From: "Vitaly Cheptsov" <cheptsov@ispras.ru>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"bret.barkelew@microsoft.com" <bret.barkelew@microsoft.com>,
"Marvin Häuser" <mhaeuser@outlook.de>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
Andrew Fish <afish@apple.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"Brian J . Johnson" <brian.johnson@hpe.com>,
"Chiu, Chasel" <chasel.chiu@intel.com>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Leif Lindholm <leif@nuviainc.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Zimmer, Vincent" <vincent.zimmer@intel.com>,
"Gao, Zhichao" <zhichao.gao@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
Date: Fri, 15 May 2020 12:30:46 +0300 [thread overview]
Message-ID: <D9392C30-65B3-457B-89BD-AEC28A582720@ispras.ru> (raw)
In-Reply-To: <MN2PR11MB4461C7E84662D7D4EC2C8FADD2BC0@MN2PR11MB4461.namprd11.prod.outlook.com>
[-- Attachment #1.1: Type: text/plain, Size: 46033 bytes --]
Mike, Bret,
The assertion in UnicodeStrnToAsciiStrS is currently not a runtime check but a precondition. I.e. the function does not work with such sequences.
I fully agree that it is not right, and that we should actually update the documentation and change it to the following construction (0x80 instead of 0x100 for 7-bit ASCII and ‘?’ for invalid patch):
if (*Source < 0x80) {
*(Destination++) = (CHAR8) *(Source++);
} else {
*(Destination++) = ‘?';
}
However, it has to be out of the scope of this patch due to the nature of the change: function behaviour change for RELEASE instead of assertion removal for the runtime check as for all the rest. Should file a bugzilla as well.
As for alignment, I believe Marvin explained it well, and I have nothing to add there. There is no need to change the patch anyhow.
Best wishes,
Vitaly
> 15 мая 2020 г., в 01:14, Kinney, Michael D <michael.d.kinney@intel.com> написал(а):
>
> Bret,
>
> I agree with all your points. Which is why I am asking if we should address this in the current patch under review.
>
> I will also point out that another way to get an off pointer address value for a CHAR16 is through use of packed structures. If a CHAR16 string is in a packaged structure and starts at an odd byte offset, then directly passing the CHAR16 string field to one of these APIs will ASSERT() or generate an exception if the ASSERT()s are removed. When using packed structures, fields that are larger than 1-byte need to either be copied to an aligned location or accessed using the Unaligned Read/Write APIs.
>
> Mike
>
> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On Behalf Of Bret Barkelew via groups.io <http://groups.io/>
> Sent: Thursday, May 14, 2020 2:15 PM
> To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>; cheptsov@ispras.ru <mailto:cheptsov@ispras.ru>
> Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Brian J . Johnson <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>; Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Zimmer, Vincent <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
> Subject: Re: [EXTERNAL] Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
>
> Why isn’t that a failed return value?
> That would be unexpected behavior in RELEASE.
>
> Either that, or the function should take in a substitution character (e.g. ‘?’) for invalid characters.
>
> The prototype of this function is bad if it doesn’t allow for this possibility, and an ASSERT isn’t making code any better/safer by only ASSERTing.
>
> - Bret
>
> From: Michael D Kinney via groups.io <mailto:michael.d.kinney=intel.com@groups.io>
> Sent: Thursday, May 14, 2020 2:07 PM
> To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; cheptsov@ispras.ru <mailto:cheptsov@ispras.ru>; Kinney, Michael D <mailto:michael.d.kinney@intel.com>
> Cc: Andrew Fish <mailto:afish@apple.com>; Ard Biesheuvel <mailto:ard.biesheuvel@linaro.org>; Bret Barkelew <mailto:Bret.Barkelew@microsoft.com>; Brian J . Johnson <mailto:brian.johnson@hpe.com>; Chiu, Chasel <mailto:chasel.chiu@intel.com>; Justen, Jordan L <mailto:jordan.l.justen@intel.com>; Laszlo Ersek <mailto:lersek@redhat.com>; Leif Lindholm <mailto:leif@nuviainc.com>; liming.gao <mailto:liming.gao@intel.com>; Marvin Häuser <mailto:mhaeuser@outlook.de>; Zimmer, Vincent <mailto:vincent.zimmer@intel.com>; Gao, Zhichao <mailto:zhichao.gao@intel.com>
> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
>
> Hi Vitaly,
>
> What about this ASSERT() in UnicodeStrnToAsciiStrS(). It is an ASSERT() on the data contents.
>
> //
> // Convert string
> //
> while ((*Source != 0) && (SourceLen > 0)) {
> //
> // If any Unicode characters in Source contain non-zero value in the upper
> // 8 bits, then ASSERT().
> //
> ASSERT (*Source < 0x100);
> *(Destination++) = (CHAR8) *(Source++);
> SourceLen--;
> (*DestinationLength)++;
> }
> *Destination = 0;
>
> Mike
>
> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On Behalf Of Vitaly Cheptsov
> Sent: Thursday, May 14, 2020 11:59 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
> Cc: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; Andrew Fish <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Bret Barkelew <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>; Brian J . Johnson <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>; Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Zimmer, Vincent <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
> Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
>
> Mike,
>
> The code you posted may inflict undefined behaviour is not valid C for several reasons. The compiler is free to do whatever it desires. Please refer to ISO/IEC 9899 for more details.
>
> If applications cast raw pointers to typed pointers without checking their alignment, well, god bless them :)
> My opinion is both the compiler and the hardware are welcome to do the worst once your third line is discovered. On a number of CPUs such addresses cannot be even represented in the first place.
>
> Yet, once again it is out of the scope of the current problem.
>
> Best wishes,
> Vitaly
>
>
>
> 14 мая 2020 г., в 20:58, Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>> написал(а):
>
> Vitaly,
>
> Why do you think there is no way to craft an odd address
> without memory corruption.
>
> UINT8 ByteArray[100];
> CHAR16 *String
>
> String = (CHAR16 *)(&Array[3]);
>
> The reason I raised the question of these other ASSERT()s
> is that I thought the use case was using these safe string
> APIs from a UEFI App, and the UEFI App always wants to evaluate
> the return status to know if the operation was completed or
> not. In build that removes all ASSERT()s, an odd address
> will generate an exception on some CPU archs. Wouldn’t it
> be better for the UEFI App that is already designed to handle
> error return status to get an error code instead of an
> exception?
>
> Mike
>
>
> -----Original Message-----
> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On
> Behalf Of Vitaly Cheptsov
> Sent: Thursday, May 14, 2020 10:39 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
> Cc: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; Andrew Fish
> <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Bret Barkelew
> <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>; Brian J . Johnson
> <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel
> <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L
> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek
> <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>;
> Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser
> <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Zimmer, Vincent
> <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao
> <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
> Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
> SafeString performing assertions on runtime checks
>
> Mike,
>
> Firstly, NULL check and odd-address checks are
> essentially different things:
> — NULL address is basically «no object», «optional
> argument» (e.g. failed allocation).
> — Odd address is memory corruption, as there is no way
> to craft such address anyhow else.
> For this reason the implementation is allowed to treat
> them differently.
>
> Secondly, as I said in my cover letter there is no
> behaviour change here for RELEASE builds. Behaviour
> changes unrelated to the bugfix will have to go to a
> separate patch. I agree that we may want to reconsider
> the interface in the future, but that’s for a separate
> bugzilla and patch. Not discussing it currently is
> important to avoid diverting from the primary problem.
> Could create a bugzilla not to forget about it soon
> after the stable tag.
>
> Best wishes,
> Vitaly
>
>
> 14 мая 2020 г., в 19:38, Kinney, Michael D
> <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>> написал(а):
>
>
> Why preserve the ASSERT()s for an a Unicode strings
> that are not aligned in a 16-bit boundary?
>
> This is essentially the same as an invalid pointer
> value
>
> just like NULL. If NULL pointer returns an error
> code,
>
> shouldn't and invalid pointer value?
>
> Thanks,
>
> Mike
>
>
> -----Original Message-----
> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On
> Behalf Of Vitaly Cheptsov
> Sent: Thursday, May 14, 2020 2:26 AM
> To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
> Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Bret Barkelew
> <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>; Brian J . Johnson
> <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel
> <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L
> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek
> <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm
> <leif@nuviainc.com <mailto:leif@nuviainc.com>>;
>
> Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser
> <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Kinney, Michael D
> <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>; Zimmer, Vincent
> <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao
> <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
> Subject: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
> SafeString performing assertions on runtime checks
>
> REF:
> https://bugzilla.tianocore.org/show_bug.cgi?id=2054 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2054&data=02%7C01%7CBret.Barkelew%40microsoft.com%7C854c0200e7ed412219a008d7f84ad4e5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637250872617792374&sdata=obXC2njAL18GchcPz1HyiGBSNcBYk8i2Q0ZhWDwICCQ%3D&reserved=0>
>
>
>
>
>
> Runtime checks returned via status return code
> should
>
> not work as
>
>
> assertions to permit parsing not trusted data with
> SafeString
>
>
> interfaces.
>
>
>
>
>
> CC: Andrew Fish <afish@apple.com <mailto:afish@apple.com>>
>
>
> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>
>
>
> CC: Bret Barkelew <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>
>
>
> CC: Brian J. Johnson <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>
>
>
> CC: Chasel Chiu <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>
>
>
> CC: Jordan Justen <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>
>
>
> CC: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com>>
>
>
> CC: Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>
>
>
> CC: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com>>
>
>
> CC: Marvin Häuser <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>
>
>
> CC: Mike Kinney <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
>
>
> CC: Vincent Zimmer <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>
>
>
> CC: Zhichao Gao <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
>
>
> Signed-off-by: Vitaly Cheptsov
> <vit9696@protonmail.com <mailto:vit9696@protonmail.com>>
>
>
>
> ---
>
>
> MdePkg/Include/Library/BaseLib.h | 120 ++--------
> --
>
> --------
>
>
> MdePkg/Library/BaseLib/SafeString.c | 80 ----------
> --
>
> -
>
>
> 2 files changed, 7 insertions(+), 193 deletions(-)
>
>
>
>
>
> diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
>
>
> index ecadff8b23..62dc3151bc 100644
>
>
> --- a/MdePkg/Include/Library/BaseLib.h
>
>
> +++ b/MdePkg/Include/Library/BaseLib.h
>
>
> @@ -189,7 +189,6 @@ StrnSizeS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -225,7 +224,6 @@ StrCpyS (
>
>
>
>
>
> If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
>
>
> If Length > 0 and Source is not aligned on a 16-
> bit
>
> boundary, then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -263,7 +261,6 @@ StrnCpyS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -303,7 +300,6 @@ StrCatS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -350,12 +346,7 @@ StrnCatS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
>
>
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -528,12 +509,7 @@ StrHexToUintnS (
>
>
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
>
>
>
>
>
> This function is similar as strcpy_s defined in
> C11.
>
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -656,8 +630,6 @@ AsciiStrCpyS (
>
>
>
>
>
> This function is similar as strncpy_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
>
>
>
>
>
> This function is similar as strcat_s defined in
> C11.
>
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -730,8 +700,6 @@ AsciiStrCatS (
>
>
>
>
>
> This function is similar as strncat_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -777,12 +745,6 @@ AsciiStrnCatS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
>
>
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
>
>
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
>
>
> "::" can be used to compress one or more groups of
> X
>
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
>
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -1567,15 +1503,10 @@ StrToIpv6Address (
>
>
> When /P is in the String, the function stops at
> the
>
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
>
>
>
> If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> @@ -1640,8 +1571,6 @@ StrToIpv4Address (
>
>
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
>
>
>
> @param String Pointer to a
> Null-
>
> terminated Unicode string.
>
>
> @@ -1676,17 +1605,6 @@ StrToGuid (
>
>
>
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumUnicodeStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumUnicodeStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a
> Null-
>
> terminated Unicode string.
>
>
> @param Length The number of
> Unicode characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> @@ -1777,7 +1695,6 @@ UnicodeStrToAsciiStr (
>
>
> the upper 8 bits, then ASSERT().
>
>
>
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -1818,22 +1735,23 @@ UnicodeStrToAsciiStrS (
>
>
> bits of each Unicode character. The function
> terminates the Ascii string
>
>
> Destination by appending a Null-terminator
> character
>
> at the end.
>
>
>
>
>
> - The caller is responsible to make sure
> Destination
>
> points to a buffer with size
>
>
> - equal or greater than ((StrLen (Source) + 1) *
> sizeof (CHAR8)) in bytes.
>
>
> + The caller is responsible to make sure
> Destination
>
> points to a buffer with
>
>
> + size not smaller than ((MIN(StrLen(Source),
> Length)
>
> + 1) * sizeof (CHAR8))
>
>
> + in bytes.
>
>
>
>
>
> If any Unicode characters in Source contain non-
> zero
>
> value in the upper 8
>
>
> bits, then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> - If an error is returned, then the Destination is
> unmodified.
>
>
> + If an error is returned, then Destination and
> DestinationLength are
>
>
> + unmodified.
>
>
>
>
>
> @param Source The pointer to a Null-
> terminated Unicode string.
>
>
> @param Length The maximum number of
> Unicode characters to
>
>
> convert.
>
>
> @param Destination The pointer to a Null-
> terminated Ascii string.
>
>
> - @param DestMax The maximum number of
> Destination Ascii
>
>
> - char, including
> terminating null char.
>
>
> + @param DestMax The maximum number of
> Destination Ascii char,
>
>
> + including terminating
> null char.
>
>
> @param DestinationLength The number of Unicode
> characters converted.
>
>
>
>
>
> @retval RETURN_SUCCESS String is
> converted.
>
>
> @@ -2388,10 +2306,6 @@ AsciiStrHexToUint64 (
>
>
> "::" can be used to compress one or more groups of
> X
>
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -2443,10 +2357,6 @@ AsciiStrToIpv6Address (
>
>
> When /P is in the String, the function stops at
> the
>
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -2508,9 +2418,6 @@ AsciiStrToIpv4Address (
>
>
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> -
>
>
> @param String Pointer to a
> Null-
>
> terminated ASCII string.
>
>
> @param Guid Pointer to the
> converted GUID.
>
>
>
>
>
> @@ -2541,17 +2448,6 @@ AsciiStrToGuid (
>
>
> decoding stops after Length of characters and
> outputs Buffer containing
>
>
> (Length / 2) bytes.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumAsciiStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a
> Null-
>
> terminated ASCII string.
>
>
> @param Length The number of
> ASCII
>
> characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> @@ -2632,7 +2528,6 @@ AsciiStrToUnicodeStr (
>
>
> equal or greater than ((AsciiStrLen (Source) + 1)
> *
>
> sizeof (CHAR16)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2678,7 +2573,6 @@ AsciiStrToUnicodeStrS (
>
>
> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
>
>
> index 7dc03d2caa..1db42abb05 100644
>
>
> --- a/MdePkg/Library/BaseLib/SafeString.c
>
>
> +++ b/MdePkg/Library/BaseLib/SafeString.c
>
>
> @@ -14,7 +14,6 @@
>
>
>
>
>
> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
> Status) \
>
>
> do { \
>
>
> - ASSERT (Expression); \
>
>
> if (!(Expression)) { \
>
>
> return Status; \
>
>
> } \
>
>
> @@ -197,7 +196,6 @@ StrnSizeS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -279,7 +277,6 @@ StrCpyS (
>
>
>
>
>
> If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
>
>
> If Length > 0 and Source is not aligned on a 16-
> bit
>
> boundary, then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -372,7 +369,6 @@ StrnCpyS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -473,7 +469,6 @@ StrCatS (
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -590,12 +585,7 @@ StrnCatS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
>
>
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -956,12 +936,7 @@ StrHexToUintnS (
>
>
> the first character that is a not a valid
> hexadecimal character or NULL,
>
>
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> If String is not aligned in a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumUnicodeStringLength Unicode characters,
> not including the
>
>
> - Null-terminator, then ASSERT().
>
>
>
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> @@ -1856,8 +1831,6 @@ AsciiStrCpyS (
>
>
>
>
>
> This function is similar as strncpy_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -1944,8 +1917,6 @@ AsciiStrnCpyS (
>
>
>
>
>
> This function is similar as strcat_s defined in
> C11.
>
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -2040,8 +2011,6 @@ AsciiStrCatS (
>
>
>
>
>
> This function is similar as strncat_s defined in
> C11.
>
>
>
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
> -
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @param Destination A pointer to a
> Null-terminated Ascii string.
>
>
> @@ -2154,12 +2123,6 @@ AsciiStrnCatS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -2266,12 +2229,6 @@ AsciiStrDecimalToUintnS (
>
>
> be ignored. Then, the function stops at the first
> character that is a not a
>
>
> valid decimal character or a Null-terminator,
> whichever one comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid decimal digits in the above
> format, then 0 is stored
>
>
> at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -2382,12 +2339,6 @@ AsciiStrDecimalToUint64S (
>
>
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINTN, then
>
>
> @@ -2509,12 +2460,6 @@ AsciiStrHexToUintnS (
>
>
> character that is a not a valid hexadecimal
> character or Null-terminator,
>
>
> whichever on comes first.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Data is NULL, then ASSERT().
>
>
> - If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
>
>
> - PcdMaximumAsciiStringLength Ascii characters, not
> including the
>
>
> - Null-terminator, then ASSERT().
>
>
> -
>
>
> If String has no valid hexadecimal digits in the
> above format, then 0 is
>
>
> stored at the location pointed to by Data.
>
>
> If the number represented by String exceeds the
> range defined by UINT64, then
>
>
> @@ -2635,7 +2580,6 @@ AsciiStrHexToUint64S (
>
>
> the upper 8 bits, then ASSERT().
>
>
>
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then the Destination is
> unmodified.
>
>
>
>
>
> @@ -2735,7 +2679,6 @@ UnicodeStrToAsciiStrS (
>
>
> If any Unicode characters in Source contain non-
> zero
>
> value in the upper 8
>
>
> bits, then ASSERT().
>
>
> If Source is not aligned on a 16-bit boundary,
> then
>
> ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> @@ -2948,7 +2891,6 @@ AsciiStrToUnicodeStrS (
>
>
> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
>
>
>
>
>
> If Destination is not aligned on a 16-bit
> boundary,
>
> then ASSERT().
>
>
> - If an error would be returned, then the function
> will also ASSERT().
>
>
>
>
>
> If an error is returned, then Destination and
> DestinationLength are
>
>
> unmodified.
>
>
> @@ -3072,10 +3014,6 @@ AsciiStrnToUnicodeStrS (
>
>
> "::" can be used to compress one or more groups of
> X
>
> when X contains only 0.
>
>
> The "::" can only appear once in the String.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -3291,10 +3229,6 @@ AsciiStrToIpv6Address (
>
>
> When /P is in the String, the function stops at
> the
>
> first character that is not
>
>
> a valid decimal digit character after P is
> converted.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Address is NULL, then ASSERT().
>
>
> -
>
>
> If EndPointer is not NULL and Address is
> translated
>
> from String, a pointer
>
>
> to the character that stopped the scan is stored
> at
>
> the location pointed to
>
>
> by EndPointer.
>
>
> @@ -3448,9 +3382,6 @@ AsciiStrToIpv4Address (
>
>
> oo Data4[48:55]
>
>
> pp Data4[56:63]
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> - If Guid is NULL, then ASSERT().
>
>
> -
>
>
> @param String Pointer to a
> Null-
>
> terminated ASCII string.
>
>
> @param Guid Pointer to the
> converted GUID.
>
>
>
>
>
> @@ -3550,17 +3481,6 @@ AsciiStrToGuid (
>
>
> decoding stops after Length of characters and
> outputs Buffer containing
>
>
> (Length / 2) bytes.
>
>
>
>
>
> - If String is NULL, then ASSERT().
>
>
> -
>
>
> - If Buffer is NULL, then ASSERT().
>
>
> -
>
>
> - If Length is not multiple of 2, then ASSERT().
>
>
> -
>
>
> - If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
>
>
> - PcdMaximumAsciiStringLength, then ASSERT().
>
>
> -
>
>
> - If MaxBufferSize is less than (Length / 2), then
> ASSERT().
>
>
> -
>
>
> @param String Pointer to a
> Null-
>
> terminated ASCII string.
>
>
> @param Length The number of
> ASCII
>
> characters to decode.
>
>
> @param Buffer Pointer to the
> converted bytes array.
>
>
> --
>
>
> 2.24.2 (Apple Git-127)
>
>
>
>
>
>
>
>
>
>
>
>
[-- Attachment #1.2: Type: text/html, Size: 136504 bytes --]
[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-05-15 9:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 9:25 [PATCH V6 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14 9:25 ` [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-14 13:35 ` Laszlo Ersek
2020-05-14 16:38 ` [edk2-devel] " Michael D Kinney
2020-05-14 17:39 ` Vitaly Cheptsov
2020-05-14 17:58 ` Michael D Kinney
2020-05-14 18:59 ` Vitaly Cheptsov
2020-05-14 19:45 ` Ard Biesheuvel
2020-05-14 21:07 ` Michael D Kinney
2020-05-14 21:15 ` [EXTERNAL] " Bret Barkelew
2020-05-14 22:14 ` Michael D Kinney
2020-05-15 9:28 ` Marvin Häuser
2020-05-15 9:30 ` Vitaly Cheptsov [this message]
2020-05-15 15:26 ` [EXTERNAL] " Bret Barkelew
2020-05-14 11:33 ` [edk2-devel] [PATCH V6 0/1] Disable safe string constraint assertions Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D9392C30-65B3-457B-89BD-AEC28A582720@ispras.ru \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox