* [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation
@ 2017-12-25 2:08 Jian J Wang
2017-12-27 2:14 ` Wang, Jian J
0 siblings, 1 reply; 6+ messages in thread
From: Jian J Wang @ 2017-12-25 2:08 UTC (permalink / raw)
To: edk2-devel; +Cc: Michael D Kinney, Liming Gao, Jiewen Yao, Star Zeng
Due to the a potential hole in the stop condition of for-loop, the two
continuous access to ArgumentString (index, index+1) inside the loop
might cause the string ending character ('\0') to be read.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
index 28d946472f..297d5a05b5 100644
--- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c
+++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c
@@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker (
// Compute the number of characters in ArgumentString and store it in Count
// ArgumentString is either null-terminated, or it contains Precision characters
//
- for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); Count++) {
+ for (Count = 0;
+ ArgumentString[Count * BytesPerArgumentCharacter] != '\0' &&
+ (Count < Precision || ((Flags & PRECISION) == 0));
+ Count++) {
ArgumentCharacter = ((ArgumentString[Count * BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask;
if (ArgumentCharacter == 0) {
break;
--
2.15.1.windows.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation 2017-12-25 2:08 [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation Jian J Wang @ 2017-12-27 2:14 ` Wang, Jian J 2017-12-27 16:37 ` Kinney, Michael D 0 siblings, 1 reply; 6+ messages in thread From: Wang, Jian J @ 2017-12-27 2:14 UTC (permalink / raw) To: Wang, Jian J, edk2-devel@lists.01.org Cc: Kinney, Michael D, Yao, Jiewen, Zeng, Star, Gao, Liming Mike and Liming, Could you take a look at this patch? Regards, Jian > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian J > Wang > Sent: Monday, December 25, 2017 10:09 AM > To: edk2-devel@lists.01.org > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen > <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; Gao, Liming > <liming.gao@intel.com> > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position > calculation > > Due to the a potential hole in the stop condition of for-loop, the two > continuous access to ArgumentString (index, index+1) inside the loop > might cause the string ending character ('\0') to be read. > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Star Zeng <star.zeng@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > --- > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > index 28d946472f..297d5a05b5 100644 > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > // Compute the number of characters in ArgumentString and store it in > Count > // ArgumentString is either null-terminated, or it contains Precision > characters > // > - for (Count = 0; Count < Precision || ((Flags & PRECISION) == 0); Count++) { > + for (Count = 0; > + ArgumentString[Count * BytesPerArgumentCharacter] != '\0' && > + (Count < Precision || ((Flags & PRECISION) == 0)); > + Count++) { > ArgumentCharacter = ((ArgumentString[Count * > BytesPerArgumentCharacter] & 0xff) | ((ArgumentString[Count * > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > if (ArgumentCharacter == 0) { > break; > -- > 2.15.1.windows.2 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation 2017-12-27 2:14 ` Wang, Jian J @ 2017-12-27 16:37 ` Kinney, Michael D 2017-12-28 0:29 ` Wang, Jian J 0 siblings, 1 reply; 6+ messages in thread From: Kinney, Michael D @ 2017-12-27 16:37 UTC (permalink / raw) To: Wang, Jian J, edk2-devel@lists.01.org, Kinney, Michael D Cc: Yao, Jiewen, Zeng, Star, Gao, Liming Is the commit log correct? Is the issue that the character past the '\0' could be read? Mike > -----Original Message----- > From: Wang, Jian J > Sent: Tuesday, December 26, 2017 6:14 PM > To: Wang, Jian J <jian.j.wang@intel.com>; edk2- > devel@lists.01.org > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, > Jiewen <jiewen.yao@intel.com>; Zeng, Star > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > incorrect Precision position calculation > > Mike and Liming, > > Could you take a look at this patch? > > Regards, > Jian > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel- > bounces@lists.01.org] On Behalf Of Jian J > > Wang > > Sent: Monday, December 25, 2017 10:09 AM > > To: edk2-devel@lists.01.org > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; > Yao, Jiewen > > <jiewen.yao@intel.com>; Zeng, Star > <star.zeng@intel.com>; Gao, Liming > > <liming.gao@intel.com> > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > incorrect Precision position > > calculation > > > > Due to the a potential hole in the stop condition of > for-loop, the two > > continuous access to ArgumentString (index, index+1) > inside the loop > > might cause the string ending character ('\0') to be > read. > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Liming Gao <liming.gao@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Star Zeng <star.zeng@intel.com> > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > --- > > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 > ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > index 28d946472f..297d5a05b5 100644 > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > > // Compute the number of characters in > ArgumentString and store it in > > Count > > // ArgumentString is either null-terminated, or > it contains Precision > > characters > > // > > - for (Count = 0; Count < Precision || ((Flags & > PRECISION) == 0); Count++) { > > + for (Count = 0; > > + ArgumentString[Count * > BytesPerArgumentCharacter] != '\0' && > > + (Count < Precision || ((Flags & PRECISION) > == 0)); > > + Count++) { > > ArgumentCharacter = ((ArgumentString[Count * > > BytesPerArgumentCharacter] & 0xff) | > ((ArgumentString[Count * > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > > if (ArgumentCharacter == 0) { > > break; > > -- > > 2.15.1.windows.2 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation 2017-12-27 16:37 ` Kinney, Michael D @ 2017-12-28 0:29 ` Wang, Jian J 2017-12-28 1:56 ` Gao, Liming 0 siblings, 1 reply; 6+ messages in thread From: Wang, Jian J @ 2017-12-28 0:29 UTC (permalink / raw) To: Kinney, Michael D, edk2-devel@lists.01.org Cc: Yao, Jiewen, Zeng, Star, Gao, Liming I revisit the code again. You're right that the commit log is not correct. The '\0' would be read and even the one pass it. Regards, Jian > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, December 28, 2017 12:38 AM > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney, > Michael D <michael.d.kinney@intel.com> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; > Gao, Liming <liming.gao@intel.com> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision > position calculation > > Is the commit log correct? > > Is the issue that the character past the '\0' could be read? > > Mike > > > -----Original Message----- > > From: Wang, Jian J > > Sent: Tuesday, December 26, 2017 6:14 PM > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2- > > devel@lists.01.org > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, > > Jiewen <jiewen.yao@intel.com>; Zeng, Star > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > incorrect Precision position calculation > > > > Mike and Liming, > > > > Could you take a look at this patch? > > > > Regards, > > Jian > > > > > > > -----Original Message----- > > > From: edk2-devel [mailto:edk2-devel- > > bounces@lists.01.org] On Behalf Of Jian J > > > Wang > > > Sent: Monday, December 25, 2017 10:09 AM > > > To: edk2-devel@lists.01.org > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; > > Yao, Jiewen > > > <jiewen.yao@intel.com>; Zeng, Star > > <star.zeng@intel.com>; Gao, Liming > > > <liming.gao@intel.com> > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > incorrect Precision position > > > calculation > > > > > > Due to the a potential hole in the stop condition of > > for-loop, the two > > > continuous access to ArgumentString (index, index+1) > > inside the loop > > > might cause the string ending character ('\0') to be > > read. > > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > Cc: Liming Gao <liming.gao@intel.com> > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > Cc: Star Zeng <star.zeng@intel.com> > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > > --- > > > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 > > ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > index 28d946472f..297d5a05b5 100644 > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > > > // Compute the number of characters in > > ArgumentString and store it in > > > Count > > > // ArgumentString is either null-terminated, or > > it contains Precision > > > characters > > > // > > > - for (Count = 0; Count < Precision || ((Flags & > > PRECISION) == 0); Count++) { > > > + for (Count = 0; > > > + ArgumentString[Count * > > BytesPerArgumentCharacter] != '\0' && > > > + (Count < Precision || ((Flags & PRECISION) > > == 0)); > > > + Count++) { > > > ArgumentCharacter = ((ArgumentString[Count * > > > BytesPerArgumentCharacter] & 0xff) | > > ((ArgumentString[Count * > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > > > if (ArgumentCharacter == 0) { > > > break; > > > -- > > > 2.15.1.windows.2 > > > > > > _______________________________________________ > > > edk2-devel mailing list > > > edk2-devel@lists.01.org > > > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation 2017-12-28 0:29 ` Wang, Jian J @ 2017-12-28 1:56 ` Gao, Liming 2017-12-28 2:05 ` Wang, Jian J 0 siblings, 1 reply; 6+ messages in thread From: Gao, Liming @ 2017-12-28 1:56 UTC (permalink / raw) To: Wang, Jian J, Kinney, Michael D, edk2-devel@lists.01.org Cc: Yao, Jiewen, Zeng, Star Jian: MdePkg/Library/BasePrintLib/PrintLibInternal.c line 1171 has the similar issue. Could you fix it also? And, MdeModulePkg\Library\DxePrintLibPrint2Protocol\PrintLib.c have the same issue. Could you sync this fix to it? Thanks Liming > -----Original Message----- > From: Wang, Jian J > Sent: Thursday, December 28, 2017 8:29 AM > To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation > > I revisit the code again. You're right that the commit log is not correct. > The '\0' would be read and even the one pass it. > > Regards, > Jian > > > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Thursday, December 28, 2017 12:38 AM > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney, > > Michael D <michael.d.kinney@intel.com> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; > > Gao, Liming <liming.gao@intel.com> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision > > position calculation > > > > Is the commit log correct? > > > > Is the issue that the character past the '\0' could be read? > > > > Mike > > > > > -----Original Message----- > > > From: Wang, Jian J > > > Sent: Tuesday, December 26, 2017 6:14 PM > > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2- > > > devel@lists.01.org > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, > > > Jiewen <jiewen.yao@intel.com>; Zeng, Star > > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com> > > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > > incorrect Precision position calculation > > > > > > Mike and Liming, > > > > > > Could you take a look at this patch? > > > > > > Regards, > > > Jian > > > > > > > > > > -----Original Message----- > > > > From: edk2-devel [mailto:edk2-devel- > > > bounces@lists.01.org] On Behalf Of Jian J > > > > Wang > > > > Sent: Monday, December 25, 2017 10:09 AM > > > > To: edk2-devel@lists.01.org > > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; > > > Yao, Jiewen > > > > <jiewen.yao@intel.com>; Zeng, Star > > > <star.zeng@intel.com>; Gao, Liming > > > > <liming.gao@intel.com> > > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > > incorrect Precision position > > > > calculation > > > > > > > > Due to the a potential hole in the stop condition of > > > for-loop, the two > > > > continuous access to ArgumentString (index, index+1) > > > inside the loop > > > > might cause the string ending character ('\0') to be > > > read. > > > > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > > Cc: Liming Gao <liming.gao@intel.com> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > > Cc: Star Zeng <star.zeng@intel.com> > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > > > --- > > > > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 > > > ++++- > > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > > > diff --git > > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > index 28d946472f..297d5a05b5 100644 > > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > > > > // Compute the number of characters in > > > ArgumentString and store it in > > > > Count > > > > // ArgumentString is either null-terminated, or > > > it contains Precision > > > > characters > > > > // > > > > - for (Count = 0; Count < Precision || ((Flags & > > > PRECISION) == 0); Count++) { > > > > + for (Count = 0; > > > > + ArgumentString[Count * > > > BytesPerArgumentCharacter] != '\0' && > > > > + (Count < Precision || ((Flags & PRECISION) > > > == 0)); > > > > + Count++) { > > > > ArgumentCharacter = ((ArgumentString[Count * > > > > BytesPerArgumentCharacter] & 0xff) | > > > ((ArgumentString[Count * > > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > > > > if (ArgumentCharacter == 0) { > > > > break; > > > > -- > > > > 2.15.1.windows.2 > > > > > > > > _______________________________________________ > > > > edk2-devel mailing list > > > > edk2-devel@lists.01.org > > > > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation 2017-12-28 1:56 ` Gao, Liming @ 2017-12-28 2:05 ` Wang, Jian J 0 siblings, 0 replies; 6+ messages in thread From: Wang, Jian J @ 2017-12-28 2:05 UTC (permalink / raw) To: Gao, Liming, Kinney, Michael D, edk2-devel@lists.01.org Cc: Yao, Jiewen, Zeng, Star Sure. Regards, Jian > -----Original Message----- > From: Gao, Liming > Sent: Thursday, December 28, 2017 9:57 AM > To: Wang, Jian J <jian.j.wang@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com> > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision > position calculation > > Jian: > MdePkg/Library/BasePrintLib/PrintLibInternal.c line 1171 has the similar issue. > Could you fix it also? > > And, MdeModulePkg\Library\DxePrintLibPrint2Protocol\PrintLib.c have the > same issue. Could you sync this fix to it? > > Thanks > Liming > > -----Original Message----- > > From: Wang, Jian J > > Sent: Thursday, December 28, 2017 8:29 AM > > To: Kinney, Michael D <michael.d.kinney@intel.com>; edk2-devel@lists.01.org > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; > Gao, Liming <liming.gao@intel.com> > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision > position calculation > > > > I revisit the code again. You're right that the commit log is not correct. > > The '\0' would be read and even the one pass it. > > > > Regards, > > Jian > > > > > > > -----Original Message----- > > > From: Kinney, Michael D > > > Sent: Thursday, December 28, 2017 12:38 AM > > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org; Kinney, > > > Michael D <michael.d.kinney@intel.com> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>; > > > Gao, Liming <liming.gao@intel.com> > > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision > > > position calculation > > > > > > Is the commit log correct? > > > > > > Is the issue that the character past the '\0' could be read? > > > > > > Mike > > > > > > > -----Original Message----- > > > > From: Wang, Jian J > > > > Sent: Tuesday, December 26, 2017 6:14 PM > > > > To: Wang, Jian J <jian.j.wang@intel.com>; edk2- > > > > devel@lists.01.org > > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, > > > > Jiewen <jiewen.yao@intel.com>; Zeng, Star > > > > <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com> > > > > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > > > incorrect Precision position calculation > > > > > > > > Mike and Liming, > > > > > > > > Could you take a look at this patch? > > > > > > > > Regards, > > > > Jian > > > > > > > > > > > > > -----Original Message----- > > > > > From: edk2-devel [mailto:edk2-devel- > > > > bounces@lists.01.org] On Behalf Of Jian J > > > > > Wang > > > > > Sent: Monday, December 25, 2017 10:09 AM > > > > > To: edk2-devel@lists.01.org > > > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; > > > > Yao, Jiewen > > > > > <jiewen.yao@intel.com>; Zeng, Star > > > > <star.zeng@intel.com>; Gao, Liming > > > > > <liming.gao@intel.com> > > > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > > > > incorrect Precision position > > > > > calculation > > > > > > > > > > Due to the a potential hole in the stop condition of > > > > for-loop, the two > > > > > continuous access to ArgumentString (index, index+1) > > > > inside the loop > > > > > might cause the string ending character ('\0') to be > > > > read. > > > > > > > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > > > Cc: Liming Gao <liming.gao@intel.com> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > > > Cc: Star Zeng <star.zeng@intel.com> > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > > > > --- > > > > > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 > > > > ++++- > > > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git > > > > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > > index 28d946472f..297d5a05b5 100644 > > > > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > > > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > > > > > // Compute the number of characters in > > > > ArgumentString and store it in > > > > > Count > > > > > // ArgumentString is either null-terminated, or > > > > it contains Precision > > > > > characters > > > > > // > > > > > - for (Count = 0; Count < Precision || ((Flags & > > > > PRECISION) == 0); Count++) { > > > > > + for (Count = 0; > > > > > + ArgumentString[Count * > > > > BytesPerArgumentCharacter] != '\0' && > > > > > + (Count < Precision || ((Flags & PRECISION) > > > > == 0)); > > > > > + Count++) { > > > > > ArgumentCharacter = ((ArgumentString[Count * > > > > > BytesPerArgumentCharacter] & 0xff) | > > > > ((ArgumentString[Count * > > > > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > > > > > if (ArgumentCharacter == 0) { > > > > > break; > > > > > -- > > > > > 2.15.1.windows.2 > > > > > > > > > > _______________________________________________ > > > > > edk2-devel mailing list > > > > > edk2-devel@lists.01.org > > > > > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-12-28 2:00 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-12-25 2:08 [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation Jian J Wang 2017-12-27 2:14 ` Wang, Jian J 2017-12-27 16:37 ` Kinney, Michael D 2017-12-28 0:29 ` Wang, Jian J 2017-12-28 1:56 ` Gao, Liming 2017-12-28 2:05 ` Wang, Jian J
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox