpStr);
+      StrCpyS (LastSlash, MaxLen - ((UINTN) LastSlash - (UINTN) Str) /=20
+ sizeof (CHAR16), TmpStr);
       Ptr =3D LastSlash;
     } else if (*Ptr =3D=3D '\\' && *(Ptr + 1) =3D=3D '.' && *(Ptr + 2) =3D=
=3D '\\') {
       //
@@ -1136,7 +1136,7 @@ BOpt_AppendFileName (
       // that overlap.
       //
       StrCpyS (TmpStr, MaxLen, Ptr + 2);
-      StrCpyS (Ptr, MaxLen - (UINTN) (Ptr - Str), TmpStr);
+      StrCpyS (Ptr, MaxLen - ((UINTN) Ptr - (UINTN) Str) / sizeof=20
+ (CHAR16), TmpStr);
       Ptr =3D LastSlash;
     } else if (*Ptr =3D=3D '\\') {
       LastSlash =3D Ptr;
--
1.9.5.msysgit.0