From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D2911802B4 for ; Sun, 5 Mar 2017 17:37:15 -0800 (PST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP; 05 Mar 2017 17:37:15 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,251,1484035200"; d="scan'208";a="56346433" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga002.jf.intel.com with ESMTP; 05 Mar 2017 17:37:15 -0800 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 5 Mar 2017 17:37:15 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 5 Mar 2017 17:37:14 -0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.177]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.204]) with mapi id 14.03.0248.002; Mon, 6 Mar 2017 09:37:10 +0800 From: "Tian, Feng" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Zeng, Star" , "Tian, Feng" Thread-Topic: [PATCH v3 1/6] MdeModulePkg: Refine type cast for pointer subtraction Thread-Index: AQHSjxxo4UrtFZR0jEWGvy3vm1WmiqGHFhAQ Date: Mon, 6 Mar 2017 01:37:09 +0000 Message-ID: <7F1BAD85ADEA444D97065A60D2E97EE5699B7433@SHSMSX101.ccr.corp.intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> <1487995514-7628-2-git-send-email-hao.a.wu@intel.com> In-Reply-To: <1487995514-7628-2-git-send-email-hao.a.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v3 1/6] MdeModulePkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 01:37:15 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Feng Tian Thanks Feng -----Original Message----- From: Wu, Hao A=20 Sent: Saturday, February 25, 2017 12:05 PM To: edk2-devel@lists.01.org Cc: Wu, Hao A ; Tian, Feng ; Zeng,= Star Subject: [PATCH v3 1/6] MdeModulePkg: Refine type cast for pointer subtract= ion For pointer subtraction, the result is of type "ptrdiff_t". According to th= e C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same= array object, or one past the last element of the array object; the result= is the difference of the subscripts of the two array elements. The size of= the result is implementation-defined, and its type (a signed integer type)= is ptrdiff_t defined in the header. If the result is not repres= entable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed= by pointers to elements of the same array object. This might lead to poten= tial issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some st= atic code checkers may warn that the pointer subtraction might underflow fi= rst and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each = pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Feng Tian Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek --- MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c | 4 ++-= - MdeModulePkg/Include/Library/NetLib.h | 6 +++= --- MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 4 ++-= - MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 2 +- MdeModulePkg/Library/FileExplorerLib/FileExplorer.c | 4 ++-= - MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c | 4 ++-= - MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 4 ++-= - MdeModulePkg/Universal/DebugPortDxe/DebugPort.c | 4 ++-= - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c | 4 ++-= - MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 4 ++-= - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 10 +++= ++----- 11 files changed, 25 insertions(+), 25 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c b/MdeModu= lePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c index 2bc4f8c..d2ad94e 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c @@ -1,7 +1,7 @@ /** @file PCI Rom supporting funtions implementation for PCI Bus module. =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -776,7 +77= 6,7 @@ ProcessOpRomImage ( NextImage: RomBarOffset +=3D ImageSize; =20 - } while (((Indicator & 0x80) =3D=3D 0x00) && ((UINTN) (RomBarOffset - (U= INT8 *) RomBar) < PciDevice->RomSize)); + } while (((Indicator & 0x80) =3D=3D 0x00) && (((UINTN) RomBarOffset -=20 + (UINTN) RomBar) < PciDevice->RomSize)); =20 return RetStatus; } diff --git a/MdeModulePkg/Include/Library/NetLib.h b/MdeModulePkg/Include/L= ibrary/NetLib.h index 09ead09..3b8ff1a 100644 --- a/MdeModulePkg/Include/Library/NetLib.h +++ b/MdeModulePkg/Include/Library/NetLib.h @@ -2,7 +2,7 @@ This library is only intended to be used by UEFI network stack modules. It provides basic functions for the UEFI network stack. =20 -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at
@@ -1610,= 10 +1610,10 @@ typedef struct { (sizeof (NET_BUF) + ((BlockOpNum) - 1) * sizeof (NET_BLOCK_OP)) =20 #define NET_HEADSPACE(BlockOp) \ - (UINTN)((BlockOp)->Head - (BlockOp)->BlockHead) + ((UINTN)((BlockOp)->Head) - (UINTN)((BlockOp)->BlockHead)) =20 #define NET_TAILSPACE(BlockOp) \ - (UINTN)((BlockOp)->BlockTail - (BlockOp)->Tail) + ((UINTN)((BlockOp)->BlockTail) - (UINTN)((BlockOp)->Tail)) =20 /** Allocate a single block NET_BUF. Upon allocation, all the diff --git a/M= deModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeModulePkg/Library= /DxeCapsuleLibFmp/DxeCapsuleLib.c index 71e05bd..d7abcc8 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c @@ -10,7 +10,7 @@ ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will receive untrusted input and do basic validation. =20 - Copyright (c) 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights=20 + reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -547,7 +547,7 @@ ConvertBmpToGopBlt ( =20 } =20 - ImageIndex =3D (UINTN) (Image - ImageHeader); + ImageIndex =3D (UINTN) Image - (UINTN) ImageHeader; if ((ImageIndex % 4) !=3D 0) { // // Bmp Image starts each row on a 32-bit boundary! diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/Md= eModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c index 589d4db..d9aeb92 100644 --- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c +++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c @@ -226,7 +226,7 @@ DxePrintLibPrint2ProtocolVaListToBaseList ( // // If BASE_LIST is larger than Size, then return FALSE // - if ((UINTN)((UINT8 *)BaseListMarker - (UINT8 *)BaseListStart) > Size) = { + if (((UINTN)BaseListMarker - (UINTN)BaseListStart) > Size) { DEBUG ((DEBUG_ERROR, "The input variable argument list is too long. = Please consider breaking into multiple print calls.\n")); return FALSE; } diff --git a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c b/MdeModul= ePkg/Library/FileExplorerLib/FileExplorer.c index 5eedad7..9182751 100644 --- a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c +++ b/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c @@ -728,7 +728,7 @@ LibAppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 3); - StrCpyS (LastSlash, MaxLen - (UINTN) (LastSlash - Str), TmpStr); + StrCpyS (LastSlash, MaxLen - ((UINTN) LastSlash - (UINTN) Str) /=20 + sizeof (CHAR16), TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\' && *(Ptr + 1) =3D=3D '.' && *(Ptr + 2) =3D= =3D '\\') { // @@ -740,7 +740,7 @@ LibAppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 2); - StrCpyS (Ptr, MaxLen - (UINTN) (Ptr - Str), TmpStr); + StrCpyS (Ptr, MaxLen - ((UINTN) Ptr - (UINTN) Str) / sizeof=20 + (CHAR16), TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\') { LastSlash =3D Ptr; diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/M= deModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 5698c91..1f8aaf4 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -1,7 +1,7 @@ /** @file Save the S3 data to S3 boot script. =20 - Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2017, Intel Corporation. All rights=20 + reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions @@ -2025,= 7 +2025,7 @@ S3BootScriptCalculateInsertAddress ( // calculate the Position offset // if (Position !=3D NULL) { - PositionOffset =3D (UINTN) ((UINT8 *)Position - S3TableBase); + PositionOffset =3D (UINTN)Position - (UINTN)S3TableBase; =20 // // If the BeforeOrAfter is FALSE, that means to insert the node right= after the node. diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeMo= dulePkg/Library/UefiBootManagerLib/BmLoadOption.c index 6f705bd..116cf28 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c @@ -1,7 +1,7 @@ /** @file Load option library functions which relate with creating and processing = load options. =20 -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
Thi= s program and the accompanying materials are licensed and made available u= nder the terms and conditions of the BSD License @@ -912,7 +912,7 @@ EfiBoo= tManagerVariableToLoadOptionEx ( FilePath =3D (EFI_DEVICE_PATH_PROTOCOL *) VariablePtr; VariablePtr +=3D FilePathSize; =20 - OptionalDataSize =3D (UINT32) (VariableSize - (UINTN) (VariablePtr - Var= iable)); + OptionalDataSize =3D (UINT32) (VariableSize - ((UINTN) VariablePtr -=20 + (UINTN) Variable)); if (OptionalDataSize =3D=3D 0) { OptionalData =3D NULL; } else { diff --git a/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c b/MdeModulePkg= /Universal/DebugPortDxe/DebugPort.c index 298b6b2..dcb623c 100644 --- a/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c +++ b/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c @@ -4,7 +4,7 @@ ALL CODE IN THE SERIALIO STACK MUST BE RE-ENTRANT AND CALLABLE FROM INTERRUPT CONTEXT =20 -Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -569,7 +56= 9,7 @@ DebugPortRead ( LocalBufferSize =3D *BufferSize - (BufferPtr - (UINT8 *) Buffer); } while (LocalBufferSize !=3D 0 && Timeout > 0); =20 - *BufferSize =3D (UINTN) (BufferPtr - (UINT8 *) Buffer); + *BufferSize =3D (UINTN) BufferPtr - (UINTN) Buffer; =20 return Status; } diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrit= e.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c index 2e3e8c7..49e747b 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c @@ -3,7 +3,7 @@ These are the common Fault Tolerant Write (FTW) functions that are share= d=20 by DXE FTW driver and SMM FTW driver. =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials =20 are licensed and made available under the terms and conditions of the BSD = License =20 which accompanies this distribution. The full text of the license may be = found at =20 @@ -373,7 +373,7 @@ FtwWrite ( // // If Record is out of the range of Header, return access denied. // - if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > FTW_WRITE_TOTAL_SIZ= E (Header->NumberOfWrites - 1, Header->PrivateDataSize)) { + if (((UINTN) Record - (UINTN) Header) > FTW_WRITE_TOTAL_SIZE=20 + (Header->NumberOfWrites - 1, Header->PrivateDataSize)) { return EFI_ACCESS_DENIED; } =20 diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/U= niversal/HiiDatabaseDxe/Image.c index 1668828..e2fa16e 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c @@ -2,7 +2,7 @@ Implementation for EFI_HII_IMAGE_PROTOCOL. =20 =20 -Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -1124,7 +1= 124,7 @@ HiiSetImage ( return EFI_OUT_OF_RESOURCES; } =20 - Part1Size =3D (UINT32) (UINTN) ((UINT8 *) CurrentImageBlock - (UINT8 *) = ImagePackage->ImageBlock); + Part1Size =3D (UINT32) ((UINTN) CurrentImageBlock - (UINTN)=20 + ImagePackage->ImageBlock); Part2Size =3D ImagePackage->ImageBlockSize - Part1Size - OldBlockSize; CopyMem (ImageBlocks, ImagePackage->ImageBlock, Part1Size); =20 diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeMod= ulePkg/Universal/Variable/RuntimeDxe/Variable.c index f5b6a5f..b0c7434 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -16,7 +16,7 @@ VariableServiceSetVariable() should also check authenticate data to avoi= d buffer overflow, integer overflow. It should also check attribute to avoid authentication= bypass. =20 -Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This pro= gram and the accompanying materials are licensed and made available under = the terms and conditions of the BSD License @@ -1170,7 +1170,7 @@ Reclaim ( // Install the new variable if it is not NULL. // if (NewVariable !=3D NULL) { - if ((UINTN) (CurrPtr - ValidBuffer) + NewVariableSize > VariableStoreH= eader->Size) { + if (((UINTN) CurrPtr - (UINTN) ValidBuffer) + NewVariableSize >=20 + VariableStoreHeader->Size) { // // No enough space to store the new variable. // @@ -1211,8 +1211,8 @@ Reclaim ( // If volatile variable store, just copy valid buffer. // SetMem ((UINT8 *) (UINTN) VariableBase, VariableStoreHeader->Size, 0xf= f); - CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) (CurrPtr= - ValidBuffer)); - *LastVariableOffset =3D (UINTN) (CurrPtr - ValidBuffer); + CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) CurrPtr = - (UINTN) ValidBuffer); + *LastVariableOffset =3D (UINTN) CurrPtr - (UINTN) ValidBuffer; Status =3D EFI_SUCCESS; } else { // @@ -1223,7 +1223,7 @@ Reclaim ( (VARIABLE_STORE_HEADER *) ValidBuffer ); if (!EFI_ERROR (Status)) { - *LastVariableOffset =3D (UINTN) (CurrPtr - ValidBuffer); + *LastVariableOffset =3D (UINTN) CurrPtr - (UINTN) ValidBuffer; mVariableModuleGlobal->HwErrVariableTotalSize =3D HwErrVariableTotal= Size; mVariableModuleGlobal->CommonVariableTotalSize =3D CommonVariableTot= alSize; mVariableModuleGlobal->CommonUserVariableTotalSize =3D CommonUserVar= iableTotalSize; -- 1.9.5.msysgit.0