From: "Vitaly Cheptsov" <cheptsov@ispras.ru>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Andrew Fish" <afish@apple.com>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Bret Barkelew" <bret.barkelew@microsoft.com>,
"Brian J . Johnson" <brian.johnson@hpe.com>,
"Chiu, Chasel" <chasel.chiu@intel.com>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
"Laszlo Ersek" <lersek@redhat.com>,
"Leif Lindholm" <leif@nuviainc.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Marvin Häuser" <mhaeuser@outlook.de>,
"Zimmer, Vincent" <vincent.zimmer@intel.com>,
"Gao, Zhichao" <zhichao.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
Date: Thu, 14 May 2020 21:59:24 +0300 [thread overview]
Message-ID: <EEAC21EB-5AB3-49AF-A894-4D9A026F2236@ispras.ru> (raw)
In-Reply-To: <MN2PR11MB4461DF6CF7F71085C716E87CD2BC0@MN2PR11MB4461.namprd11.prod.outlook.com>
[-- Attachment #1.1: Type: text/plain, Size: 44758 bytes --]
Mike,
The code you posted may inflict undefined behaviour is not valid C for several reasons. The compiler is free to do whatever it desires. Please refer to ISO/IEC 9899 for more details.
If applications cast raw pointers to typed pointers without checking their alignment, well, god bless them :)
My opinion is both the compiler and the hardware are welcome to do the worst once your third line is discovered. On a number of CPUs such addresses cannot be even represented in the first place.
Yet, once again it is out of the scope of the current problem.
Best wishes,
Vitaly
> 14 мая 2020 г., в 20:58, Kinney, Michael D <michael.d.kinney@intel.com> написал(а):
>
> Vitaly,
>
> Why do you think there is no way to craft an odd address
> without memory corruption.
>
> UINT8 ByteArray[100];
> CHAR16 *String
>
> String = (CHAR16 *)(&Array[3]);
>
> The reason I raised the question of these other ASSERT()s
> is that I thought the use case was using these safe string
> APIs from a UEFI App, and the UEFI App always wants to evaluate
> the return status to know if the operation was completed or
> not. In build that removes all ASSERT()s, an odd address
> will generate an exception on some CPU archs. Wouldn’t it
> be better for the UEFI App that is already designed to handle
> error return status to get an error code instead of an
> exception?
>
> Mike
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io>> On
>> Behalf Of Vitaly Cheptsov
>> Sent: Thursday, May 14, 2020 10:39 AM
>> To: Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com>>
>> Cc: devel@edk2.groups.io <mailto:devel@edk2.groups.io>; Andrew Fish
>> <afish@apple.com <mailto:afish@apple.com>>; Ard Biesheuvel
>> <ard.biesheuvel@linaro.org <mailto:ard.biesheuvel@linaro.org>>; Bret Barkelew
>> <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com>>; Brian J . Johnson
>> <brian.johnson@hpe.com <mailto:brian.johnson@hpe.com>>; Chiu, Chasel
>> <chasel.chiu@intel.com <mailto:chasel.chiu@intel.com>>; Justen, Jordan L
>> <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com>>; Laszlo Ersek
>> <lersek@redhat.com <mailto:lersek@redhat.com>>; Leif Lindholm <leif@nuviainc.com <mailto:leif@nuviainc.com>>;
>> Gao, Liming <liming.gao@intel.com <mailto:liming.gao@intel.com>>; Marvin Häuser
>> <mhaeuser@outlook.de <mailto:mhaeuser@outlook.de>>; Zimmer, Vincent
>> <vincent.zimmer@intel.com <mailto:vincent.zimmer@intel.com>>; Gao, Zhichao
>> <zhichao.gao@intel.com <mailto:zhichao.gao@intel.com>>
>> Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
>> SafeString performing assertions on runtime checks
>>
>> Mike,
>>
>> Firstly, NULL check and odd-address checks are
>> essentially different things:
>> — NULL address is basically «no object», «optional
>> argument» (e.g. failed allocation).
>> — Odd address is memory corruption, as there is no way
>> to craft such address anyhow else.
>> For this reason the implementation is allowed to treat
>> them differently.
>>
>> Secondly, as I said in my cover letter there is no
>> behaviour change here for RELEASE builds. Behaviour
>> changes unrelated to the bugfix will have to go to a
>> separate patch. I agree that we may want to reconsider
>> the interface in the future, but that’s for a separate
>> bugzilla and patch. Not discussing it currently is
>> important to avoid diverting from the primary problem.
>> Could create a bugzilla not to forget about it soon
>> after the stable tag.
>>
>> Best wishes,
>> Vitaly
>>
>>> 14 мая 2020 г., в 19:38, Kinney, Michael D
>> <michael.d.kinney@intel.com> написал(а):
>>>
>>> Why preserve the ASSERT()s for an a Unicode strings
>>> that are not aligned in a 16-bit boundary?
>>>
>>> This is essentially the same as an invalid pointer
>> value
>>> just like NULL. If NULL pointer returns an error
>> code,
>>> shouldn't and invalid pointer value?
>>>
>>> Thanks,
>>>
>>> Mike
>>>
>>>> -----Original Message-----
>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On
>>>> Behalf Of Vitaly Cheptsov
>>>> Sent: Thursday, May 14, 2020 2:26 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
>>>> <ard.biesheuvel@linaro.org>; Bret Barkelew
>>>> <bret.barkelew@microsoft.com>; Brian J . Johnson
>>>> <brian.johnson@hpe.com>; Chiu, Chasel
>>>> <chasel.chiu@intel.com>; Justen, Jordan L
>>>> <jordan.l.justen@intel.com>; Laszlo Ersek
>>>> <lersek@redhat.com>; Leif Lindholm
>> <leif@nuviainc.com>;
>>>> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
>>>> <mhaeuser@outlook.de>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; Zimmer, Vincent
>>>> <vincent.zimmer@intel.com>; Gao, Zhichao
>>>> <zhichao.gao@intel.com>
>>>> Subject: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix
>>>> SafeString performing assertions on runtime checks
>>>>
>>>> REF:
>>>> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Runtime checks returned via status return code
>> should
>>>> not work as
>>>>
>>>>
>>>> assertions to permit parsing not trusted data with
>>>> SafeString
>>>>
>>>>
>>>> interfaces.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> CC: Andrew Fish <afish@apple.com>
>>>>
>>>>
>>>> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>>
>>>>
>>>> CC: Bret Barkelew <bret.barkelew@microsoft.com>
>>>>
>>>>
>>>> CC: Brian J. Johnson <brian.johnson@hpe.com>
>>>>
>>>>
>>>> CC: Chasel Chiu <chasel.chiu@intel.com>
>>>>
>>>>
>>>> CC: Jordan Justen <jordan.l.justen@intel.com>
>>>>
>>>>
>>>> CC: Laszlo Ersek <lersek@redhat.com>
>>>>
>>>>
>>>> CC: Leif Lindholm <leif@nuviainc.com>
>>>>
>>>>
>>>> CC: Liming Gao <liming.gao@intel.com>
>>>>
>>>>
>>>> CC: Marvin Häuser <mhaeuser@outlook.de>
>>>>
>>>>
>>>> CC: Mike Kinney <michael.d.kinney@intel.com>
>>>>
>>>>
>>>> CC: Vincent Zimmer <vincent.zimmer@intel.com>
>>>>
>>>>
>>>> CC: Zhichao Gao <zhichao.gao@intel.com>
>>>>
>>>>
>>>> Signed-off-by: Vitaly Cheptsov
>> <vit9696@protonmail.com>
>>>>
>>>>
>>>> ---
>>>>
>>>>
>>>> MdePkg/Include/Library/BaseLib.h | 120 ++--------
>> --
>>>> --------
>>>>
>>>>
>>>> MdePkg/Library/BaseLib/SafeString.c | 80 ----------
>> --
>>>> -
>>>>
>>>>
>>>> 2 files changed, 7 insertions(+), 193 deletions(-)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> diff --git a/MdePkg/Include/Library/BaseLib.h
>>>> b/MdePkg/Include/Library/BaseLib.h
>>>>
>>>>
>>>> index ecadff8b23..62dc3151bc 100644
>>>>
>>>>
>>>> --- a/MdePkg/Include/Library/BaseLib.h
>>>>
>>>>
>>>> +++ b/MdePkg/Include/Library/BaseLib.h
>>>>
>>>>
>>>> @@ -189,7 +189,6 @@ StrnSizeS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -225,7 +224,6 @@ StrCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Length > 0 and Destination is not aligned on a
>>>> 16-bit boundary, then ASSERT().
>>>>
>>>>
>>>> If Length > 0 and Source is not aligned on a 16-
>> bit
>>>> boundary, then ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -263,7 +261,6 @@ StrnCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -303,7 +300,6 @@ StrCatS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -350,12 +346,7 @@ StrnCatS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
>>>>
>>>>
>>>> the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>>
>>>>
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -528,12 +509,7 @@ StrHexToUintnS (
>>>>
>>>>
>>>> the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>>
>>>>
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strcpy_s defined in
>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -656,8 +630,6 @@ AsciiStrCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strncpy_s defined in
>>>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strcat_s defined in
>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -730,8 +700,6 @@ AsciiStrCatS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strncat_s defined in
>>>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -777,12 +745,6 @@ AsciiStrnCatS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>>
>>>>
>>>> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>>
>>>>
>>>> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
>>>>
>>>>
>>>> character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>>
>>>>
>>>> whichever on comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>>
>>>>
>>>> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
>>>>
>>>>
>>>> character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>>
>>>>
>>>> whichever on comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>>
>>>>
>>>> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
>>>>
>>>>
>>>> "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>>
>>>>
>>>> The "::" can only appear once in the String.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> by EndPointer.
>>>>
>>>>
>>>> @@ -1567,15 +1503,10 @@ StrToIpv6Address (
>>>>
>>>>
>>>> When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>>
>>>>
>>>> a valid decimal digit character after P is
>>>> converted.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> @@ -1640,8 +1571,6 @@ StrToIpv4Address (
>>>>
>>>>
>>>> oo Data4[48:55]
>>>>
>>>>
>>>> pp Data4[56:63]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Guid is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated Unicode string.
>>>>
>>>>
>>>> @@ -1676,17 +1605,6 @@ StrToGuid (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Buffer is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Length is not multiple of 2, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero and
>>>> Length is greater than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated Unicode string.
>>>>
>>>>
>>>> @param Length The number of
>>>> Unicode characters to decode.
>>>>
>>>>
>>>> @param Buffer Pointer to the
>>>> converted bytes array.
>>>>
>>>>
>>>> @@ -1777,7 +1695,6 @@ UnicodeStrToAsciiStr (
>>>>
>>>>
>>>> the upper 8 bits, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -1818,22 +1735,23 @@ UnicodeStrToAsciiStrS (
>>>>
>>>>
>>>> bits of each Unicode character. The function
>>>> terminates the Ascii string
>>>>
>>>>
>>>> Destination by appending a Null-terminator
>> character
>>>> at the end.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - The caller is responsible to make sure
>> Destination
>>>> points to a buffer with size
>>>>
>>>>
>>>> - equal or greater than ((StrLen (Source) + 1) *
>>>> sizeof (CHAR8)) in bytes.
>>>>
>>>>
>>>> + The caller is responsible to make sure
>> Destination
>>>> points to a buffer with
>>>>
>>>>
>>>> + size not smaller than ((MIN(StrLen(Source),
>> Length)
>>>> + 1) * sizeof (CHAR8))
>>>>
>>>>
>>>> + in bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If any Unicode characters in Source contain non-
>> zero
>>>> value in the upper 8
>>>>
>>>>
>>>> bits, then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>> + If an error is returned, then Destination and
>>>> DestinationLength are
>>>>
>>>>
>>>> + unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Source The pointer to a Null-
>>>> terminated Unicode string.
>>>>
>>>>
>>>> @param Length The maximum number of
>>>> Unicode characters to
>>>>
>>>>
>>>> convert.
>>>>
>>>>
>>>> @param Destination The pointer to a Null-
>>>> terminated Ascii string.
>>>>
>>>>
>>>> - @param DestMax The maximum number of
>>>> Destination Ascii
>>>>
>>>>
>>>> - char, including
>>>> terminating null char.
>>>>
>>>>
>>>> + @param DestMax The maximum number of
>>>> Destination Ascii char,
>>>>
>>>>
>>>> + including terminating
>>>> null char.
>>>>
>>>>
>>>> @param DestinationLength The number of Unicode
>>>> characters converted.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @retval RETURN_SUCCESS String is
>>>> converted.
>>>>
>>>>
>>>> @@ -2388,10 +2306,6 @@ AsciiStrHexToUint64 (
>>>>
>>>>
>>>> "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>>
>>>>
>>>> The "::" can only appear once in the String.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> by EndPointer.
>>>>
>>>>
>>>> @@ -2443,10 +2357,6 @@ AsciiStrToIpv6Address (
>>>>
>>>>
>>>> When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>>
>>>>
>>>> a valid decimal digit character after P is
>>>> converted.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> by EndPointer.
>>>>
>>>>
>>>> @@ -2508,9 +2418,6 @@ AsciiStrToIpv4Address (
>>>>
>>>>
>>>> oo Data4[48:55]
>>>>
>>>>
>>>> pp Data4[56:63]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Guid is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>>
>>>>
>>>> @param Guid Pointer to the
>>>> converted GUID.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -2541,17 +2448,6 @@ AsciiStrToGuid (
>>>>
>>>>
>>>> decoding stops after Length of characters and
>>>> outputs Buffer containing
>>>>
>>>>
>>>> (Length / 2) bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Buffer is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Length is not multiple of 2, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero and
>>>> Length is greater than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>>
>>>>
>>>> @param Length The number of
>> ASCII
>>>> characters to decode.
>>>>
>>>>
>>>> @param Buffer Pointer to the
>>>> converted bytes array.
>>>>
>>>>
>>>> @@ -2632,7 +2528,6 @@ AsciiStrToUnicodeStr (
>>>>
>>>>
>>>> equal or greater than ((AsciiStrLen (Source) + 1)
>> *
>>>> sizeof (CHAR16)) in bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -2678,7 +2573,6 @@ AsciiStrToUnicodeStrS (
>>>>
>>>>
>>>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>>>> (CHAR8)) in bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then Destination and
>>>> DestinationLength are
>>>>
>>>>
>>>> unmodified.
>>>>
>>>>
>>>> diff --git a/MdePkg/Library/BaseLib/SafeString.c
>>>> b/MdePkg/Library/BaseLib/SafeString.c
>>>>
>>>>
>>>> index 7dc03d2caa..1db42abb05 100644
>>>>
>>>>
>>>> --- a/MdePkg/Library/BaseLib/SafeString.c
>>>>
>>>>
>>>> +++ b/MdePkg/Library/BaseLib/SafeString.c
>>>>
>>>>
>>>> @@ -14,7 +14,6 @@
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
>>>> Status) \
>>>>
>>>>
>>>> do { \
>>>>
>>>>
>>>> - ASSERT (Expression); \
>>>>
>>>>
>>>> if (!(Expression)) { \
>>>>
>>>>
>>>> return Status; \
>>>>
>>>>
>>>> } \
>>>>
>>>>
>>>> @@ -197,7 +196,6 @@ StrnSizeS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -279,7 +277,6 @@ StrCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Length > 0 and Destination is not aligned on a
>>>> 16-bit boundary, then ASSERT().
>>>>
>>>>
>>>> If Length > 0 and Source is not aligned on a 16-
>> bit
>>>> boundary, then ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -372,7 +369,6 @@ StrnCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -473,7 +469,6 @@ StrCatS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -590,12 +585,7 @@ StrnCatS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
>>>>
>>>>
>>>> the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>>
>>>>
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -956,12 +936,7 @@ StrHexToUintnS (
>>>>
>>>>
>>>> the first character that is a not a valid
>>>> hexadecimal character or NULL,
>>>>
>>>>
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> If String is not aligned in a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumUnicodeStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumUnicodeStringLength Unicode characters,
>>>> not including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> @@ -1856,8 +1831,6 @@ AsciiStrCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strncpy_s defined in
>>>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -1944,8 +1917,6 @@ AsciiStrnCpyS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strcat_s defined in
>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -2040,8 +2011,6 @@ AsciiStrCatS (
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This function is similar as strncat_s defined in
>>>> C11.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @param Destination A pointer to a
>>>> Null-terminated Ascii string.
>>>>
>>>>
>>>> @@ -2154,12 +2123,6 @@ AsciiStrnCatS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>>
>>>>
>>>> @@ -2266,12 +2229,6 @@ AsciiStrDecimalToUintnS (
>>>>
>>>>
>>>> be ignored. Then, the function stops at the first
>>>> character that is a not a
>>>>
>>>>
>>>> valid decimal character or a Null-terminator,
>>>> whichever one comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid decimal digits in the above
>>>> format, then 0 is stored
>>>>
>>>>
>>>> at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>>
>>>>
>>>> @@ -2382,12 +2339,6 @@ AsciiStrDecimalToUint64S (
>>>>
>>>>
>>>> character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>>
>>>>
>>>> whichever on comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINTN, then
>>>>
>>>>
>>>> @@ -2509,12 +2460,6 @@ AsciiStrHexToUintnS (
>>>>
>>>>
>>>> character that is a not a valid hexadecimal
>>>> character or Null-terminator,
>>>>
>>>>
>>>> whichever on comes first.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Data is NULL, then ASSERT().
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero, and
>>>> String contains more than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength Ascii characters, not
>>>> including the
>>>>
>>>>
>>>> - Null-terminator, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If String has no valid hexadecimal digits in the
>>>> above format, then 0 is
>>>>
>>>>
>>>> stored at the location pointed to by Data.
>>>>
>>>>
>>>> If the number represented by String exceeds the
>>>> range defined by UINT64, then
>>>>
>>>>
>>>> @@ -2635,7 +2580,6 @@ AsciiStrHexToUint64S (
>>>>
>>>>
>>>> the upper 8 bits, then ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then the Destination is
>>>> unmodified.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -2735,7 +2679,6 @@ UnicodeStrToAsciiStrS (
>>>>
>>>>
>>>> If any Unicode characters in Source contain non-
>> zero
>>>> value in the upper 8
>>>>
>>>>
>>>> bits, then ASSERT().
>>>>
>>>>
>>>> If Source is not aligned on a 16-bit boundary,
>> then
>>>> ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then Destination and
>>>> DestinationLength are
>>>>
>>>>
>>>> unmodified.
>>>>
>>>>
>>>> @@ -2948,7 +2891,6 @@ AsciiStrToUnicodeStrS (
>>>>
>>>>
>>>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
>>>> (CHAR8)) in bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If Destination is not aligned on a 16-bit
>> boundary,
>>>> then ASSERT().
>>>>
>>>>
>>>> - If an error would be returned, then the function
>>>> will also ASSERT().
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> If an error is returned, then Destination and
>>>> DestinationLength are
>>>>
>>>>
>>>> unmodified.
>>>>
>>>>
>>>> @@ -3072,10 +3014,6 @@ AsciiStrnToUnicodeStrS (
>>>>
>>>>
>>>> "::" can be used to compress one or more groups of
>> X
>>>> when X contains only 0.
>>>>
>>>>
>>>> The "::" can only appear once in the String.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> by EndPointer.
>>>>
>>>>
>>>> @@ -3291,10 +3229,6 @@ AsciiStrToIpv6Address (
>>>>
>>>>
>>>> When /P is in the String, the function stops at
>> the
>>>> first character that is not
>>>>
>>>>
>>>> a valid decimal digit character after P is
>>>> converted.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Address is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> If EndPointer is not NULL and Address is
>> translated
>>>> from String, a pointer
>>>>
>>>>
>>>> to the character that stopped the scan is stored
>> at
>>>> the location pointed to
>>>>
>>>>
>>>> by EndPointer.
>>>>
>>>>
>>>> @@ -3448,9 +3382,6 @@ AsciiStrToIpv4Address (
>>>>
>>>>
>>>> oo Data4[48:55]
>>>>
>>>>
>>>> pp Data4[56:63]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> - If Guid is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>>
>>>>
>>>> @param Guid Pointer to the
>>>> converted GUID.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> @@ -3550,17 +3481,6 @@ AsciiStrToGuid (
>>>>
>>>>
>>>> decoding stops after Length of characters and
>>>> outputs Buffer containing
>>>>
>>>>
>>>> (Length / 2) bytes.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - If String is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Buffer is NULL, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If Length is not multiple of 2, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If PcdMaximumAsciiStringLength is not zero and
>>>> Length is greater than
>>>>
>>>>
>>>> - PcdMaximumAsciiStringLength, then ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> - If MaxBufferSize is less than (Length / 2), then
>>>> ASSERT().
>>>>
>>>>
>>>> -
>>>>
>>>>
>>>> @param String Pointer to a
>> Null-
>>>> terminated ASCII string.
>>>>
>>>>
>>>> @param Length The number of
>> ASCII
>>>> characters to decode.
>>>>
>>>>
>>>> @param Buffer Pointer to the
>>>> converted bytes array.
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> 2.24.2 (Apple Git-127)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
[-- Attachment #1.2: Type: text/html, Size: 88016 bytes --]
[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-05-14 18:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 9:25 [PATCH V6 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14 9:25 ` [PATCH V6 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-14 13:35 ` Laszlo Ersek
2020-05-14 16:38 ` [edk2-devel] " Michael D Kinney
2020-05-14 17:39 ` Vitaly Cheptsov
2020-05-14 17:58 ` Michael D Kinney
2020-05-14 18:59 ` Vitaly Cheptsov [this message]
2020-05-14 19:45 ` Ard Biesheuvel
2020-05-14 21:07 ` Michael D Kinney
2020-05-14 21:15 ` [EXTERNAL] " Bret Barkelew
2020-05-14 22:14 ` Michael D Kinney
2020-05-15 9:28 ` Marvin Häuser
2020-05-15 9:30 ` [EXTERNAL] " Vitaly Cheptsov
2020-05-15 15:26 ` Bret Barkelew
2020-05-14 11:33 ` [edk2-devel] [PATCH V6 0/1] Disable safe string constraint assertions Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=EEAC21EB-5AB3-49AF-A894-4D9A026F2236@ispras.ru \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox