Can someone push this? Is there a blocker here? On Wed, Oct 26, 2022 at 4:54 PM Kinney, Michael D < michael.d.kinney@intel.com> wrote: > Acked-by: Michael D Kinney > > > > -----Original Message----- > > From: Yao, Jiewen > > Sent: Wednesday, October 26, 2022 6:35 AM > > To: Kinney, Michael D ; Pedro Falcato < > pedro.falcato@gmail.com>; devel@edk2.groups.io > > Cc: Vitaly Cheptsov ; Marvin Häuser < > mhaeuser@posteo.de>; Gao, Liming ; Liu, > > Zhiguang > > Subject: RE: [PATCH v2 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in > SafeString > > > > That is good catch. > > > > Reviewed-by: Jiewen Yao > > > > > > > -----Original Message----- > > > From: Kinney, Michael D > > > Sent: Wednesday, October 26, 2022 12:23 AM > > > To: Pedro Falcato ; devel@edk2.groups.io > > > Cc: Vitaly Cheptsov ; Marvin Häuser > > > ; Gao, Liming ; Liu, > > > Zhiguang ; Yao, Jiewen > > > Subject: RE: [PATCH v2 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in > > > SafeString > > > > > > Adding Jiewen Yao. > > > > > > Mike > > > > > > > -----Original Message----- > > > > From: Pedro Falcato > > > > Sent: Monday, October 24, 2022 3:43 PM > > > > To: devel@edk2.groups.io > > > > Cc: Pedro Falcato ; Vitaly Cheptsov > > > ; Marvin Häuser ; > > > > Kinney, Michael D ; Gao, Liming > > > ; Liu, Zhiguang > > > > Subject: [PATCH v2 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in > > > SafeString > > > > > > > > OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe, > > > > which was able to catch these (mostly harmless) issues. > > > > > > > > Signed-off-by: Pedro Falcato > > > > Cc: Vitaly Cheptsov > > > > Cc: Marvin Häuser > > > > Cc: Michael D Kinney > > > > Cc: Liming Gao > > > > Cc: Zhiguang Liu > > > > --- > > > > MdePkg/Library/BaseLib/SafeString.c | 24 ++++++++++++++++++++---- > > > > 1 file changed, 20 insertions(+), 4 deletions(-) > > > > > > > > diff --git a/MdePkg/Library/BaseLib/SafeString.c > > > b/MdePkg/Library/BaseLib/SafeString.c > > > > index f338a32a3a41..77a2585ad56d 100644 > > > > --- a/MdePkg/Library/BaseLib/SafeString.c > > > > +++ b/MdePkg/Library/BaseLib/SafeString.c > > > > @@ -863,6 +863,9 @@ StrHexToUintnS ( > > > > OUT UINTN *Data > > > > ) > > > > { > > > > + BOOLEAN FoundLeadingZero; > > > > + > > > > + FoundLeadingZero = FALSE; > > > > ASSERT (((UINTN)String & BIT0) == 0); > > > > > > > > // > > > > @@ -893,11 +896,12 @@ StrHexToUintnS ( > > > > // Ignore leading Zeros after the spaces > > > > // > > > > while (*String == L'0') { > > > > + FoundLeadingZero = TRUE; > > > > String++; > > > > } > > > > > > > > if (CharToUpper (*String) == L'X') { > > > > - if (*(String - 1) != L'0') { > > > > + if (!FoundLeadingZero) { > > > > *Data = 0; > > > > return RETURN_SUCCESS; > > > > } > > > > @@ -992,6 +996,9 @@ StrHexToUint64S ( > > > > OUT UINT64 *Data > > > > ) > > > > { > > > > + BOOLEAN FoundLeadingZero; > > > > + > > > > + FoundLeadingZero = FALSE; > > > > ASSERT (((UINTN)String & BIT0) == 0); > > > > > > > > // > > > > @@ -1022,11 +1029,12 @@ StrHexToUint64S ( > > > > // Ignore leading Zeros after the spaces > > > > // > > > > while (*String == L'0') { > > > > + FoundLeadingZero = TRUE; > > > > String++; > > > > } > > > > > > > > if (CharToUpper (*String) == L'X') { > > > > - if (*(String - 1) != L'0') { > > > > + if (!FoundLeadingZero) { > > > > *Data = 0; > > > > return RETURN_SUCCESS; > > > > } > > > > @@ -2393,6 +2401,9 @@ AsciiStrHexToUintnS ( > > > > OUT UINTN *Data > > > > ) > > > > { > > > > + BOOLEAN FoundLeadingZero; > > > > + > > > > + FoundLeadingZero = FALSE; > > > > // > > > > // 1. Neither String nor Data shall be a null pointer. > > > > // > > > > @@ -2421,11 +2432,12 @@ AsciiStrHexToUintnS ( > > > > // Ignore leading Zeros after the spaces > > > > // > > > > while (*String == '0') { > > > > + FoundLeadingZero = TRUE; > > > > String++; > > > > } > > > > > > > > if (AsciiCharToUpper (*String) == 'X') { > > > > - if (*(String - 1) != '0') { > > > > + if (!FoundLeadingZero) { > > > > *Data = 0; > > > > return RETURN_SUCCESS; > > > > } > > > > @@ -2517,6 +2529,9 @@ AsciiStrHexToUint64S ( > > > > OUT UINT64 *Data > > > > ) > > > > { > > > > + BOOLEAN FoundLeadingZero; > > > > + > > > > + FoundLeadingZero = FALSE; > > > > // > > > > // 1. Neither String nor Data shall be a null pointer. > > > > // > > > > @@ -2545,11 +2560,12 @@ AsciiStrHexToUint64S ( > > > > // Ignore leading Zeros after the spaces > > > > // > > > > while (*String == '0') { > > > > + FoundLeadingZero = TRUE; > > > > String++; > > > > } > > > > > > > > if (AsciiCharToUpper (*String) == 'X') { > > > > - if (*(String - 1) != '0') { > > > > + if (!FoundLeadingZero) { > > > > *Data = 0; > > > > return RETURN_SUCCESS; > > > > } > > > > -- > > > > 2.38.1 > > -- Pedro Falcato