From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 90D7C22280C27 for ; Wed, 27 Dec 2017 08:32:55 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Dec 2017 08:37:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,466,1508828400"; d="scan'208";a="15518790" Received: from orsmsx107.amr.corp.intel.com ([10.22.240.5]) by orsmga003.jf.intel.com with ESMTP; 27 Dec 2017 08:37:51 -0800 Received: from orsmsx114.amr.corp.intel.com (10.22.240.10) by ORSMSX107.amr.corp.intel.com (10.22.240.5) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 27 Dec 2017 08:37:50 -0800 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.187]) by ORSMSX114.amr.corp.intel.com ([169.254.8.57]) with mapi id 14.03.0319.002; Wed, 27 Dec 2017 08:37:50 -0800 From: "Kinney, Michael D" To: "Wang, Jian J" , "edk2-devel@lists.01.org" , "Kinney, Michael D" CC: "Yao, Jiewen" , "Zeng, Star" , "Gao, Liming" Thread-Topic: [edk2] [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation Thread-Index: AQHTfSVOUFLdTYZvdkybvdwrIa/Bz6NW/JOAgABq8yA= Date: Wed, 27 Dec 2017 16:37:50 +0000 Message-ID: References: <20171225020847.14076-1-jian.j.wang@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.22.254.139] MIME-Version: 1.0 Subject: Re: [PATCH] MdePkg/BasePrintLib: Fix incorrect Precision position calculation X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Dec 2017 16:32:56 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Is the commit log correct? Is the issue that the character past the '\0' could be read? Mike > -----Original Message----- > From: Wang, Jian J > Sent: Tuesday, December 26, 2017 6:14 PM > To: Wang, Jian J ; edk2- > devel@lists.01.org > Cc: Kinney, Michael D ; Yao, > Jiewen ; Zeng, Star > ; Gao, Liming > Subject: RE: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > incorrect Precision position calculation >=20 > Mike and Liming, >=20 > Could you take a look at this patch? >=20 > Regards, > Jian >=20 >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel- > bounces@lists.01.org] On Behalf Of Jian J > > Wang > > Sent: Monday, December 25, 2017 10:09 AM > > To: edk2-devel@lists.01.org > > Cc: Kinney, Michael D ; > Yao, Jiewen > > ; Zeng, Star > ; Gao, Liming > > > > Subject: [edk2] [PATCH] MdePkg/BasePrintLib: Fix > incorrect Precision position > > calculation > > > > Due to the a potential hole in the stop condition of > for-loop, the two > > continuous access to ArgumentString (index, index+1) > inside the loop > > might cause the string ending character ('\0') to be > read. > > > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Jiewen Yao > > Cc: Star Zeng > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jian J Wang > > --- > > MdePkg/Library/BasePrintLib/PrintLibInternal.c | 5 > ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git > a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > index 28d946472f..297d5a05b5 100644 > > --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c > > @@ -1107,7 +1107,10 @@ BasePrintLibSPrintMarker ( > > // Compute the number of characters in > ArgumentString and store it in > > Count > > // ArgumentString is either null-terminated, or > it contains Precision > > characters > > // > > - for (Count =3D 0; Count < Precision || ((Flags & > PRECISION) =3D=3D 0); Count++) { > > + for (Count =3D 0; > > + ArgumentString[Count * > BytesPerArgumentCharacter] !=3D '\0' && > > + (Count < Precision || ((Flags & PRECISION) > =3D=3D 0)); > > + Count++) { > > ArgumentCharacter =3D ((ArgumentString[Count * > > BytesPerArgumentCharacter] & 0xff) | > ((ArgumentString[Count * > > BytesPerArgumentCharacter + 1]) << 8)) & ArgumentMask; > > if (ArgumentCharacter =3D=3D 0) { > > break; > > -- > > 2.15.1.windows.2 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel