public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Vitaly Cheptsov" <cheptsov@ispras.ru>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Andrew Fish" <afish@apple.com>,
	"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
	"Bret Barkelew" <bret.barkelew@microsoft.com>,
	"Brian J . Johnson" <brian.johnson@hpe.com>,
	"Chiu, Chasel" <chasel.chiu@intel.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>,
	"Laszlo Ersek" <lersek@redhat.com>,
	"Leif Lindholm" <leif@nuviainc.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"Marvin Häuser" <mhaeuser@outlook.de>,
	"Zimmer, Vincent" <vincent.zimmer@intel.com>,
	"Gao, Zhichao" <zhichao.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
Date: Thu, 14 May 2020 21:59:24 +0300	[thread overview]
Message-ID: <EEAC21EB-5AB3-49AF-A894-4D9A026F2236@ispras.ru> (raw)
In-Reply-To: <MN2PR11MB4461DF6CF7F71085C716E87CD2BC0@MN2PR11MB4461.namprd11.prod.outlook.com>


[-- Attachment #1.1: Type: text/plain, Size: 44758 bytes --]

Mike,

The code you posted may inflict undefined behaviour is not valid C for several reasons. The compiler is free to do whatever it desires. Please refer to ISO/IEC 9899 for more details.

If applications cast raw pointers to typed pointers without checking their alignment, well, god bless them :)
My opinion is both the compiler and the hardware are welcome to do the worst once your third line is discovered. On a number of CPUs such addresses cannot be even represented in the first place.

Yet, once again it is out of the scope of the current problem.

Best wishes,
Vitaly


> 14 мая 2020 г., в 20:58, Kinney, Michael D <michael.d.kinney@intel.com> написал(а):
> 
> Vitaly,
> 
> Why do you think there is no way to craft an odd address
> without memory corruption.
> 
> UINT8   ByteArray[100];
> CHAR16  *String
> 
> String = (CHAR16 *)(&Array[3]);
> 
> The reason I raised the question of these other ASSERT()s
> is that I thought the use case was using these safe string
> APIs from a UEFI App, and the UEFI App always wants to evaluate
> the return status to know if the operation was completed or
> not.  In build that removes all ASSERT()s, an odd address
> will generate an exception on some CPU archs.  Wouldn’t it
> be better for the UEFI App that is already designed to handle
> error return status to get an error code instead of an
> exception?
> 
> Mike
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On
>> Behalf Of Vitaly Cheptsov
>> Sent: Thursday, May 14, 2020 10:39 AM
>> To: Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
>> Cc: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; Andrew Fish
>> <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Bret Barkelew
>> <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>; Brian J . Johnson
>> <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel
>> <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L
>> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek
>> <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>;
>> Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser
>> <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Zimmer, Vincent
>> <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao
>> <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
>> Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
>> SafeString performing assertions on runtime checks
>> 
>> Mike,
>> 
>> Firstly, NULL check and odd-address checks are
>> essentially different things:
>> — NULL address is basically «no object», «optional
>> argument» (e.g. failed allocation).
>> — Odd address is memory corruption, as there is no way
>> to craft such address anyhow else.
>> For this reason the implementation is allowed to treat
>> them differently.
>> 
>> Secondly, as I said in my cover letter there is no
>> behaviour change here for RELEASE builds. Behaviour
>> changes unrelated to the bugfix will have to go to a
>> separate patch. I agree that we may want to reconsider
>> the interface in the future, but that’s for a separate
>> bugzilla and patch. Not discussing it currently is
>> important to avoid diverting from the primary problem.
>> Could create a bugzilla not to forget about it soon
>> after the stable tag.
>> 
>> Best wishes,
>> Vitaly
>> 
>>> 14 мая 2020 г., в 19:38, Kinney, Michael D
>> <michael.d.kinney@intel.com> написал(а):
>>> 
>>> Why preserve the ASSERT()s for an a Unicode strings
>>> that are not aligned in a 16-bit boundary?
>>> 
>>> This is essentially the same as an invalid pointer
>> value
>>> just like NULL.  If NULL pointer returns an error
>> code,
>>> shouldn't and invalid pointer value?
>>> 
>>> Thanks,
>>> 
>>> Mike
>>> 
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On
>>>> Behalf Of Vitaly Cheptsov
>>>> Sent: Thursday, May 14, 2020 2:26 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
>>>> <ard.biesheuvel@linaro.org>; Bret Barkelew
>>>> <bret.barkelew@microsoft.com>; Brian J . Johnson
>>>> <brian.johnson@hpe.com>; Chiu, Chasel
>>>> <chasel.chiu@intel.com>; Justen, Jordan L
>>>> <jordan.l.justen@intel.com>; Laszlo Ersek
>>>> <lersek@redhat.com>; Leif Lindholm
>> <leif@nuviainc.com>;
>>>> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
>>>> <mhaeuser@outlook.de>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Zimmer, Vincent
>>>> <vincent.zimmer@intel.com>; Gao, Zhichao
>>>> <zhichao.gao@intel.com>
>>>> Subject: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
>>>> SafeString performing assertions on runtime checks
>>>> 
>>>> REF:
>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Runtime checks returned via status return code
>> should
>>>> not work as
>>>> 
>>>> 
>>>> assertions to permit parsing not trusted data with
>>>> SafeString
>>>> 
>>>> 
>>>> interfaces.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> CC: Andrew Fish <afish@apple.com>
>>>> 
>>>> 
>>>> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>> 
>>>> 
>>>> CC: Bret Barkelew <bret.barkelew@microsoft.com>
>>>> 
>>>> 
>>>> CC: Brian J. Johnson <brian.johnson@hpe.com>
>>>> 
>>>> 
>>>> CC: Chasel Chiu <chasel.chiu@intel.com>
>>>> 
>>>> 
>>>> CC: Jordan Justen <jordan.l.justen@intel.com>
>>>> 
>>>> 
>>>> CC: Laszlo Ersek <lersek@redhat.com>
>>>> 
>>>> 
>>>> CC: Leif Lindholm <leif@nuviainc.com>
>>>> 
>>>> 
>>>> CC: Liming Gao <liming.gao@intel.com>
>>>> 
>>>> 
>>>> CC: Marvin Häuser <mhaeuser@outlook.de>
>>>> 
>>>> 
>>>> CC: Mike Kinney <michael.d.kinney@intel.com>
>>>> 
>>>> 
>>>> CC: Vincent Zimmer <vincent.zimmer@intel.com>
>>>> 
>>>> 
>>>> CC: Zhichao Gao <zhichao.gao@intel.com>
>>>> 
>>>> 
>>>> Signed-off-by: Vitaly Cheptsov
>> <vit9696@protonmail.com>
>>>> 
>>>> 
>>>> ---
>>>> 
>>>> 
>>>> MdePkg/Include/Library/BaseLib.h    | 120 ++--------
>> --
>>>> --------
>>>> 
>>>> 
>>>> MdePkg/Library/BaseLib/SafeString.c |  80 ----------
>> --
>>>> -
>>>> 
>>>> 
>>>> 2 files changed, 7 insertions(+), 193 deletions(-)
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> diff --git a/MdePkg/Include/Library/BaseLib.h
>>>> b/MdePkg/Include/Library/BaseLib.h
>>>> 
>>>> 
>>>> index ecadff8b23..62dc3151bc 100644
>>>> 
>>>> 
>>>> --- a/MdePkg/Include/Library/BaseLib.h
>>>> 
>>>> 
>>>> +++ b/MdePkg/Include/Library/BaseLib.h
>>>> 
>>>> 
>>>> @@ -189,7 +189,6 @@ StrnSizeS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -225,7 +224,6 @@ StrCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Length > 0 and Destination is not aligned on a
>>>> 16-bit boundary, then ASSERT().
>>>> 
>>>> 
>>>>  If Length > 0 and Source is not aligned on a 16-
>> bit
>>>> boundary, then ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -263,7 +261,6 @@ StrnCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -303,7 +300,6 @@ StrCatS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -350,12 +346,7 @@ StrnCatS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
>>>> 
>>>> 
>>>>  the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>> 
>>>> 
>>>>  whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -528,12 +509,7 @@ StrHexToUintnS (
>>>> 
>>>> 
>>>>  the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>> 
>>>> 
>>>>  whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strcpy_s defined in
>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -656,8 +630,6 @@ AsciiStrCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strncpy_s defined in
>>>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strcat_s defined in
>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -730,8 +700,6 @@ AsciiStrCatS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strncat_s defined in
>>>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -777,12 +745,6 @@ AsciiStrnCatS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>> 
>>>> 
>>>> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>> 
>>>> 
>>>> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
>>>> 
>>>> 
>>>>  character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>> 
>>>> 
>>>>  whichever on comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>> 
>>>> 
>>>> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
>>>> 
>>>> 
>>>>  character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>> 
>>>> 
>>>>  whichever on comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>> 
>>>> 
>>>> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
>>>> 
>>>> 
>>>>  "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>> 
>>>> 
>>>>  The "::" can only appear once in the String.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>>  by EndPointer.
>>>> 
>>>> 
>>>> @@ -1567,15 +1503,10 @@ StrToIpv6Address (
>>>> 
>>>> 
>>>>  When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>> 
>>>> 
>>>>  a valid decimal digit character after P is
>>>> converted.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>>  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>> @@ -1640,8 +1571,6 @@ StrToIpv4Address (
>>>> 
>>>> 
>>>>                  oo          Data4[48:55]
>>>> 
>>>> 
>>>>                  pp          Data4[56:63]
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Guid is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated Unicode string.
>>>> 
>>>> 
>>>> @@ -1676,17 +1605,6 @@ StrToGuid (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Buffer is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Length is not multiple of 2, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero and
>>>> Length is greater than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated Unicode string.
>>>> 
>>>> 
>>>>  @param  Length                   The number of
>>>> Unicode characters to decode.
>>>> 
>>>> 
>>>>  @param  Buffer                   Pointer to the
>>>> converted bytes array.
>>>> 
>>>> 
>>>> @@ -1777,7 +1695,6 @@ UnicodeStrToAsciiStr (
>>>> 
>>>> 
>>>>  the upper 8 bits, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -1818,22 +1735,23 @@ UnicodeStrToAsciiStrS (
>>>> 
>>>> 
>>>>  bits of each Unicode character. The function
>>>> terminates the Ascii string
>>>> 
>>>> 
>>>>  Destination by appending a Null-terminator
>> character
>>>> at the end.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  The caller is responsible to make sure
>> Destination
>>>> points to a buffer with size
>>>> 
>>>> 
>>>> -  equal or greater than ((StrLen (Source) + 1) *
>>>> sizeof (CHAR8)) in bytes.
>>>> 
>>>> 
>>>> +  The caller is responsible to make sure
>> Destination
>>>> points to a buffer with
>>>> 
>>>> 
>>>> +  size not smaller than ((MIN(StrLen(Source),
>> Length)
>>>> + 1) * sizeof (CHAR8))
>>>> 
>>>> 
>>>> +  in bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If any Unicode characters in Source contain non-
>> zero
>>>> value in the upper 8
>>>> 
>>>> 
>>>>  bits, then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> +  If an error is returned, then Destination and
>>>> DestinationLength are
>>>> 
>>>> 
>>>> +  unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Source             The pointer to a Null-
>>>> terminated Unicode string.
>>>> 
>>>> 
>>>>  @param  Length             The maximum number of
>>>> Unicode characters to
>>>> 
>>>> 
>>>>                             convert.
>>>> 
>>>> 
>>>>  @param  Destination        The pointer to a Null-
>>>> terminated Ascii string.
>>>> 
>>>> 
>>>> -  @param  DestMax            The maximum number of
>>>> Destination Ascii
>>>> 
>>>> 
>>>> -                             char, including
>>>> terminating null char.
>>>> 
>>>> 
>>>> +  @param  DestMax            The maximum number of
>>>> Destination Ascii char,
>>>> 
>>>> 
>>>> +                             including terminating
>>>> null char.
>>>> 
>>>> 
>>>>  @param  DestinationLength  The number of Unicode
>>>> characters converted.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @retval RETURN_SUCCESS            String is
>>>> converted.
>>>> 
>>>> 
>>>> @@ -2388,10 +2306,6 @@ AsciiStrHexToUint64 (
>>>> 
>>>> 
>>>>  "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>> 
>>>> 
>>>>  The "::" can only appear once in the String.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>>  by EndPointer.
>>>> 
>>>> 
>>>> @@ -2443,10 +2357,6 @@ AsciiStrToIpv6Address (
>>>> 
>>>> 
>>>>  When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>> 
>>>> 
>>>>  a valid decimal digit character after P is
>>>> converted.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>>  by EndPointer.
>>>> 
>>>> 
>>>> @@ -2508,9 +2418,6 @@ AsciiStrToIpv4Address (
>>>> 
>>>> 
>>>>                  oo          Data4[48:55]
>>>> 
>>>> 
>>>>                  pp          Data4[56:63]
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Guid is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>> 
>>>> 
>>>>  @param  Guid                     Pointer to the
>>>> converted GUID.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -2541,17 +2448,6 @@ AsciiStrToGuid (
>>>> 
>>>> 
>>>>  decoding stops after Length of characters and
>>>> outputs Buffer containing
>>>> 
>>>> 
>>>>  (Length / 2) bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Buffer is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Length is not multiple of 2, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero and
>>>> Length is greater than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>> 
>>>> 
>>>>  @param  Length                   The number of
>> ASCII
>>>> characters to decode.
>>>> 
>>>> 
>>>>  @param  Buffer                   Pointer to the
>>>> converted bytes array.
>>>> 
>>>> 
>>>> @@ -2632,7 +2528,6 @@ AsciiStrToUnicodeStr (
>>>> 
>>>> 
>>>>  equal or greater than ((AsciiStrLen (Source) + 1)
>> *
>>>> sizeof (CHAR16)) in bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -2678,7 +2573,6 @@ AsciiStrToUnicodeStrS (
>>>> 
>>>> 
>>>>  ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>>>> (CHAR8)) in bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then Destination and
>>>> DestinationLength are
>>>> 
>>>> 
>>>>  unmodified.
>>>> 
>>>> 
>>>> diff --git a/MdePkg/Library/BaseLib/SafeString.c
>>>> b/MdePkg/Library/BaseLib/SafeString.c
>>>> 
>>>> 
>>>> index 7dc03d2caa..1db42abb05 100644
>>>> 
>>>> 
>>>> --- a/MdePkg/Library/BaseLib/SafeString.c
>>>> 
>>>> 
>>>> +++ b/MdePkg/Library/BaseLib/SafeString.c
>>>> 
>>>> 
>>>> @@ -14,7 +14,6 @@
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
>>>> Status)  \
>>>> 
>>>> 
>>>>  do { \
>>>> 
>>>> 
>>>> -    ASSERT (Expression); \
>>>> 
>>>> 
>>>>    if (!(Expression)) { \
>>>> 
>>>> 
>>>>      return Status; \
>>>> 
>>>> 
>>>>    } \
>>>> 
>>>> 
>>>> @@ -197,7 +196,6 @@ StrnSizeS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -279,7 +277,6 @@ StrCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Length > 0 and Destination is not aligned on a
>>>> 16-bit boundary, then ASSERT().
>>>> 
>>>> 
>>>>  If Length > 0 and Source is not aligned on a 16-
>> bit
>>>> boundary, then ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -372,7 +369,6 @@ StrnCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -473,7 +469,6 @@ StrCatS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -590,12 +585,7 @@ StrnCatS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
>>>> 
>>>> 
>>>>  the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>> 
>>>> 
>>>>  whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -956,12 +936,7 @@ StrHexToUintnS (
>>>> 
>>>> 
>>>>  the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>> 
>>>> 
>>>>  whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>>  If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>> @@ -1856,8 +1831,6 @@ AsciiStrCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strncpy_s defined in
>>>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -1944,8 +1917,6 @@ AsciiStrnCpyS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strcat_s defined in
>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -2040,8 +2011,6 @@ AsciiStrCatS (
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  This function is similar as strncat_s defined in
>>>> C11.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  @param  Destination              A pointer to a
>>>> Null-terminated Ascii string.
>>>> 
>>>> 
>>>> @@ -2154,12 +2123,6 @@ AsciiStrnCatS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>> 
>>>> 
>>>> @@ -2266,12 +2229,6 @@ AsciiStrDecimalToUintnS (
>>>> 
>>>> 
>>>>  be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>> 
>>>> 
>>>>  valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>> 
>>>> 
>>>>  at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>> 
>>>> 
>>>> @@ -2382,12 +2339,6 @@ AsciiStrDecimalToUint64S (
>>>> 
>>>> 
>>>>  character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>> 
>>>> 
>>>>  whichever on comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>> 
>>>> 
>>>> @@ -2509,12 +2460,6 @@ AsciiStrHexToUintnS (
>>>> 
>>>> 
>>>>  character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>> 
>>>> 
>>>>  whichever on comes first.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Data is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>> 
>>>> 
>>>> -  Null-terminator, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>> 
>>>> 
>>>>  stored at the location pointed to by Data.
>>>> 
>>>> 
>>>>  If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>> 
>>>> 
>>>> @@ -2635,7 +2580,6 @@ AsciiStrHexToUint64S (
>>>> 
>>>> 
>>>>  the upper 8 bits, then ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then the Destination is
>>>> unmodified.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -2735,7 +2679,6 @@ UnicodeStrToAsciiStrS (
>>>> 
>>>> 
>>>>  If any Unicode characters in Source contain non-
>> zero
>>>> value in the upper 8
>>>> 
>>>> 
>>>>  bits, then ASSERT().
>>>> 
>>>> 
>>>>  If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then Destination and
>>>> DestinationLength are
>>>> 
>>>> 
>>>>  unmodified.
>>>> 
>>>> 
>>>> @@ -2948,7 +2891,6 @@ AsciiStrToUnicodeStrS (
>>>> 
>>>> 
>>>>  ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>>>> (CHAR8)) in bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>> 
>>>> 
>>>> -  If an error would be returned, then the function
>>>> will also ASSERT().
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  If an error is returned, then Destination and
>>>> DestinationLength are
>>>> 
>>>> 
>>>>  unmodified.
>>>> 
>>>> 
>>>> @@ -3072,10 +3014,6 @@ AsciiStrnToUnicodeStrS (
>>>> 
>>>> 
>>>>  "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>> 
>>>> 
>>>>  The "::" can only appear once in the String.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>>  by EndPointer.
>>>> 
>>>> 
>>>> @@ -3291,10 +3229,6 @@ AsciiStrToIpv6Address (
>>>> 
>>>> 
>>>>  When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>> 
>>>> 
>>>>  a valid decimal digit character after P is
>>>> converted.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Address is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>> 
>>>> 
>>>>  to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>> 
>>>> 
>>>>  by EndPointer.
>>>> 
>>>> 
>>>> @@ -3448,9 +3382,6 @@ AsciiStrToIpv4Address (
>>>> 
>>>> 
>>>>                  oo          Data4[48:55]
>>>> 
>>>> 
>>>>                  pp          Data4[56:63]
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -  If Guid is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>> 
>>>> 
>>>>  @param  Guid                     Pointer to the
>>>> converted GUID.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> @@ -3550,17 +3481,6 @@ AsciiStrToGuid (
>>>> 
>>>> 
>>>>  decoding stops after Length of characters and
>>>> outputs Buffer containing
>>>> 
>>>> 
>>>>  (Length / 2) bytes.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -  If String is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Buffer is NULL, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If Length is not multiple of 2, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If PcdMaximumAsciiStringLength is not zero and
>>>> Length is greater than
>>>> 
>>>> 
>>>> -  PcdMaximumAsciiStringLength, then ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>> -  If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>> 
>>>> 
>>>> -
>>>> 
>>>> 
>>>>  @param  String                   Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>> 
>>>> 
>>>>  @param  Length                   The number of
>> ASCII
>>>> characters to decode.
>>>> 
>>>> 
>>>>  @param  Buffer                   Pointer to the
>>>> converted bytes array.
>>>> 
>>>> 
>>>> --
>>>> 
>>>> 
>>>> 2.24.2 (Apple Git-127)
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
>> 


[-- Attachment #1.2: Type: text/html, Size: 88016 bytes --]

[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2020-05-14 18:59 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-14  9:25 [PATCH V6 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14  9:25 ` [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-14 13:35   ` Laszlo Ersek
2020-05-14 16:38   ` [edk2-devel] " Michael D Kinney
2020-05-14 17:39     ` Vitaly Cheptsov
2020-05-14 17:58       ` Michael D Kinney
2020-05-14 18:59         ` Vitaly Cheptsov [this message]
2020-05-14 19:45           ` Ard Biesheuvel
2020-05-14 21:07           ` Michael D Kinney
2020-05-14 21:15             ` [EXTERNAL] " Bret Barkelew
2020-05-14 22:14               ` Michael D Kinney
2020-05-15  9:28                 ` Marvin Häuser
2020-05-15  9:30                 ` [EXTERNAL] " Vitaly Cheptsov
2020-05-15 15:26                   ` Bret Barkelew
2020-05-14 11:33 ` [edk2-devel] [PATCH V6 0/1] Disable safe string constraint assertions Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=EEAC21EB-5AB3-49AF-A894-4D9A026F2236@ispras.ru \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox