public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Wu, Hao A" <hao.a.wu@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Gao, Liming" <liming.gao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [PATCH 4/4] MdePkg/BaseLib: Add safe string functions [U|A]StrnTo[A|U]StrS
Date: Mon, 9 Jan 2017 02:03:47 +0000	[thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8DCEA9@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <1483528957-28340-5-git-send-email-hao.a.wu@intel.com>

Reviewed-by: Jiewen.yao@intel.com

> -----Original Message-----
> From: Wu, Hao A
> Sent: Wednesday, January 4, 2017 7:23 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Gao, Liming <liming.gao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: [PATCH 4/4] MdePkg/BaseLib: Add safe string functions
> [U|A]StrnTo[A|U]StrS
> 
> Add the following 2 APIs:
> UnicodeStrnToAsciiStrS
> AsciiStrnToUnicodeStrS
> 
> These APIs are used to enhance APIs UnicodeStrToAsciiStrS and
> AsciiStrToUnicodeStrS (without 'n' in names) by:
> 1. Adds an input parameter 'Length' to specify the maximum number of
> Ascii/Unicode characters to convert.
> 2. Adds an output parameter 'DestinationLength' to indicate the number of
> Ascii/Unicode characters successfully converted.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
>  MdePkg/Include/Library/BaseLib.h    | 107 ++++++++++++++++
>  MdePkg/Library/BaseLib/SafeString.c | 237
> ++++++++++++++++++++++++++++++++++++
>  2 files changed, 344 insertions(+)
> 
> diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
> index abea7b6..d71ccb7 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -1631,6 +1631,60 @@ UnicodeStrToAsciiStrS (
>    IN      UINTN                     DestMax
>    );
> 
> +/**
> +  Convert not more than Length successive characters from a Null-terminated
> +  Unicode string to a Null-terminated Ascii string. If no null char is copied
> +  from Source, then Destination[Length] is always set to null.
> +
> +  This function converts not more than Length successive characters from the
> +  Unicode string Source to the Ascii string Destination by copying the lower 8
> +  bits of each Unicode character. The function terminates the Ascii string
> +  Destination by appending a Null-terminator character at the end.
> +
> +  The caller is responsible to make sure Destination points to a buffer with size
> +  equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
> +
> +  If any Unicode characters in Source contain non-zero value in the upper 8
> +  bits, then ASSERT().
> +  If Source is not aligned on a 16-bit boundary, then ASSERT().
> +  If an error would be returned, then the function will also ASSERT().
> +
> +  If an error is returned, then the Destination is unmodified.
> +
> +  @param  Source             The pointer to a Null-terminated Unicode
> string.
> +  @param  Length             The maximum number of Unicode
> characters to
> +                             convert.
> +  @param  Destination        The pointer to a Null-terminated Ascii string.
> +  @param  DestMax            The maximum number of Destination Ascii
> +                             char, including terminating null char.
> +  @param  DestinationLength  The number of Unicode characters converted.
> +
> +  @retval RETURN_SUCCESS            String is converted.
> +  @retval RETURN_INVALID_PARAMETER  If Destination is NULL.
> +                                    If Source is NULL.
> +                                    If DestinationLength is NULL.
> +                                    If PcdMaximumAsciiStringLength is
> not zero,
> +                                    and Length or DestMax is greater than
> +                                    PcdMaximumAsciiStringLength.
> +                                    If PcdMaximumUnicodeStringLength
> is not
> +                                    zero, and Length or DestMax is
> greater than
> +                                    PcdMaximumUnicodeStringLength.
> +                                    If DestMax is 0.
> +  @retval RETURN_BUFFER_TOO_SMALL   If DestMax is NOT greater than
> +                                    MIN(StrLen(Source), Length).
> +  @retval RETURN_ACCESS_DENIED      If Source and Destination overlap.
> +
> +**/
> +RETURN_STATUS
> +EFIAPI
> +UnicodeStrnToAsciiStrS (
> +  IN      CONST CHAR16              *Source,
> +  IN      UINTN                     Length,
> +  OUT     CHAR8                     *Destination,
> +  IN      UINTN                     DestMax,
> +  OUT     UINTN                     *DestinationLength
> +  );
> +
>  #ifndef DISABLE_NEW_DEPRECATED_INTERFACES
> 
>  /**
> @@ -2219,6 +2273,59 @@ AsciiStrToUnicodeStrS (
>    );
> 
>  /**
> +  Convert not more than Length successive characters from a Null-terminated
> +  Ascii string to a Null-terminated Unicode string. If no null char is copied
> +  from Source, then Destination[Length] is always set to null.
> +
> +  This function converts not more than Length successive characters from the
> +  Ascii string Source to the Unicode string Destination. The function
> +  terminates the Unicode string Destination by appending a Null-terminator
> +  character at the end.
> +
> +  The caller is responsible to make sure Destination points to a buffer with
> +  size not smaller than
> +  ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
> +
> +  If Destination is not aligned on a 16-bit boundary, then ASSERT().
> +  If an error would be returned, then the function will also ASSERT().
> +
> +  If an error is returned, then Destination and DestinationLength are
> +  unmodified.
> +
> +  @param  Source             The pointer to a Null-terminated Ascii string.
> +  @param  Length             The maximum number of Ascii characters to
> convert.
> +  @param  Destination        The pointer to a Null-terminated Unicode
> string.
> +  @param  DestMax            The maximum number of Destination
> Unicode char,
> +                             including terminating null char.
> +  @param  DestinationLength  The number of Ascii characters converted.
> +
> +  @retval RETURN_SUCCESS            String is converted.
> +  @retval RETURN_INVALID_PARAMETER  If Destination is NULL.
> +                                    If Source is NULL.
> +                                    If DestinationLength is NULL.
> +                                    If PcdMaximumUnicodeStringLength
> is not
> +                                    zero, and Length or DestMax is
> greater than
> +                                    PcdMaximumUnicodeStringLength.
> +                                    If PcdMaximumAsciiStringLength is
> not zero,
> +                                    and Length or DestMax is greater than
> +                                    PcdMaximumAsciiStringLength.
> +                                    If DestMax is 0.
> +  @retval RETURN_BUFFER_TOO_SMALL   If DestMax is NOT greater than
> +                                    MIN(AsciiStrLen(Source), Length).
> +  @retval RETURN_ACCESS_DENIED      If Source and Destination overlap.
> +
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AsciiStrnToUnicodeStrS (
> +  IN      CONST CHAR8               *Source,
> +  IN      UINTN                     Length,
> +  OUT     CHAR16                    *Destination,
> +  IN      UINTN                     DestMax,
> +  OUT     UINTN                     *DestinationLength
> +  );
> +
> +/**
>    Converts an 8-bit value to an 8-bit BCD value.
> 
>    Converts the 8-bit value specified by Value to BCD. The BCD value is
> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> index 5edc6ef..315059e 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -2108,6 +2108,128 @@ UnicodeStrToAsciiStrS (
>    return RETURN_SUCCESS;
>  }
> 
> +/**
> +  Convert not more than Length successive characters from a Null-terminated
> +  Unicode string to a Null-terminated Ascii string. If no null char is copied
> +  from Source, then Destination[Length] is always set to null.
> +
> +  This function converts not more than Length successive characters from the
> +  Unicode string Source to the Ascii string Destination by copying the lower 8
> +  bits of each Unicode character. The function terminates the Ascii string
> +  Destination by appending a Null-terminator character at the end.
> +
> +  The caller is responsible to make sure Destination points to a buffer with
> +  size not smaller than ((MIN(StrLen(Source), Length) + 1) * sizeof (CHAR8))
> +  in bytes.
> +
> +  If any Unicode characters in Source contain non-zero value in the upper 8
> +  bits, then ASSERT().
> +  If Source is not aligned on a 16-bit boundary, then ASSERT().
> +  If an error would be returned, then the function will also ASSERT().
> +
> +  If an error is returned, then Destination and DestinationLength are
> +  unmodified.
> +
> +  @param  Source             The pointer to a Null-terminated Unicode
> string.
> +  @param  Length             The maximum number of Unicode
> characters to
> +                             convert.
> +  @param  Destination        The pointer to a Null-terminated Ascii string.
> +  @param  DestMax            The maximum number of Destination Ascii
> char,
> +                             including terminating null char.
> +  @param  DestinationLength  The number of Unicode characters converted.
> +
> +  @retval RETURN_SUCCESS            String is converted.
> +  @retval RETURN_INVALID_PARAMETER  If Destination is NULL.
> +                                    If Source is NULL.
> +                                    If DestinationLength is NULL.
> +                                    If PcdMaximumAsciiStringLength is
> not zero,
> +                                    and Length or DestMax is greater than
> +                                    PcdMaximumAsciiStringLength.
> +                                    If PcdMaximumUnicodeStringLength
> is not
> +                                    zero, and Length or DestMax is
> greater than
> +                                    PcdMaximumUnicodeStringLength.
> +                                    If DestMax is 0.
> +  @retval RETURN_BUFFER_TOO_SMALL   If DestMax is NOT greater than
> +                                    MIN(StrLen(Source), Length).
> +  @retval RETURN_ACCESS_DENIED      If Source and Destination overlap.
> +
> +**/
> +RETURN_STATUS
> +EFIAPI
> +UnicodeStrnToAsciiStrS (
> +  IN      CONST CHAR16              *Source,
> +  IN      UINTN                     Length,
> +  OUT     CHAR8                     *Destination,
> +  IN      UINTN                     DestMax,
> +  OUT     UINTN                     *DestinationLength
> +  )
> +{
> +  UINTN            SourceLen;
> +
> +  ASSERT (((UINTN) Source & BIT0) == 0);
> +
> +  //
> +  // 1. None of Destination, Source or DestinationLength shall be a null
> +  // pointer.
> +  //
> +  SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL),
> RETURN_INVALID_PARAMETER);
> +  SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL),
> RETURN_INVALID_PARAMETER);
> +  SAFE_STRING_CONSTRAINT_CHECK ((DestinationLength != NULL),
> RETURN_INVALID_PARAMETER);
> +
> +  //
> +  // 2. Neither Length nor DestMax shall be greater than ASCII_RSIZE_MAX or
> +  // RSIZE_MAX.
> +  //
> +  if (ASCII_RSIZE_MAX != 0) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +  }
> +  if (RSIZE_MAX != 0) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +  }
> +
> +  //
> +  // 3. DestMax shall not equal zero.
> +  //
> +  SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0),
> RETURN_INVALID_PARAMETER);
> +
> +  //
> +  // 4. If Length is not less than DestMax, then DestMax shall be greater than
> +  // StrnLenS(Source, DestMax).
> +  //
> +  SourceLen = StrnLenS (Source, DestMax);
> +  if (Length >= DestMax) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen),
> RETURN_BUFFER_TOO_SMALL);
> +  }
> +
> +  //
> +  // 5. Copying shall not take place between objects that overlap.
> +  //
> +  if (SourceLen > Length) {
> +    SourceLen = Length;
> +  }
> +  SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap
> (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)),
> RETURN_ACCESS_DENIED);
> +
> +  *DestinationLength = 0;
> +
> +  //
> +  // Convert string
> +  //
> +  while ((*Source != 0) && (SourceLen > 0)) {
> +    //
> +    // If any Unicode characters in Source contain non-zero value in the upper
> +    // 8 bits, then ASSERT().
> +    //
> +    ASSERT (*Source < 0x100);
> +    *(Destination++) = (CHAR8) *(Source++);
> +    SourceLen--;
> +    (*DestinationLength)++;
> +  }
> +  *Destination = 0;
> +
> +  return RETURN_SUCCESS;
> +}
> 
>  /**
>    Convert one Null-terminated ASCII string to a Null-terminated
> @@ -2200,3 +2322,118 @@ AsciiStrToUnicodeStrS (
> 
>    return RETURN_SUCCESS;
>  }
> +
> +/**
> +  Convert not more than Length successive characters from a Null-terminated
> +  Ascii string to a Null-terminated Unicode string. If no null char is copied
> +  from Source, then Destination[Length] is always set to null.
> +
> +  This function converts not more than Length successive characters from the
> +  Ascii string Source to the Unicode string Destination. The function
> +  terminates the Unicode string Destination by appending a Null-terminator
> +  character at the end.
> +
> +  The caller is responsible to make sure Destination points to a buffer with
> +  size not smaller than
> +  ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
> +
> +  If Destination is not aligned on a 16-bit boundary, then ASSERT().
> +  If an error would be returned, then the function will also ASSERT().
> +
> +  If an error is returned, then Destination and DestinationLength are
> +  unmodified.
> +
> +  @param  Source             The pointer to a Null-terminated Ascii string.
> +  @param  Length             The maximum number of Ascii characters to
> convert.
> +  @param  Destination        The pointer to a Null-terminated Unicode
> string.
> +  @param  DestMax            The maximum number of Destination
> Unicode char,
> +                             including terminating null char.
> +  @param  DestinationLength  The number of Ascii characters converted.
> +
> +  @retval RETURN_SUCCESS            String is converted.
> +  @retval RETURN_INVALID_PARAMETER  If Destination is NULL.
> +                                    If Source is NULL.
> +                                    If DestinationLength is NULL.
> +                                    If PcdMaximumUnicodeStringLength
> is not
> +                                    zero, and Length or DestMax is
> greater than
> +                                    PcdMaximumUnicodeStringLength.
> +                                    If PcdMaximumAsciiStringLength is
> not zero,
> +                                    and Length or DestMax is greater than
> +                                    PcdMaximumAsciiStringLength.
> +                                    If DestMax is 0.
> +  @retval RETURN_BUFFER_TOO_SMALL   If DestMax is NOT greater than
> +                                    MIN(AsciiStrLen(Source), Length).
> +  @retval RETURN_ACCESS_DENIED      If Source and Destination overlap.
> +
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AsciiStrnToUnicodeStrS (
> +  IN      CONST CHAR8               *Source,
> +  IN      UINTN                     Length,
> +  OUT     CHAR16                    *Destination,
> +  IN      UINTN                     DestMax,
> +  OUT     UINTN                     *DestinationLength
> +  )
> +{
> +  UINTN            SourceLen;
> +
> +  ASSERT (((UINTN) Destination & BIT0) == 0);
> +
> +  //
> +  // 1. None of Destination, Source or DestinationLength shall be a null
> +  // pointer.
> +  //
> +  SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL),
> RETURN_INVALID_PARAMETER);
> +  SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL),
> RETURN_INVALID_PARAMETER);
> +  SAFE_STRING_CONSTRAINT_CHECK ((DestinationLength != NULL),
> RETURN_INVALID_PARAMETER);
> +
> +  //
> +  // 2. Neither Length nor DestMax shall be greater than ASCII_RSIZE_MAX or
> +  // RSIZE_MAX.
> +  //
> +  if (RSIZE_MAX != 0) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +  }
> +  if (ASCII_RSIZE_MAX != 0) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX),
> RETURN_INVALID_PARAMETER);
> +  }
> +
> +  //
> +  // 3. DestMax shall not equal zero.
> +  //
> +  SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0),
> RETURN_INVALID_PARAMETER);
> +
> +  //
> +  // 4. If Length is not less than DestMax, then DestMax shall be greater than
> +  // AsciiStrnLenS(Source, DestMax).
> +  //
> +  SourceLen = AsciiStrnLenS (Source, DestMax);
> +  if (Length >= DestMax) {
> +    SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen),
> RETURN_BUFFER_TOO_SMALL);
> +  }
> +
> +  //
> +  // 5. Copying shall not take place between objects that overlap.
> +  //
> +  if (SourceLen > Length) {
> +    SourceLen = Length;
> +  }
> +  SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap
> (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1),
> RETURN_ACCESS_DENIED);
> +
> +  *DestinationLength = 0;
> +
> +  //
> +  // Convert string
> +  //
> +  while ((*Source != 0) && (SourceLen > 0)) {
> +    *(Destination++) = (CHAR16)*(Source++);
> +    SourceLen--;
> +    (*DestinationLength)++;
> +  }
> +  *Destination = 0;
> +
> +  return RETURN_SUCCESS;
> +}
> --
> 1.9.5.msysgit.0



      reply	other threads:[~2017-01-09  2:03 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-04 11:22 [PATCH 0/4] Add and refine sting APIs in MdePkg/BaseLib Hao Wu
2017-01-04 11:22 ` [PATCH 1/4] MdePkg/BaseLib: Add safe string functions [Ascii]StrnSizeS Hao Wu
2017-01-05  2:02   ` Yao, Jiewen
2017-01-04 11:22 ` [PATCH 2/4] MdePkg/BaseLib: Add safe string functions that convert str to value Hao Wu
2017-01-09  2:02   ` Yao, Jiewen
2017-01-04 11:22 ` [PATCH 3/4] MdePkg/BaseLib: Enhance the return value for string to uint functions Hao Wu
2017-01-09  2:03   ` Yao, Jiewen
2017-01-04 11:22 ` [PATCH 4/4] MdePkg/BaseLib: Add safe string functions [U|A]StrnTo[A|U]StrS Hao Wu
2017-01-09  2:03   ` Yao, Jiewen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503A8DCEA9@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox