From: "Marvin Häuser" <Marvin.Haeuser@outlook.com>
To: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "michael.d.kinney@intel.com" <michael.d.kinney@intel.com>,
"liming.gao@intel.com" <liming.gao@intel.com>
Subject: [PATCH 1/2] MdePkg/Base.h: Ensure safe bitwise operations.
Date: Tue, 27 Feb 2018 16:47:55 +0000 [thread overview]
Message-ID: <AM4PR06MB14910F94889E6F6D5D9B648C80C00@AM4PR06MB1491.eurprd06.prod.outlook.com> (raw)
As per the C standard, bit-level operations on signed integers are
either undefined or implementation-defined. Hence, mark all BIT
defines and shifts as unsigned to safely allow such operations.
For the SIGNATURE macros, add several casts to account for int
promotions, which might be signed.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
---
MdePkg/Include/Base.h | 160 ++++++++++----------
1 file changed, 80 insertions(+), 80 deletions(-)
diff --git a/MdePkg/Include/Base.h b/MdePkg/Include/Base.h
index a94182f08886..f108ed92eb0b 100644
--- a/MdePkg/Include/Base.h
+++ b/MdePkg/Include/Base.h
@@ -404,38 +404,38 @@ struct _LIST_ENTRY {
#define MIN_INT32 (((INT32) -2147483647) - 1)
#define MIN_INT64 (((INT64) -9223372036854775807LL) - 1)
-#define BIT0 0x00000001
-#define BIT1 0x00000002
-#define BIT2 0x00000004
-#define BIT3 0x00000008
-#define BIT4 0x00000010
-#define BIT5 0x00000020
-#define BIT6 0x00000040
-#define BIT7 0x00000080
-#define BIT8 0x00000100
-#define BIT9 0x00000200
-#define BIT10 0x00000400
-#define BIT11 0x00000800
-#define BIT12 0x00001000
-#define BIT13 0x00002000
-#define BIT14 0x00004000
-#define BIT15 0x00008000
-#define BIT16 0x00010000
-#define BIT17 0x00020000
-#define BIT18 0x00040000
-#define BIT19 0x00080000
-#define BIT20 0x00100000
-#define BIT21 0x00200000
-#define BIT22 0x00400000
-#define BIT23 0x00800000
-#define BIT24 0x01000000
-#define BIT25 0x02000000
-#define BIT26 0x04000000
-#define BIT27 0x08000000
-#define BIT28 0x10000000
-#define BIT29 0x20000000
-#define BIT30 0x40000000
-#define BIT31 0x80000000
+#define BIT0 0x00000001U
+#define BIT1 0x00000002U
+#define BIT2 0x00000004U
+#define BIT3 0x00000008U
+#define BIT4 0x00000010U
+#define BIT5 0x00000020U
+#define BIT6 0x00000040U
+#define BIT7 0x00000080U
+#define BIT8 0x00000100U
+#define BIT9 0x00000200U
+#define BIT10 0x00000400U
+#define BIT11 0x00000800U
+#define BIT12 0x00001000U
+#define BIT13 0x00002000U
+#define BIT14 0x00004000U
+#define BIT15 0x00008000U
+#define BIT16 0x00010000U
+#define BIT17 0x00020000U
+#define BIT18 0x00040000U
+#define BIT19 0x00080000U
+#define BIT20 0x00100000U
+#define BIT21 0x00200000U
+#define BIT22 0x00400000U
+#define BIT23 0x00800000U
+#define BIT24 0x01000000U
+#define BIT25 0x02000000U
+#define BIT26 0x04000000U
+#define BIT27 0x08000000U
+#define BIT28 0x10000000U
+#define BIT29 0x20000000U
+#define BIT30 0x40000000U
+#define BIT31 0x80000000U
#define BIT32 0x0000000100000000ULL
#define BIT33 0x0000000200000000ULL
#define BIT34 0x0000000400000000ULL
@@ -469,28 +469,28 @@ struct _LIST_ENTRY {
#define BIT62 0x4000000000000000ULL
#define BIT63 0x8000000000000000ULL
-#define SIZE_1KB 0x00000400
-#define SIZE_2KB 0x00000800
-#define SIZE_4KB 0x00001000
-#define SIZE_8KB 0x00002000
-#define SIZE_16KB 0x00004000
-#define SIZE_32KB 0x00008000
-#define SIZE_64KB 0x00010000
-#define SIZE_128KB 0x00020000
-#define SIZE_256KB 0x00040000
-#define SIZE_512KB 0x00080000
-#define SIZE_1MB 0x00100000
-#define SIZE_2MB 0x00200000
-#define SIZE_4MB 0x00400000
-#define SIZE_8MB 0x00800000
-#define SIZE_16MB 0x01000000
-#define SIZE_32MB 0x02000000
-#define SIZE_64MB 0x04000000
-#define SIZE_128MB 0x08000000
-#define SIZE_256MB 0x10000000
-#define SIZE_512MB 0x20000000
-#define SIZE_1GB 0x40000000
-#define SIZE_2GB 0x80000000
+#define SIZE_1KB 0x00000400U
+#define SIZE_2KB 0x00000800U
+#define SIZE_4KB 0x00001000U
+#define SIZE_8KB 0x00002000U
+#define SIZE_16KB 0x00004000U
+#define SIZE_32KB 0x00008000U
+#define SIZE_64KB 0x00010000U
+#define SIZE_128KB 0x00020000U
+#define SIZE_256KB 0x00040000U
+#define SIZE_512KB 0x00080000U
+#define SIZE_1MB 0x00100000U
+#define SIZE_2MB 0x00200000U
+#define SIZE_4MB 0x00400000U
+#define SIZE_8MB 0x00800000U
+#define SIZE_16MB 0x01000000U
+#define SIZE_32MB 0x02000000U
+#define SIZE_64MB 0x04000000U
+#define SIZE_128MB 0x08000000U
+#define SIZE_256MB 0x10000000U
+#define SIZE_512MB 0x20000000U
+#define SIZE_1GB 0x40000000U
+#define SIZE_2GB 0x80000000U
#define SIZE_4GB 0x0000000100000000ULL
#define SIZE_8GB 0x0000000200000000ULL
#define SIZE_16GB 0x0000000400000000ULL
@@ -524,28 +524,28 @@ struct _LIST_ENTRY {
#define SIZE_4EB 0x4000000000000000ULL
#define SIZE_8EB 0x8000000000000000ULL
-#define BASE_1KB 0x00000400
-#define BASE_2KB 0x00000800
-#define BASE_4KB 0x00001000
-#define BASE_8KB 0x00002000
-#define BASE_16KB 0x00004000
-#define BASE_32KB 0x00008000
-#define BASE_64KB 0x00010000
-#define BASE_128KB 0x00020000
-#define BASE_256KB 0x00040000
-#define BASE_512KB 0x00080000
-#define BASE_1MB 0x00100000
-#define BASE_2MB 0x00200000
-#define BASE_4MB 0x00400000
-#define BASE_8MB 0x00800000
-#define BASE_16MB 0x01000000
-#define BASE_32MB 0x02000000
-#define BASE_64MB 0x04000000
-#define BASE_128MB 0x08000000
-#define BASE_256MB 0x10000000
-#define BASE_512MB 0x20000000
-#define BASE_1GB 0x40000000
-#define BASE_2GB 0x80000000
+#define BASE_1KB 0x00000400U
+#define BASE_2KB 0x00000800U
+#define BASE_4KB 0x00001000U
+#define BASE_8KB 0x00002000U
+#define BASE_16KB 0x00004000U
+#define BASE_32KB 0x00008000U
+#define BASE_64KB 0x00010000U
+#define BASE_128KB 0x00020000U
+#define BASE_256KB 0x00040000U
+#define BASE_512KB 0x00080000U
+#define BASE_1MB 0x00100000U
+#define BASE_2MB 0x00200000U
+#define BASE_4MB 0x00400000U
+#define BASE_8MB 0x00800000U
+#define BASE_16MB 0x01000000U
+#define BASE_32MB 0x02000000U
+#define BASE_64MB 0x04000000U
+#define BASE_128MB 0x08000000U
+#define BASE_256MB 0x10000000U
+#define BASE_512MB 0x20000000U
+#define BASE_1GB 0x40000000U
+#define BASE_2GB 0x80000000U
#define BASE_4GB 0x0000000100000000ULL
#define BASE_8GB 0x0000000200000000ULL
#define BASE_16GB 0x0000000400000000ULL
@@ -974,7 +974,7 @@ typedef UINTN RETURN_STATUS;
@return The value specified by StatusCode with the highest bit set.
**/
-#define ENCODE_ERROR(StatusCode) ((RETURN_STATUS)(MAX_BIT | (StatusCode)))
+#define ENCODE_ERROR(StatusCode) ((RETURN_STATUS)(MAX_BIT | (StatusCode##ULL)))
/**
Produces a RETURN_STATUS code with the highest bit clear.
@@ -1221,7 +1221,7 @@ typedef UINTN RETURN_STATUS;
@return A 16-bit value built from the two ASCII characters specified by A and B.
**/
-#define SIGNATURE_16(A, B) ((A) | (B << 8))
+#define SIGNATURE_16(A, B) ((UINT16)(A) | (UINT16)((UINT16)(B) << 8U))
/**
Returns a 32-bit signature built from 4 ASCII characters.
@@ -1238,7 +1238,7 @@ typedef UINTN RETURN_STATUS;
C and D.
**/
-#define SIGNATURE_32(A, B, C, D) (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16))
+#define SIGNATURE_32(A, B, C, D) ((UINT32)SIGNATURE_16 (A, B) | (UINT32)((UINT32)SIGNATURE_16 (C, D) << 16U))
/**
Returns a 64-bit signature built from 8 ASCII characters.
@@ -1260,7 +1260,7 @@ typedef UINTN RETURN_STATUS;
**/
#define SIGNATURE_64(A, B, C, D, E, F, G, H) \
- (SIGNATURE_32 (A, B, C, D) | ((UINT64) (SIGNATURE_32 (E, F, G, H)) << 32))
+ ((UINT64)SIGNATURE_32 (A, B, C, D) | ((UINT64) ((UINT64)SIGNATURE_32 (E, F, G, H)) << 32U))
#if defined(_MSC_EXTENSIONS) && !defined (__INTEL_COMPILER) && !defined (MDE_CPU_EBC)
void * _ReturnAddress(void);
--
2.16.0.windows.2
next reply other threads:[~2018-02-27 16:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-27 16:47 Marvin Häuser [this message]
2018-02-27 19:54 ` [PATCH 1/2] MdePkg/Base.h: Ensure safe bitwise operations Laszlo Ersek
2018-02-27 20:31 ` Marvin Häuser
2018-02-28 11:00 ` Laszlo Ersek
2018-02-28 11:43 ` Marvin Häuser
2018-02-28 13:57 ` Laszlo Ersek
2018-02-28 14:01 ` Laszlo Ersek
2018-02-28 14:21 ` Marvin Häuser
2018-02-28 18:37 ` Kinney, Michael D
2018-02-28 18:52 ` Marvin Häuser
2018-03-01 1:41 ` Kinney, Michael D
2018-03-01 11:10 ` Marvin Häuser
2018-03-01 17:18 ` Kinney, Michael D
2018-03-01 17:28 ` Marvin Häuser
2018-02-28 18:45 ` Marvin Häuser
2018-02-28 21:07 ` Marvin Häuser
2018-03-01 10:39 ` Laszlo Ersek
2018-03-01 11:25 ` Marvin Häuser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM4PR06MB14910F94889E6F6D5D9B648C80C00@AM4PR06MB1491.eurprd06.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox