From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7FAF42239364B
 for <edk2-devel@lists.01.org>; Fri,  2 Feb 2018 05:37:04 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 816EEAB87B;
 Fri,  2 Feb 2018 13:42:42 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-121-50.rdu2.redhat.com
 [10.10.121.50])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 6BE0160F85;
 Fri,  2 Feb 2018 13:42:41 +0000 (UTC)
To: Ruiyu Ni <ruiyu.ni@intel.com>, edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>
References: <20180202104753.94568-1-ruiyu.ni@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <87dac273-4f9c-7561-c215-ebae09cb07c6@redhat.com>
Date: Fri, 2 Feb 2018 14:42:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <20180202104753.94568-1-ruiyu.ni@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.27]); Fri, 02 Feb 2018 13:42:42 +0000 (UTC)
Subject: Re: [PATCH] MdePkg/SafeString: Directly return when length of source string is 0
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 13:37:04 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 02/02/18 11:47, Ruiyu Ni wrote:
> Today's implementation of [Ascii]StrnCpyS/[Ascii]StrnCatS doesn't
> directly return the the length of source string is 0.
> 
> When length of source string is 0, it means the Source points to
> a memory that shouldn't be deferenced at all.
> So it's not proper to call StrnLenS() in such situation.
> In a pool guard enabled environment, when using shell to edit an
> existing file which contains empty line, the page fault is met.
> 
> The patch fixes the four library functions to align to the behavior
> of non-safe version: directly return when length of source string
> is 0.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdePkg/Library/BaseLib/SafeString.c | 18 +++++++++++++++++-
>  1 file changed, 17 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
> index 68c33e9b7b..fed818ef33 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Safe String functions.
>  
> -  Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD License
>    which accompanies this distribution.  The full text of the license may be found at
> @@ -317,6 +317,10 @@ StrnCpyS (
>  {
>    UINTN            SourceLen;
>  
> +  if (Length == 0) {
> +    return RETURN_SUCCESS;
> +  }
> +
>    ASSERT (((UINTN) Destination & BIT0) == 0);
>    ASSERT (((UINTN) Source & BIT0) == 0);
>  
> @@ -515,6 +519,10 @@ StrnCatS (
>    UINTN               CopyLen;
>    UINTN               SourceLen;
>  
> +  if (Length == 0) {
> +    return RETURN_SUCCESS;
> +  }
> +
>    ASSERT (((UINTN) Destination & BIT0) == 0);
>    ASSERT (((UINTN) Source & BIT0) == 0);
>  
> @@ -1894,6 +1902,10 @@ AsciiStrnCpyS (
>  {
>    UINTN            SourceLen;
>  
> +  if (Length == 0) {
> +    return RETURN_SUCCESS;
> +  }
> +
>    //
>    // 1. Neither Destination nor Source shall be a null pointer.
>    //
> @@ -2082,6 +2094,10 @@ AsciiStrnCatS (
>    UINTN               CopyLen;
>    UINTN               SourceLen;
>  
> +  if (Length == 0) {
> +    return RETURN_SUCCESS;
> +  }
> +
>    //
>    // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
>    //
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>