From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.135]) by mx.groups.io with SMTP id smtpd.web12.1900.1589995122293543649 for ; Wed, 20 May 2020 10:18:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=XPefKaaT; spf=pass (domain: microsoft.com, ip: 40.107.244.135, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eq7G3+U+PzPwm4syrPIMnYZjF2bQ+E4f72zud0uQ3tYgTNs56wwLpIUVxP/Qfk3cHAWYuXxQSDdm58bUsY3WwtTvIaZD7H97MECPFxwj0OzSQDQxxhIoLtnwxHi7VDggH/evTZCw5klHKzZYQ5J+1+7CeVo7LJljmL3K62j0SiSKyl4UZtI3ZUWEhW8Y6AALnIITT3Zfidz9fBN16xV/FPGhPKB2DwjAi617/QvAktzOaU15oyzBSdIrgmCb8Oo4vCJIO4m+dvTgIpZa7mf6v2JbuNoINrzuH+ahVE36Jt+Ti8M3Ca1PSEjIKAjoZKPvrsBm2e79AdTdZn25hpS5MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PyPlpxbnaGL/QwHoMaHnSKMESCKPNSUG49A5TlLUA6o=; b=izEO0EBrwCcCltPnJlFp43QGumFADyTVBCIg4v9LC6UWFof/DVdqBvsu3MceOxXDrBH/fzoNOWFE/ZyGducSFikhCpKSIoEzKMzgl9OL49CmOqQqCdZfZRYb5xFXl5QBQRiDiqYj8uG+qnRyIsvOze5X57TgQqLdfFOxi9UChf+M/pWpf9NOG3FL7ybU6JoNCHVr7jtuRG8NfjKG76Kgx+azF3WomQIdXLgvWyxcXLLde2/0p5JPTJThyd3zLCq56FDYceU09JENuy9Nt9F+YF6tY29a4VvIIA9lPGOSxawZ0b7F07KF9H2arFwrEzzYqH+TElZWa5WszlGO9CmWbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PyPlpxbnaGL/QwHoMaHnSKMESCKPNSUG49A5TlLUA6o=; b=XPefKaaTNVVer11XrSimQM8B0NzifboxLqi8bqjHiIu+HUrybReLYBCeDDWaFLsX1sU0cn0poCr9SVvmwGknQzmYlfyCcgkW1w5sHkXwcI33NFQmzux7eFB+uCtoCORbkgithJ/m/lM4sz9UP7xYxCJnl+NtKO6ad9W+dO9HbZM= Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9) by CY4PR21MB1586.namprd21.prod.outlook.com (2603:10b6:910:90::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.12; Wed, 20 May 2020 17:18:39 +0000 Received: from CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::f112:82fb:d4fd:f7dd]) by CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::f112:82fb:d4fd:f7dd%12]) with mapi id 15.20.3045.005; Wed, 20 May 2020 17:18:39 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "vit9696@protonmail.com" , "Kinney, Michael D" , Laszlo Ersek CC: "devel@edk2.groups.io" , Andrew Fish , Ard Biesheuvel , "Brian J . Johnson" , Chasel Chiu , Jordan Justen , Leif Lindholm , liming.gao , Marvin H?user , "Zimmer, Vincent" , Zhichao Gao , "Yao, Jiewen" Subject: Re: [EXTERNAL] Re: [edk2-devel] [Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks Thread-Topic: [EXTERNAL] Re: [edk2-devel] [Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks Thread-Index: AQHWLmtqGYO5pZNQN0CTuD8UmjUOE6ixOHp4 Date: Wed, 20 May 2020 17:18:38 +0000 Message-ID: References: <20200520030120.21576-1-michael.d.kinney@intel.com> <20200520030120.21576-2-michael.d.kinney@intel.com>,<55BDE41D-A3E0-4560-AB37-4FF8C573C668@protonmail.com> In-Reply-To: <55BDE41D-A3E0-4560-AB37-4FF8C573C668@protonmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-20T17:18:20.0737459Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [71.212.144.72] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 48370277-27be-4a99-0352-08d7fce1d664 x-ms-traffictypediagnostic: CY4PR21MB1586: x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; x-forefront-prvs: 04097B7F7F x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Ij99wOYzZ5ERB8FgFhy6t7DfXGjs+IucTLj4eRU7HtAaNC4igBeU49ZEVLw6OWhRau/ye8SQRfSMbx32A/QWYnHGgFt+QsZQ6DhOPfPEtHBiV9y+xilRomIsVR1LwEDJIvlXspje4kG0iDg+ESYDn6Mv7vnyB623VfJaPunsF7LxjJMJJUOm5GHMKF5ORYEt05s2LetP2pWXoTcv1pHNFkoc63tuCbfy+WfRuEm2wvy6QjRH2rf7vDasgTTIv/n3R7Mu2QkkxIFyy3qCkCw7tt6oYypnhhcMXfxkFUpNNXLEbEcGvOVpLNdIXD/s+FFgjTSBNYR3rzyXf7mn2NP30S12nuerCnHeAyupvKsbpHgeuds9ia9eAFLgwQG343wak4SnPLkhKJZ4cg7ZPZ3V3w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR21MB0743.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(39860400002)(396003)(346002)(136003)(376002)(6506007)(53546011)(26005)(66476007)(7416002)(66556008)(10290500003)(478600001)(110136005)(54906003)(64756008)(2906002)(316002)(8676002)(186003)(66446008)(9686003)(966005)(55016002)(66946007)(52536014)(8936002)(33656002)(30864003)(19627235002)(86362001)(76116006)(4326008)(8990500004)(7696005)(82950400001)(71200400001)(5660300002)(82960400001)(579004)(559001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 4cOpdOmirPCQ6bRdx1MSg/0Prj7jSJZ19HvhbaGFNN/0hiN8ZF4h2BThCHsCuZ7tqf0hRnGYc3EZIgi9kuokHhRKraJEvVlipNWMuryi7x/IhzxgQvs2jLNGU6CYPyUATLwHR7HQrgAi5RKEiLj5LYmE1hoxpudGklD0r3Ket3O6ImxBrcmtBzjEQaqjmSP9FCxpqdbBziqoDw+08mJJ5Y15jODme11BaX1bOLmbZbJ+Hqq9bIRqDs1968gZinh/5eguobU/o13RC7R4bS/TEfptKt7Sgv5k1uWlQKaYpbPkSaF/AK942in5YZFpSdeWDZuIXVPRl7xEXQkaODlXpvUaXoIpmsMIbxc6S/GfAoCTIMdhjfs1L4XExzFnaYgdTS/2VDXxa0RHBTBx7jIB3BZuQCC3OonTSZhrQFyI3rHvoq5ttrP+6Gr0rybLjxHZYRQQ1fUiW84P0U+vIZekO9jTAgfKoXK88+lHvVhPTMA= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 48370277-27be-4a99-0352-08d7fce1d664 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2020 17:18:38.9744 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: c/nwGXNORfD4eH5JmyjntyrecsXzZJ4o58nBnZOsBQG4yH/c+cJLK61QkaLxTHLaT4hZh+pt77MoxeG2nEeB+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB1586 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CY4PR21MB07433D625F490ED1D57AAE0FEFB60CY4PR21MB0743namp_" --_000_CY4PR21MB07433D625F490ED1D57AAE0FEFB60CY4PR21MB0743namp_ Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Reviewed-by: Bret Barkelew - Bret From: Vitaly Cheptsov via groups.io Sent: Tuesday, May 19, 2020 10:56 PM To: Kinney, Michael D; Laszlo Ersek Cc: devel@edk2.groups.io; Andrew Fish; Ard Biesheuvel; Bret Ba= rkelew; Brian J . Johnson; Chasel Chiu; Jordan Justen<= mailto:jordan.l.justen@intel.com>; Leif Lindholm;= liming.gao; Marvin H?user; Zimmer, Vincent; Zhichao Gao; Yao, Jiewen Subject: [EXTERNAL] Re: [edk2-devel] [Patch v8 1/2] MdePkg: Fix SafeString= performing assertions on runtime checks Mike, Looks perfect to me. For everyone: the only change from V7 is an addition = of DEBUG_VERBOSE message, which can indeed be useful. Best wishes, Vitaly > 20 =CD=C1=D1 2020 =C7., =D7 06:01, Michael D Kinney =CE=C1=D0=C9=D3=C1=CC(=C1): > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 > > Runtime checks returned via status return code should not work as > assertions to permit parsing not trusted data with SafeString > interfaces. Replace ASSERT() with a DEBUG_VERBOSE message. > > Cc: Andrew Fish > Cc: Ard Biesheuvel > Cc: Bret Barkelew > Cc: Brian J. Johnson > Cc: Chasel Chiu > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Leif Lindholm > Cc: Liming Gao > Cc: Marvin H?user > Cc: Michael D Kinney > Cc: Vincent Zimmer > Cc: Zhichao Gao > Cc: Jiewen Yao > Signed-off-by: Vitaly Cheptsov > --- > MdePkg/Include/Library/BaseLib.h | 111 --------------------------- > MdePkg/Library/BaseLib/SafeString.c | 115 +--------------------------- > 2 files changed, 3 insertions(+), 223 deletions(-) > > diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/B= aseLib.h > index b0bbe8cef8..8e7b87cbda 100644 > --- a/MdePkg/Include/Library/BaseLib.h > +++ b/MdePkg/Include/Library/BaseLib.h > @@ -216,7 +216,6 @@ StrnSizeS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -252,7 +251,6 @@ StrCpyS ( > > If Length > 0 and Destination is not aligned on a 16-bit boundary, the= n ASSERT(). > If Length > 0 and Source is not aligned on a 16-bit boundary, then ASS= ERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -290,7 +288,6 @@ StrnCpyS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -330,7 +327,6 @@ StrCatS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -377,12 +373,7 @@ StrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -433,12 +424,7 @@ StrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -494,12 +480,7 @@ StrDecimalToUint64S ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -555,12 +536,7 @@ StrHexToUintnS ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -649,8 +625,6 @@ AsciiStrnSizeS ( > > This function is similar as strcpy_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -683,8 +657,6 @@ AsciiStrCpyS ( > > This function is similar as strncpy_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -719,8 +691,6 @@ AsciiStrnCpyS ( > > This function is similar as strcat_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -757,8 +727,6 @@ AsciiStrCatS ( > > This function is similar as strncat_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -804,12 +772,6 @@ AsciiStrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -859,12 +821,6 @@ AsciiStrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -918,12 +874,6 @@ AsciiStrDecimalToUint64S ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -977,12 +927,6 @@ AsciiStrHexToUintnS ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -1533,16 +1477,8 @@ StrHexToUint64 ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1594,16 +1530,8 @@ StrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1667,8 +1595,6 @@ StrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] > > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > > @param String Pointer to a Null-terminated Unicode = string. > @@ -1703,17 +1629,6 @@ StrToGuid ( > > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumUnicodeStringLength is not zero and Length is greater th= an > - PcdMaximumUnicodeStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated Unicode = string. > @param Length The number of Unicode characters to d= ecode. > @param Buffer Pointer to the converted bytes array. > @@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr ( > the upper 8 bits, then ASSERT(). > > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStrS ( > If any Unicode characters in Source contain non-zero value in the uppe= r 8 > bits, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -2415,10 +2328,6 @@ AsciiStrHexToUint64 ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -2470,10 +2379,6 @@ AsciiStrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -2535,9 +2440,6 @@ AsciiStrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] > > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Guid Pointer to the converted GUID. > > @@ -2568,17 +2470,6 @@ AsciiStrToGuid ( > decoding stops after Length of characters and outputs Buffer containin= g > (Length / 2) bytes. > > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumAsciiStringLength is not zero and Length is greater than > - PcdMaximumAsciiStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Length The number of ASCII characters to dec= ode. > @param Buffer Pointer to the converted bytes array. > @@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr ( > equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) i= n bytes. > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStrS ( > ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes. > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then Destination and DestinationLength are > unmodified. > diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLi= b/SafeString.c > index 7dc03d2caa..3bb23ca1a1 100644 > --- a/MdePkg/Library/BaseLib/SafeString.c > +++ b/MdePkg/Library/BaseLib/SafeString.c > @@ -14,8 +14,10 @@ > > #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \ > do { \ > - ASSERT (Expression); \ > if (!(Expression)) { \ > + DEBUG ((DEBUG_VERBOSE, \ > + "%a(%d) %a: SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r= \n", \ > + __FILE__, __LINE__, __FUNCTION__, #Expression, Status)); \ > return Status; \ > } \ > } while (FALSE) > @@ -197,7 +199,6 @@ StrnSizeS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -279,7 +280,6 @@ StrCpyS ( > > If Length > 0 and Destination is not aligned on a 16-bit boundary, the= n ASSERT(). > If Length > 0 and Source is not aligned on a 16-bit boundary, then ASS= ERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -372,7 +372,6 @@ StrnCpyS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -473,7 +472,6 @@ StrCatS ( > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -590,12 +588,7 @@ StrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -705,12 +698,7 @@ StrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -825,12 +813,7 @@ StrDecimalToUint64S ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -956,12 +939,7 @@ StrHexToUintnS ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -1091,16 +1069,8 @@ StrHexToUint64S ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1317,16 +1287,8 @@ StrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If PcdMaximumUnicodeStringLength is not zero, and String contains mor= e than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1482,8 +1444,6 @@ StrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] > > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > > @param String Pointer to a Null-terminated Unicode = string. > @@ -1589,17 +1549,6 @@ StrToGuid ( > > If String is not aligned in a 16-bit boundary, then ASSERT(). > > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumUnicodeStringLength is not zero and Length is greater th= an > - PcdMaximumUnicodeStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated Unicode = string. > @param Length The number of Unicode characters to d= ecode. > @param Buffer Pointer to the converted bytes array. > @@ -1779,8 +1728,6 @@ AsciiStrnSizeS ( > > This function is similar as strcpy_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -1856,8 +1803,6 @@ AsciiStrCpyS ( > > This function is similar as strncpy_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -1944,8 +1889,6 @@ AsciiStrnCpyS ( > > This function is similar as strcat_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -2040,8 +1983,6 @@ AsciiStrCatS ( > > This function is similar as strncat_s defined in C11. > > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. > > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -2154,12 +2095,6 @@ AsciiStrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -2266,12 +2201,6 @@ AsciiStrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -2382,12 +2311,6 @@ AsciiStrDecimalToUint64S ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -2509,12 +2432,6 @@ AsciiStrHexToUintnS ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. > > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more = than > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -2635,7 +2552,6 @@ AsciiStrHexToUint64S ( > the upper 8 bits, then ASSERT(). > > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -2735,7 +2651,6 @@ UnicodeStrToAsciiStrS ( > If any Unicode characters in Source contain non-zero value in the uppe= r 8 > bits, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then Destination and DestinationLength are > unmodified. > @@ -2855,7 +2770,6 @@ UnicodeStrnToAsciiStrS ( > equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) i= n bytes. > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then the Destination is unmodified. > > @@ -2948,7 +2862,6 @@ AsciiStrToUnicodeStrS ( > ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes. > > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). > > If an error is returned, then Destination and DestinationLength are > unmodified. > @@ -3072,10 +2985,6 @@ AsciiStrnToUnicodeStrS ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -3291,10 +3200,6 @@ AsciiStrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. > > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -3448,9 +3353,6 @@ AsciiStrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] > > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Guid Pointer to the converted GUID. > > @@ -3550,17 +3452,6 @@ AsciiStrToGuid ( > decoding stops after Length of characters and outputs Buffer containin= g > (Length / 2) bytes. > > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumAsciiStringLength is not zero and Length is greater than > - PcdMaximumAsciiStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Length The number of ASCII characters to dec= ode. > @param Buffer Pointer to the converted bytes array. > -- > 2.21.0.windows.1 > --_000_CY4PR21MB07433D625F490ED1D57AAE0FEFB60CY4PR21MB0743namp_ Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable

Reviewed-by: Bret Barkelew <bret.barkelew@micros= oft.com>

 

- Bret

 

From: Vitaly Cheptsov via group= s.io
Sent: Tuesday, May 19, 2020 10:56 PM
To: Kinney, Michael D= ; Laszlo Ersek
Cc: devel@edk2.groups.io; Andrew Fish; Ard Biesheuv= el; Bret Barkelew; Brian J . John= son; Chasel Chiu; Jordan Juste= n; Leif Lindholm; liming.gao;= Marvin H?user; Zimmer, Vin= cent; Zhichao Gao; Yao, Jiewen
Subject: [EXTERNAL] Re: [edk2-devel] [Patch v8 1/2] MdePkg: Fix Saf= eString performing assertions on runtime checks

 

Mike,

 

Looks perfect to me. For everyone: the only change = from V7 is an addition of DEBUG_VERBOSE message, which can indeed be useful= .

 

Best wishes,

Vitaly

 

> 20 =CD=C1=D1 2020 =C7., =D7 06:01, Michael D K= inney <michael.d.kinney@intel.com> =CE=C1=D0=C9=D3=C1=CC(=C1):

>

>

> REF: https://bugzilla.tianocore.org/show_bug.c= gi?id=3D2054

>

> Runtime checks returned via status return code= should not work as

> assertions to permit parsing not trusted data = with SafeString

> interfaces.  Replace ASSERT() with a DEBU= G_VERBOSE message.

>

> Cc: Andrew Fish <afish@apple.com>

> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.o= rg>

> Cc: Bret Barkelew <bret.barkelew@microsoft.= com>

> Cc: Brian J. Johnson <brian.johnson@hpe.com= >

> Cc: Chasel Chiu <chasel.chiu@intel.com><= /p>

> Cc: Jordan Justen <jordan.l.justen@intel.co= m>

> Cc: Laszlo Ersek <lersek@redhat.com>

> Cc: Leif Lindholm <leif@nuviainc.com>

> Cc: Liming Gao <liming.gao@intel.com>

> Cc: Marvin H?user <mhaeuser@outlook.de><= /p>

> Cc: Michael D Kinney <michael.d.kinney@inte= l.com>

> Cc: Vincent Zimmer <vincent.zimmer@intel.co= m>

> Cc: Zhichao Gao <zhichao.gao@intel.com><= /p>

> Cc: Jiewen Yao <jiewen.yao@intel.com>

> Signed-off-by: Vitaly Cheptsov <vit9696@pro= tonmail.com>

> ---

> MdePkg/Include/Library/BaseLib.h  &n= bsp; | 111 ---------------------------

> MdePkg/Library/BaseLib/SafeString.c | 115 += ;---------------------------

> 2 files changed, 3 insertions(+), 223 dele= tions(-)

>

> diff --git a/MdePkg/Include/Library/BaseLib.h = b/MdePkg/Include/Library/BaseLib.h

> index b0bbe8cef8..8e7b87cbda 100644

> --- a/MdePkg/Include/Library/BaseLib.h

> +++ b/MdePkg/Include/Library/BaseL= ib.h

> @@ -216,7 +216,6 @@ StrnSizeS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -252,7 +251,6 @@ StrCpyS (

>

>   If Length > 0 and Destination i= s not aligned on a 16-bit boundary, then ASSERT().

>   If Length > 0 and Source is not= aligned on a 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -290,7 +288,6 @@ StrnCpyS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -330,7 +327,6 @@ StrCatS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -377,12 +373,7 @@ StrnCatS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

> @@ -433,12 +424,7 @@ StrDecimalToUintnS (<= /p>

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

> @@ -494,12 +480,7 @@ StrDecimalToUint64S (=

>   the first character that is a not = a valid hexadecimal character or NULL,

>   whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

> @@ -555,12 +536,7 @@ StrHexToUintnS (

>   the first character that is a not = a valid hexadecimal character or NULL,

>   whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

> @@ -649,8 +625,6 @@ AsciiStrnSizeS (

>

>   This function is similar as strcpy= _s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -683,8 +657,6 @@ AsciiStrCpyS (

>

>   This function is similar as strncp= y_s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -719,8 +691,6 @@ AsciiStrnCpyS (

>

>   This function is similar as strcat= _s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -757,8 +727,6 @@ AsciiStrCatS (

>

>   This function is similar as strnca= t_s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -804,12 +772,6 @@ AsciiStrnCatS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

>   If the number represented by Strin= g exceeds the range defined by UINTN, then

> @@ -859,12 +821,6 @@ AsciiStrDecimalToUint= nS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

>   If the number represented by Strin= g exceeds the range defined by UINT64, then

> @@ -918,12 +874,6 @@ AsciiStrDecimalToUint= 64S (

>   character that is a not a valid he= xadecimal character or Null-terminator,

>   whichever on comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

>   If the number represented by Strin= g exceeds the range defined by UINTN, then

> @@ -977,12 +927,6 @@ AsciiStrHexToUintnS (=

>   character that is a not a valid he= xadecimal character or Null-terminator,

>   whichever on comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

>   If the number represented by Strin= g exceeds the range defined by UINT64, then

> @@ -1533,16 +1477,8 @@ StrHexToUint64 (

>   "::" can be used to comp= ress one or more groups of X when X contains only 0.

>   The "::" can only appear= once in the String.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -1594,16 +1530,8 @@ StrToIpv6Address (<= /p>

>   When /P is in the String, the func= tion stops at the first character that is not

>   a valid decimal digit character af= ter P is converted.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -1667,8 +1595,6 @@ StrToIpv4Address (

>        = ;           oo  = ;        Data4[48:55]

>        = ;           pp  = ;        Data4[56:63]

>

> -  If String is NULL, then ASSERT().

> -  If Guid is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated Unicode string.

> @@ -1703,17 +1629,6 @@ StrToGuid (

>

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If String is NULL, then ASSERT().

> -

> -  If Buffer is NULL, then ASSERT().

> -

> -  If Length is not multiple of 2, then A= SSERT().

> -

> -  If PcdMaximumUnicodeStringLength is no= t zero and Length is greater than

> -  PcdMaximumUnicodeStringLength, then AS= SERT().

> -

> -  If MaxBufferSize is less than (Length = / 2), then ASSERT().

> -

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated Unicode string.

>   @param  Length  &nb= sp;            =     The number of Unicode characters to decode.

>   @param  Buffer  &nb= sp;            =     Pointer to the converted bytes array.

> @@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr= (

>   the upper 8 bits, then ASSERT().

>

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStr= S (

>   If any Unicode characters in Sourc= e contain non-zero value in the upper 8

>   bits, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -2415,10 +2328,6 @@ AsciiStrHexToUint64= (

>   "::" can be used to comp= ress one or more groups of X when X contains only 0.

>   The "::" can only appear= once in the String.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -2470,10 +2379,6 @@ AsciiStrToIpv6Addre= ss (

>   When /P is in the String, the func= tion stops at the first character that is not

>   a valid decimal digit character af= ter P is converted.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -2535,9 +2440,6 @@ AsciiStrToIpv4Addres= s (

>        = ;           oo  = ;        Data4[48:55]

>        = ;           pp  = ;        Data4[56:63]

>

> -  If String is NULL, then ASSERT().

> -  If Guid is NULL, then ASSERT().

> -

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated ASCII string.

>   @param  Guid   = ;            &n= bsp;     Pointer to the converted GUID.

>

> @@ -2568,17 +2470,6 @@ AsciiStrToGuid (

>   decoding stops after Length of cha= racters and outputs Buffer containing

>   (Length / 2) bytes.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Buffer is NULL, then ASSERT().

> -

> -  If Length is not multiple of 2, then A= SSERT().

> -

> -  If PcdMaximumAsciiStringLength is not = zero and Length is greater than

> -  PcdMaximumAsciiStringLength, then ASSE= RT().

> -

> -  If MaxBufferSize is less than (Length = / 2), then ASSERT().

> -

>   @param  String  &nb= sp;             = ;   Pointer to a Null-terminated ASCII string.

>   @param  Length  &nb= sp;            =     The number of ASCII characters to decode.

>   @param  Buffer  &nb= sp;            =     Pointer to the converted bytes array.

> @@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr= (

>   equal or greater than ((AsciiStrLe= n (Source) + 1) * sizeof (CHAR16)) in bytes.

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStr= S (

>   ((MIN(AsciiStrLen(Source), Length)= + 1) * sizeof (CHAR8)) in bytes.

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then Dest= ination and DestinationLength are

>   unmodified.

> diff --git a/MdePkg/Library/BaseLib/SafeString= .c b/MdePkg/Library/BaseLib/SafeString.c

> index 7dc03d2caa..3bb23ca1a1 100644

> --- a/MdePkg/Library/BaseLib/SafeString.c

> +++ b/MdePkg/Library/BaseLib/SafeS= tring.c

> @@ -14,8 +14,10 @@

>

> #define SAFE_STRING_CONSTRAINT_CHECK(Expressio= n, Status)  \

>   do { \

> -    ASSERT (Expression); \

>     if (!(Expression)) { \=

> +      DEBUG ((DE= BUG_VERBOSE, \

> +       = ; "%a(%d) %a: SAFE_STRING_CONSTRAINT_CHECK(%a) failed.  Return %r= \n", \

> +       = ; __FILE__, __LINE__, __FUNCTION__, #Expression, Status)); \

>       return Sta= tus; \

>     } \

>   } while (FALSE)

> @@ -197,7 +199,6 @@ StrnSizeS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -279,7 +280,6 @@ StrCpyS (

>

>   If Length > 0 and Destination i= s not aligned on a 16-bit boundary, then ASSERT().

>   If Length > 0 and Source is not= aligned on a 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -372,7 +372,6 @@ StrnCpyS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -473,7 +472,6 @@ StrCatS (

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -590,12 +588,7 @@ StrnCatS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

> @@ -705,12 +698,7 @@ StrDecimalToUintnS (<= /p>

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

> @@ -825,12 +813,7 @@ StrDecimalToUint64S (=

>   the first character that is a not = a valid hexadecimal character or NULL,

>   whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

> @@ -956,12 +939,7 @@ StrHexToUintnS (

>   the first character that is a not = a valid hexadecimal character or NULL,

>   whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

>

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

> @@ -1091,16 +1069,8 @@ StrHexToUint64S (

>   "::" can be used to comp= ress one or more groups of X when X contains only 0.

>   The "::" can only appear= once in the String.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -1317,16 +1287,8 @@ StrToIpv6Address (<= /p>

>   When /P is in the String, the func= tion stops at the first character that is not

>   a valid decimal digit character af= ter P is converted.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If PcdMaximumUnicodeStringLength is no= t zero, and String contains more than

> -  PcdMaximumUnicodeStringLength Unicode = characters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -1482,8 +1444,6 @@ StrToIpv4Address (

>        = ;           oo  = ;        Data4[48:55]

>        = ;           pp  = ;        Data4[56:63]

>

> -  If String is NULL, then ASSERT().

> -  If Guid is NULL, then ASSERT().

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated Unicode string.

> @@ -1589,17 +1549,6 @@ StrToGuid (

>

>   If String is not aligned in a 16-b= it boundary, then ASSERT().

>

> -  If String is NULL, then ASSERT().

> -

> -  If Buffer is NULL, then ASSERT().

> -

> -  If Length is not multiple of 2, then A= SSERT().

> -

> -  If PcdMaximumUnicodeStringLength is no= t zero and Length is greater than

> -  PcdMaximumUnicodeStringLength, then AS= SERT().

> -

> -  If MaxBufferSize is less than (Length = / 2), then ASSERT().

> -

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated Unicode string.

>   @param  Length  &nb= sp;            =     The number of Unicode characters to decode.

>   @param  Buffer  &nb= sp;            =     Pointer to the converted bytes array.

> @@ -1779,8 +1728,6 @@ AsciiStrnSizeS (

>

>   This function is similar as strcpy= _s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -1856,8 +1803,6 @@ AsciiStrCpyS (

>

>   This function is similar as strncp= y_s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -1944,8 +1889,6 @@ AsciiStrnCpyS (

>

>   This function is similar as strcat= _s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -2040,8 +1983,6 @@ AsciiStrCatS (

>

>   This function is similar as strnca= t_s defined in C11.

>

> -  If an error would be returned, then th= e function will also ASSERT().

> -

>   If an error is returned, then the = Destination is unmodified.

>

>   @param  Destination &nbs= p;            A poin= ter to a Null-terminated Ascii string.

> @@ -2154,12 +2095,6 @@ AsciiStrnCatS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

>   If the number represented by Strin= g exceeds the range defined by UINTN, then

> @@ -2266,12 +2201,6 @@ AsciiStrDecimalToUi= ntnS (

>   be ignored. Then, the function sto= ps at the first character that is a not a

>   valid decimal character or a Null-= terminator, whichever one comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid decimal dig= its in the above format, then 0 is stored

>   at the location pointed to by Data= .

>   If the number represented by Strin= g exceeds the range defined by UINT64, then

> @@ -2382,12 +2311,6 @@ AsciiStrDecimalToUi= nt64S (

>   character that is a not a valid he= xadecimal character or Null-terminator,

>   whichever on comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

>   If the number represented by Strin= g exceeds the range defined by UINTN, then

> @@ -2509,12 +2432,6 @@ AsciiStrHexToUintnS= (

>   character that is a not a valid he= xadecimal character or Null-terminator,

>   whichever on comes first.

>

> -  If String is NULL, then ASSERT().

> -  If Data is NULL, then ASSERT().

> -  If PcdMaximumAsciiStringLength is not = zero, and String contains more than

> -  PcdMaximumAsciiStringLength Ascii char= acters, not including the

> -  Null-terminator, then ASSERT().

> -

>   If String has no valid hexadecimal= digits in the above format, then 0 is

>   stored at the location pointed to = by Data.

>   If the number represented by Strin= g exceeds the range defined by UINT64, then

> @@ -2635,7 +2552,6 @@ AsciiStrHexToUint64S= (

>   the upper 8 bits, then ASSERT().

>

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -2735,7 +2651,6 @@ UnicodeStrToAsciiStr= S (

>   If any Unicode characters in Sourc= e contain non-zero value in the upper 8

>   bits, then ASSERT().

>   If Source is not aligned on a 16-b= it boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then Dest= ination and DestinationLength are

>   unmodified.

> @@ -2855,7 +2770,6 @@ UnicodeStrnToAsciiSt= rS (

>   equal or greater than ((AsciiStrLe= n (Source) + 1) * sizeof (CHAR16)) in bytes.

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then the = Destination is unmodified.

>

> @@ -2948,7 +2862,6 @@ AsciiStrToUnicodeStr= S (

>   ((MIN(AsciiStrLen(Source), Length)= + 1) * sizeof (CHAR8)) in bytes.

>

>   If Destination is not aligned on a= 16-bit boundary, then ASSERT().

> -  If an error would be returned, then th= e function will also ASSERT().

>

>   If an error is returned, then Dest= ination and DestinationLength are

>   unmodified.

> @@ -3072,10 +2985,6 @@ AsciiStrnToUnicodeS= trS (

>   "::" can be used to comp= ress one or more groups of X when X contains only 0.

>   The "::" can only appear= once in the String.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -3291,10 +3200,6 @@ AsciiStrToIpv6Addre= ss (

>   When /P is in the String, the func= tion stops at the first character that is not

>   a valid decimal digit character af= ter P is converted.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Address is NULL, then ASSERT().

> -

>   If EndPointer is not NULL and Addr= ess is translated from String, a pointer

>   to the character that stopped the = scan is stored at the location pointed to

>   by EndPointer.

> @@ -3448,9 +3353,6 @@ AsciiStrToIpv4Addres= s (

>        = ;           oo  = ;        Data4[48:55]

>        = ;           pp  = ;        Data4[56:63]

>

> -  If String is NULL, then ASSERT().

> -  If Guid is NULL, then ASSERT().

> -

>   @param  String  &nb= sp;            =     Pointer to a Null-terminated ASCII string.

>   @param  Guid   = ;            &n= bsp;     Pointer to the converted GUID.

>

> @@ -3550,17 +3452,6 @@ AsciiStrToGuid (

>   decoding stops after Length of cha= racters and outputs Buffer containing

>   (Length / 2) bytes.

>

> -  If String is NULL, then ASSERT().

> -

> -  If Buffer is NULL, then ASSERT().

> -

> -  If Length is not multiple of 2, then A= SSERT().

> -

> -  If PcdMaximumAsciiStringLength is not = zero and Length is greater than

> -  PcdMaximumAsciiStringLength, then ASSE= RT().

> -

> -  If MaxBufferSize is less than (Length = / 2), then ASSERT().

> -

>   @param  String  &nb= sp;             = ;   Pointer to a Null-terminated ASCII string.

>   @param  Length  &nb= sp;            =     The number of ASCII characters to decode.

>   @param  Buffer  &nb= sp;            =     Pointer to the converted bytes array.

> --

> 2.21.0.windows.1

>

 

 

 

 

--_000_CY4PR21MB07433D625F490ED1D57AAE0FEFB60CY4PR21MB0743namp_--