From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"Ni, Ruiyu" <ruiyu.ni@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [PATCH] MdePkg/SafeString: Directly return when length of source string is 0
Date: Mon, 5 Feb 2018 03:55:06 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AAB2A87@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <87dac273-4f9c-7561-c215-ebae09cb07c6@redhat.com>
Thanks to catch this.
The root-cause of the failure is below line:
SourceLen = StrnLenS (Source, DestMax);
We should only limit the Source string access within Length, not DestMax, if Length is smaller than DestMax.
0 is just one special case. Length might be 1, 2, or 3 and it triggers same failure.
So only checking 0 is not enough.
Reviewed the code with Ruiyu. We think using below check seems better way to handle all cases.
SourceLen = StrnLenS (Source, MIN(DestMax, Length));
The check for 0 is not needed.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, February 2, 2018 9:43 PM
> To: Ni, Ruiyu <ruiyu.ni@intel.com>; edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: Re: [edk2] [PATCH] MdePkg/SafeString: Directly return when length of
> source string is 0
>
> On 02/02/18 11:47, Ruiyu Ni wrote:
> > Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS doesn't
> > directly return the the length of source string is 0.
> >
> > When length of source string is 0, it means the Source points to
> > a memory that shouldn't be deferenced at all.
> > So it's not proper to call StrnLenS() in such situation.
> > In a pool guard enabled environment, when using shell to edit an
> > existing file which contains empty line, the page fault is met.
> >
> > The patch fixes the four library functions to align to the behavior
> > of non-safe version: directly return when length of source string
> > is 0.
> >
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > ---
> > MdePkg/Library/BaseLib/SafeString.c | 18 +++++++++++++++++-
> > 1 file changed, 17 insertions(+), 1 deletion(-)
> >
> > diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> > index 68c33e9b7b..fed818ef33 100644
> > --- a/MdePkg/Library/BaseLib/SafeString.c
> > +++ b/MdePkg/Library/BaseLib/SafeString.c
> > @@ -1,7 +1,7 @@
> > /** @file
> > Safe String functions.
> >
> > - Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>
> > + Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
> > This program and the accompanying materials
> > are licensed and made available under the terms and conditions of the BSD
> License
> > which accompanies this distribution. The full text of the license may be
> found at
> > @@ -317,6 +317,10 @@ StrnCpyS (
> > {
> > UINTN SourceLen;
> >
> > + if (Length == 0) {
> > + return RETURN_SUCCESS;
> > + }
> > +
> > ASSERT (((UINTN) Destination & BIT0) == 0);
> > ASSERT (((UINTN) Source & BIT0) == 0);
> >
> > @@ -515,6 +519,10 @@ StrnCatS (
> > UINTN CopyLen;
> > UINTN SourceLen;
> >
> > + if (Length == 0) {
> > + return RETURN_SUCCESS;
> > + }
> > +
> > ASSERT (((UINTN) Destination & BIT0) == 0);
> > ASSERT (((UINTN) Source & BIT0) == 0);
> >
> > @@ -1894,6 +1902,10 @@ AsciiStrnCpyS (
> > {
> > UINTN SourceLen;
> >
> > + if (Length == 0) {
> > + return RETURN_SUCCESS;
> > + }
> > +
> > //
> > // 1. Neither Destination nor Source shall be a null pointer.
> > //
> > @@ -2082,6 +2094,10 @@ AsciiStrnCatS (
> > UINTN CopyLen;
> > UINTN SourceLen;
> >
> > + if (Length == 0) {
> > + return RETURN_SUCCESS;
> > + }
> > +
> > //
> > // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination,
> DestMax) upon entry to AsciiStrnCatS.
> > //
> >
>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
next prev parent reply other threads:[~2018-02-05 3:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 10:47 [PATCH] MdePkg/SafeString: Directly return when length of source string is 0 Ruiyu Ni
2018-02-02 13:42 ` Laszlo Ersek
2018-02-05 3:55 ` Yao, Jiewen [this message]
2018-02-05 8:04 ` Ni, Ruiyu
2018-02-05 1:23 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503AAB2A87@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox