From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.14155.1589986260603904221 for ; Wed, 20 May 2020 07:51:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=o8Qh4+uc; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: liming.gao@intel.com) IronPort-SDR: kteee4qxUztk1vAt5Ae45SkhdC3BLmtESpIymVJIGN8BZrMgKf3V3eYQtMnLhqvYOMhOBDLHST cFc4074s0w4w== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2020 07:50:46 -0700 IronPort-SDR: K/3Sl14E0MiLFAW3Gdh0bZGaJW3NqV9/nCWp784wAAvSR2qgKYVngeT/2d91TT5fsrgvcQLALF gZGNXInFaYig== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,414,1583222400"; d="scan'208";a="440054557" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga005.jf.intel.com with ESMTP; 20 May 2020 07:50:45 -0700 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 20 May 2020 07:50:45 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 20 May 2020 07:50:45 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.103) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 20 May 2020 07:50:45 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iq10rkejZL+Vlh+nuOaSL68Niu4px+C9trS8VaQO2H9V91ZMBnmkgxLG+AaaC2ctHAyjgPWeYBUF3MXkLnW8Xv6poBPdjFlE4cNg4JHTG4UdE1hxN+7i2HosyJXRUy+4MMjOCNyAsb8IlGrLcoUpAYyGMqa2+mszAMoyGOU+5m7iTFx75n4ZMPk/O0qKIKAAMB07HVlaxDnVABT8WJxkpTlsORdWdJHSFhs7R7sX2z+3NN+0FJtoK/7sSzcSZlwRjZhvkTrhM7cwRNEkVVK7bxUTS+ZRu+08BPumS+L+zXxqbEKWge77IodldzhKZvnLRtZZhfzIhQXKiTC/eMDMWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3XrqIhrJmUGj+bzCkJjqKSmLAQZd545A/j7ar0LPf2Q=; b=PI38lu3zR9x8Y27vv1nKyInKPM2vXewd1uVTVr8gia/W8pRCQr9xsxGZB/4M+foBJxijt7lCzjbJs1fIXvyQjFf2nxugp2olo/1NkUjVCqRQCJdBApnGDvDwcAdRpTE3yrw8YErsFqWSbUwGJLlUhj5bw9GA68ocBS2C7wfzpaPJnDWFxTwMNzxGrvwXxSWP/hPE5NfKBkbAi8obz8vorX2guoFjSKs7IfjObt/Hw9wAEO/a0S3POaM4frme+suGldqN5MAxWsfS9eeUzVZ8Tu42dUm++V7OjI7qGx3xbfL9OPco/P/ZY+hylu3Lx0/AkHnG8Jwr2yxsbDC5hRZnnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3XrqIhrJmUGj+bzCkJjqKSmLAQZd545A/j7ar0LPf2Q=; b=o8Qh4+ucRnRfWB4/vBN5ptNHSOfu7IkT1G4Nz7yHAgjz7m15mRVpDgB7i3Eo/KCU+97yJbYTRsbUwr0LpFHEjWZtF7hxsaWHCLXnpdYVl/syAVGWdDfTz2Kvu0DZg6buSrOiVMrL8l6MqZEvzBUteLL/syNimFyR5rm7MIANBBM= Received: from DM6PR11MB3195.namprd11.prod.outlook.com (2603:10b6:5:5d::17) by DM6PR11MB2635.namprd11.prod.outlook.com (2603:10b6:5:c5::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20; Wed, 20 May 2020 14:50:43 +0000 Received: from DM6PR11MB3195.namprd11.prod.outlook.com ([fe80::e920:42f3:eb13:1234]) by DM6PR11MB3195.namprd11.prod.outlook.com ([fe80::e920:42f3:eb13:1234%7]) with mapi id 15.20.3021.020; Wed, 20 May 2020 14:50:43 +0000 From: "Liming Gao" To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: Andrew Fish , Ard Biesheuvel , Bret Barkelew , "Brian J . Johnson" , "Chiu, Chasel" , "Justen, Jordan L" , Laszlo Ersek , "Leif Lindholm" , Marvin H?user , "Zimmer, Vincent" , "Gao, Zhichao" , "Yao, Jiewen" , Vitaly Cheptsov Subject: Re: [Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks Thread-Topic: [Patch v8 1/2] MdePkg: Fix SafeString performing assertions on runtime checks Thread-Index: AQHWLlL/lkMWP0qugU67ktFuSnP+EqixD2Gw Date: Wed, 20 May 2020 14:50:43 +0000 Message-ID: References: <20200520030120.21576-1-michael.d.kinney@intel.com> <20200520030120.21576-2-michael.d.kinney@intel.com> In-Reply-To: <20200520030120.21576-2-michael.d.kinney@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.55.52.213] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 73bce750-2762-4004-6c2a-08d7fccd2bf9 x-ms-traffictypediagnostic: DM6PR11MB2635: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1360; x-forefront-prvs: 04097B7F7F x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DHmGpZ38G5FiGR6BHjm+g4wY3bdsA85+WS5kMIQlTfBdeXCxN5zO7OtuhGQ1kuCVhuwNc5uDPJ+p0LWW/YNfdIG8CbDlYNBlAMCyeH4E0zFps7Patyx4WSvcaMxPDVgbkNIra8TQYi9e7rWGTV/yov4YIQd/640vaiZz49/1Cj/jzPQ3VzKnLZPfFJKk0f6ckTEksk/ifyEB95ro053zOQiG1vxXfk68gbxM8VoaWRrzgBs2s2SJVXdv3YOOPLARE0L2WTJ7efk9D9urzusgJwQPHLQNrY9QiVEt3WkkLXFSsTzOH9DsYkT3y3xOsx4AMm0VI06G04WHsvexUdvoZkBwYlI2PAh2+h6kaS7cprZxSXW0oH+RRozyWGd5ISHV9w4vIKL1ZjveoOJ/9/kVAMQP7InrwGM+8uf3qo+2OdmJTszgSiSTyUCcNqagQCWxPk0hS3JXlaTECC5K5BoTD5NDSFVLmT5fQQ+bi6kmBZDiBJ8Rz5j6t8ATRD8bR+X6252Vgfbpblltk10uwbUFUQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB3195.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(39860400002)(346002)(376002)(366004)(136003)(396003)(30864003)(52536014)(76116006)(66446008)(2906002)(8936002)(66556008)(9686003)(55016002)(8676002)(64756008)(4326008)(66476007)(66946007)(19627235002)(966005)(71200400001)(5660300002)(6506007)(53546011)(7696005)(478600001)(26005)(54906003)(316002)(86362001)(186003)(33656002)(110136005)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: utnkMyYlIX4NiElcss9uVJByQbdnaqlY92ZplNYy/TNuuugwFyyHk5Z2xAp79SsoXP7rvCdtzk8IHmXVFmhxEZL4DCHZ7B+EMlnqzugCZeJBcAtCrsoYbJvro2Yoi9U8SZ5K364CsQ9pDSQ7wi0opjfGGW89kTVOsJTlQEyNlSpDzXt7OeZyim0cUzKb8dkT/bvFeChcuEHbNu+zAQ+09XY9RXn5AhaEk88ZlwGIYkFGWqknd2ejK9lzArTOsBgeQVLVdRLJc4CyxvI2ItaCqINOdtaIo3gbmGIQqIwzpsUmSe6z5BfuBxUi3yLZcsFHf3IxTtky1vChvPImBPMAuMO7HmmPz4LNbAKAcBiyFscdPNMbXqzmjGuy/6gxcEdmn0DjM7iAQiQ6pHrFugD4BwA8oS7CBtHp9DQRQB3Icz0RMyPL0uWHUx8YHXvWQkFfCDPz5xQQoT6jYyvQT257j8I+QRW1B1qJ7Rm3TxFojMIodW276rtywzWxpbyhHGH3 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 73bce750-2762-4004-6c2a-08d7fccd2bf9 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 May 2020 14:50:43.1136 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2QUbNqgZKFn7ShhNkErfSBFgsZ8R8a9mBysevNF0ODpHF0lmxxE9tgcruOZnw3MU0Oarw11+76utJCrq6DxjbQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2635 Return-Path: liming.gao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao > -----Original Message----- > From: Kinney, Michael D > Sent: Wednesday, May 20, 2020 11:01 AM > To: devel@edk2.groups.io > Cc: Andrew Fish ; Ard Biesheuvel ; Bret Barkelew ; > Brian J . Johnson ; Chiu, Chasel ; Justen, Jordan L ; > Laszlo Ersek ; Leif Lindholm ; Gao,= Liming ; Marvin H?user > ; Zimmer, Vincent ; Gao, Z= hichao ; Yao, Jiewen > ; Vitaly Cheptsov > Subject: [Patch v8 1/2] MdePkg: Fix SafeString performing assertions on r= untime checks >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 >=20 > Runtime checks returned via status return code should not work as > assertions to permit parsing not trusted data with SafeString > interfaces. Replace ASSERT() with a DEBUG_VERBOSE message. >=20 > Cc: Andrew Fish > Cc: Ard Biesheuvel > Cc: Bret Barkelew > Cc: Brian J. Johnson > Cc: Chasel Chiu > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Leif Lindholm > Cc: Liming Gao > Cc: Marvin H?user > Cc: Michael D Kinney > Cc: Vincent Zimmer > Cc: Zhichao Gao > Cc: Jiewen Yao > Signed-off-by: Vitaly Cheptsov > --- > MdePkg/Include/Library/BaseLib.h | 111 --------------------------- > MdePkg/Library/BaseLib/SafeString.c | 115 +--------------------------- > 2 files changed, 3 insertions(+), 223 deletions(-) >=20 > diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Ba= seLib.h > index b0bbe8cef8..8e7b87cbda 100644 > --- a/MdePkg/Include/Library/BaseLib.h > +++ b/MdePkg/Include/Library/BaseLib.h > @@ -216,7 +216,6 @@ StrnSizeS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -252,7 +251,6 @@ StrCpyS ( >=20 > If Length > 0 and Destination is not aligned on a 16-bit boundary, the= n ASSERT(). > If Length > 0 and Source is not aligned on a 16-bit boundary, then ASS= ERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -290,7 +288,6 @@ StrnCpyS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -330,7 +327,6 @@ StrCatS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -377,12 +373,7 @@ StrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -433,12 +424,7 @@ StrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -494,12 +480,7 @@ StrDecimalToUint64S ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -555,12 +536,7 @@ StrHexToUintnS ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -649,8 +625,6 @@ AsciiStrnSizeS ( >=20 > This function is similar as strcpy_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -683,8 +657,6 @@ AsciiStrCpyS ( >=20 > This function is similar as strncpy_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -719,8 +691,6 @@ AsciiStrnCpyS ( >=20 > This function is similar as strcat_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -757,8 +727,6 @@ AsciiStrCatS ( >=20 > This function is similar as strncat_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -804,12 +772,6 @@ AsciiStrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -859,12 +821,6 @@ AsciiStrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -918,12 +874,6 @@ AsciiStrDecimalToUint64S ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -977,12 +927,6 @@ AsciiStrHexToUintnS ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -1533,16 +1477,8 @@ StrHexToUint64 ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1594,16 +1530,8 @@ StrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1667,8 +1595,6 @@ StrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] >=20 > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > @param String Pointer to a Null-terminated Unicode = string. > @@ -1703,17 +1629,6 @@ StrToGuid ( >=20 > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumUnicodeStringLength is not zero and Length is greater tha= n > - PcdMaximumUnicodeStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated Unicode = string. > @param Length The number of Unicode characters to d= ecode. > @param Buffer Pointer to the converted bytes array. > @@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr ( > the upper 8 bits, then ASSERT(). >=20 > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStrS ( > If any Unicode characters in Source contain non-zero value in the uppe= r 8 > bits, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -2415,10 +2328,6 @@ AsciiStrHexToUint64 ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -2470,10 +2379,6 @@ AsciiStrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -2535,9 +2440,6 @@ AsciiStrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] >=20 > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Guid Pointer to the converted GUID. >=20 > @@ -2568,17 +2470,6 @@ AsciiStrToGuid ( > decoding stops after Length of characters and outputs Buffer containin= g > (Length / 2) bytes. >=20 > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumAsciiStringLength is not zero and Length is greater than > - PcdMaximumAsciiStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Length The number of ASCII characters to dec= ode. > @param Buffer Pointer to the converted bytes array. > @@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr ( > equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) i= n bytes. >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStrS ( > ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes. >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then Destination and DestinationLength are > unmodified. > diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib= /SafeString.c > index 7dc03d2caa..3bb23ca1a1 100644 > --- a/MdePkg/Library/BaseLib/SafeString.c > +++ b/MdePkg/Library/BaseLib/SafeString.c > @@ -14,8 +14,10 @@ >=20 > #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \ > do { \ > - ASSERT (Expression); \ > if (!(Expression)) { \ > + DEBUG ((DEBUG_VERBOSE, \ > + "%a(%d) %a: SAFE_STRING_CONSTRAINT_CHECK(%a) failed. Return %r\= n", \ > + __FILE__, __LINE__, __FUNCTION__, #Expression, Status)); \ > return Status; \ > } \ > } while (FALSE) > @@ -197,7 +199,6 @@ StrnSizeS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -279,7 +280,6 @@ StrCpyS ( >=20 > If Length > 0 and Destination is not aligned on a 16-bit boundary, the= n ASSERT(). > If Length > 0 and Source is not aligned on a 16-bit boundary, then ASS= ERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -372,7 +372,6 @@ StrnCpyS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -473,7 +472,6 @@ StrCatS ( >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -590,12 +588,7 @@ StrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -705,12 +698,7 @@ StrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > @@ -825,12 +813,7 @@ StrDecimalToUint64S ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -956,12 +939,7 @@ StrHexToUintnS ( > the first character that is a not a valid hexadecimal character or NUL= L, > whichever one comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). >=20 > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > @@ -1091,16 +1069,8 @@ StrHexToUint64S ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1317,16 +1287,8 @@ StrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If PcdMaximumUnicodeStringLength is not zero, and String contains more= than > - PcdMaximumUnicodeStringLength Unicode characters, not including the > - Null-terminator, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -1482,8 +1444,6 @@ StrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] >=20 > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > @param String Pointer to a Null-terminated Unicode = string. > @@ -1589,17 +1549,6 @@ StrToGuid ( >=20 > If String is not aligned in a 16-bit boundary, then ASSERT(). >=20 > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumUnicodeStringLength is not zero and Length is greater tha= n > - PcdMaximumUnicodeStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated Unicode = string. > @param Length The number of Unicode characters to d= ecode. > @param Buffer Pointer to the converted bytes array. > @@ -1779,8 +1728,6 @@ AsciiStrnSizeS ( >=20 > This function is similar as strcpy_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -1856,8 +1803,6 @@ AsciiStrCpyS ( >=20 > This function is similar as strncpy_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -1944,8 +1889,6 @@ AsciiStrnCpyS ( >=20 > This function is similar as strcat_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -2040,8 +1983,6 @@ AsciiStrCatS ( >=20 > This function is similar as strncat_s defined in C11. >=20 > - If an error would be returned, then the function will also ASSERT(). > - > If an error is returned, then the Destination is unmodified. >=20 > @param Destination A pointer to a Null-terminated Ascii = string. > @@ -2154,12 +2095,6 @@ AsciiStrnCatS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -2266,12 +2201,6 @@ AsciiStrDecimalToUintnS ( > be ignored. Then, the function stops at the first character that is a = not a > valid decimal character or a Null-terminator, whichever one comes firs= t. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid decimal digits in the above format, then 0 is s= tored > at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -2382,12 +2311,6 @@ AsciiStrDecimalToUint64S ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINTN= , then > @@ -2509,12 +2432,6 @@ AsciiStrHexToUintnS ( > character that is a not a valid hexadecimal character or Null-terminat= or, > whichever on comes first. >=20 > - If String is NULL, then ASSERT(). > - If Data is NULL, then ASSERT(). > - If PcdMaximumAsciiStringLength is not zero, and String contains more t= han > - PcdMaximumAsciiStringLength Ascii characters, not including the > - Null-terminator, then ASSERT(). > - > If String has no valid hexadecimal digits in the above format, then 0 = is > stored at the location pointed to by Data. > If the number represented by String exceeds the range defined by UINT6= 4, then > @@ -2635,7 +2552,6 @@ AsciiStrHexToUint64S ( > the upper 8 bits, then ASSERT(). >=20 > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -2735,7 +2651,6 @@ UnicodeStrToAsciiStrS ( > If any Unicode characters in Source contain non-zero value in the uppe= r 8 > bits, then ASSERT(). > If Source is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then Destination and DestinationLength are > unmodified. > @@ -2855,7 +2770,6 @@ UnicodeStrnToAsciiStrS ( > equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) i= n bytes. >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then the Destination is unmodified. >=20 > @@ -2948,7 +2862,6 @@ AsciiStrToUnicodeStrS ( > ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes. >=20 > If Destination is not aligned on a 16-bit boundary, then ASSERT(). > - If an error would be returned, then the function will also ASSERT(). >=20 > If an error is returned, then Destination and DestinationLength are > unmodified. > @@ -3072,10 +2985,6 @@ AsciiStrnToUnicodeStrS ( > "::" can be used to compress one or more groups of X when X contains o= nly 0. > The "::" can only appear once in the String. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -3291,10 +3200,6 @@ AsciiStrToIpv6Address ( > When /P is in the String, the function stops at the first character th= at is not > a valid decimal digit character after P is converted. >=20 > - If String is NULL, then ASSERT(). > - > - If Address is NULL, then ASSERT(). > - > If EndPointer is not NULL and Address is translated from String, a poi= nter > to the character that stopped the scan is stored at the location point= ed to > by EndPointer. > @@ -3448,9 +3353,6 @@ AsciiStrToIpv4Address ( > oo Data4[48:55] > pp Data4[56:63] >=20 > - If String is NULL, then ASSERT(). > - If Guid is NULL, then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Guid Pointer to the converted GUID. >=20 > @@ -3550,17 +3452,6 @@ AsciiStrToGuid ( > decoding stops after Length of characters and outputs Buffer containin= g > (Length / 2) bytes. >=20 > - If String is NULL, then ASSERT(). > - > - If Buffer is NULL, then ASSERT(). > - > - If Length is not multiple of 2, then ASSERT(). > - > - If PcdMaximumAsciiStringLength is not zero and Length is greater than > - PcdMaximumAsciiStringLength, then ASSERT(). > - > - If MaxBufferSize is less than (Length / 2), then ASSERT(). > - > @param String Pointer to a Null-terminated ASCII st= ring. > @param Length The number of ASCII characters to dec= ode. > @param Buffer Pointer to the converted bytes array. > -- > 2.21.0.windows.1