Mike, The code you posted may inflict undefined behaviour is not valid C for several reasons. The compiler is free to do whatever it desires. Please refer to ISO/IEC 9899 for more details. If applications cast raw pointers to typed pointers without checking their alignment, well, god bless them :) My opinion is both the compiler and the hardware are welcome to do the worst once your third line is discovered. On a number of CPUs such addresses cannot be even represented in the first place. Yet, once again it is out of the scope of the current problem. Best wishes, Vitaly > 14 мая 2020 г., в 20:58, Kinney, Michael D написал(а): > > Vitaly, > > Why do you think there is no way to craft an odd address > without memory corruption. > > UINT8 ByteArray[100]; > CHAR16 *String > > String = (CHAR16 *)(&Array[3]); > > The reason I raised the question of these other ASSERT()s > is that I thought the use case was using these safe string > APIs from a UEFI App, and the UEFI App always wants to evaluate > the return status to know if the operation was completed or > not. In build that removes all ASSERT()s, an odd address > will generate an exception on some CPU archs. Wouldn’t it > be better for the UEFI App that is already designed to handle > error return status to get an error code instead of an > exception? > > Mike > >> -----Original Message----- >> From: devel@edk2.groups.io > On >> Behalf Of Vitaly Cheptsov >> Sent: Thursday, May 14, 2020 10:39 AM >> To: Kinney, Michael D > >> Cc: devel@edk2.groups.io ; Andrew Fish >> >; Ard Biesheuvel >> >; Bret Barkelew >> >; Brian J . Johnson >> >; Chiu, Chasel >> >; Justen, Jordan L >> >; Laszlo Ersek >> >; Leif Lindholm >; >> Gao, Liming >; Marvin Häuser >> >; Zimmer, Vincent >> >; Gao, Zhichao >> > >> Subject: Re: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix >> SafeString performing assertions on runtime checks >> >> Mike, >> >> Firstly, NULL check and odd-address checks are >> essentially different things: >> — NULL address is basically «no object», «optional >> argument» (e.g. failed allocation). >> — Odd address is memory corruption, as there is no way >> to craft such address anyhow else. >> For this reason the implementation is allowed to treat >> them differently. >> >> Secondly, as I said in my cover letter there is no >> behaviour change here for RELEASE builds. Behaviour >> changes unrelated to the bugfix will have to go to a >> separate patch. I agree that we may want to reconsider >> the interface in the future, but that’s for a separate >> bugzilla and patch. Not discussing it currently is >> important to avoid diverting from the primary problem. >> Could create a bugzilla not to forget about it soon >> after the stable tag. >> >> Best wishes, >> Vitaly >> >>> 14 мая 2020 г., в 19:38, Kinney, Michael D >> написал(а): >>> >>> Why preserve the ASSERT()s for an a Unicode strings >>> that are not aligned in a 16-bit boundary? >>> >>> This is essentially the same as an invalid pointer >> value >>> just like NULL. If NULL pointer returns an error >> code, >>> shouldn't and invalid pointer value? >>> >>> Thanks, >>> >>> Mike >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io On >>>> Behalf Of Vitaly Cheptsov >>>> Sent: Thursday, May 14, 2020 2:26 AM >>>> To: devel@edk2.groups.io >>>> Cc: Andrew Fish ; Ard Biesheuvel >>>> ; Bret Barkelew >>>> ; Brian J . Johnson >>>> ; Chiu, Chasel >>>> ; Justen, Jordan L >>>> ; Laszlo Ersek >>>> ; Leif Lindholm >> ; >>>> Gao, Liming ; Marvin Häuser >>>> ; Kinney, Michael D >>>> ; Zimmer, Vincent >>>> ; Gao, Zhichao >>>> >>>> Subject: [edk2-devel] [PATCH V6 1/1] MdePkg: Fix >>>> SafeString performing assertions on runtime checks >>>> >>>> REF: >>>> https://bugzilla.tianocore.org/show_bug.cgi?id=2054 >>>> >>>> >>>> >>>> >>>> >>>> Runtime checks returned via status return code >> should >>>> not work as >>>> >>>> >>>> assertions to permit parsing not trusted data with >>>> SafeString >>>> >>>> >>>> interfaces. >>>> >>>> >>>> >>>> >>>> >>>> CC: Andrew Fish >>>> >>>> >>>> CC: Ard Biesheuvel >>>> >>>> >>>> CC: Bret Barkelew >>>> >>>> >>>> CC: Brian J. Johnson >>>> >>>> >>>> CC: Chasel Chiu >>>> >>>> >>>> CC: Jordan Justen >>>> >>>> >>>> CC: Laszlo Ersek >>>> >>>> >>>> CC: Leif Lindholm >>>> >>>> >>>> CC: Liming Gao >>>> >>>> >>>> CC: Marvin Häuser >>>> >>>> >>>> CC: Mike Kinney >>>> >>>> >>>> CC: Vincent Zimmer >>>> >>>> >>>> CC: Zhichao Gao >>>> >>>> >>>> Signed-off-by: Vitaly Cheptsov >> >>>> >>>> >>>> --- >>>> >>>> >>>> MdePkg/Include/Library/BaseLib.h | 120 ++-------- >> -- >>>> -------- >>>> >>>> >>>> MdePkg/Library/BaseLib/SafeString.c | 80 ---------- >> -- >>>> - >>>> >>>> >>>> 2 files changed, 7 insertions(+), 193 deletions(-) >>>> >>>> >>>> >>>> >>>> >>>> diff --git a/MdePkg/Include/Library/BaseLib.h >>>> b/MdePkg/Include/Library/BaseLib.h >>>> >>>> >>>> index ecadff8b23..62dc3151bc 100644 >>>> >>>> >>>> --- a/MdePkg/Include/Library/BaseLib.h >>>> >>>> >>>> +++ b/MdePkg/Include/Library/BaseLib.h >>>> >>>> >>>> @@ -189,7 +189,6 @@ StrnSizeS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -225,7 +224,6 @@ StrCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> If Length > 0 and Destination is not aligned on a >>>> 16-bit boundary, then ASSERT(). >>>> >>>> >>>> If Length > 0 and Source is not aligned on a 16- >> bit >>>> boundary, then ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -263,7 +261,6 @@ StrnCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -303,7 +300,6 @@ StrCatS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -350,12 +346,7 @@ StrnCatS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> @@ -406,12 +397,7 @@ StrDecimalToUintnS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> @@ -467,12 +453,7 @@ StrDecimalToUint64S ( >>>> >>>> >>>> the first character that is a not a valid >>>> hexadecimal character or NULL, >>>> >>>> >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> @@ -528,12 +509,7 @@ StrHexToUintnS ( >>>> >>>> >>>> the first character that is a not a valid >>>> hexadecimal character or NULL, >>>> >>>> >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> @@ -622,8 +598,6 @@ AsciiStrnSizeS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strcpy_s defined in >> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -656,8 +630,6 @@ AsciiStrCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strncpy_s defined in >>>> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -692,8 +664,6 @@ AsciiStrnCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strcat_s defined in >> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -730,8 +700,6 @@ AsciiStrCatS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strncat_s defined in >>>> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -777,12 +745,6 @@ AsciiStrnCatS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINTN, then >>>> >>>> >>>> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINT64, then >>>> >>>> >>>> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S ( >>>> >>>> >>>> character that is a not a valid hexadecimal >>>> character or Null-terminator, >>>> >>>> >>>> whichever on comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINTN, then >>>> >>>> >>>> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS ( >>>> >>>> >>>> character that is a not a valid hexadecimal >>>> character or Null-terminator, >>>> >>>> >>>> whichever on comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINT64, then >>>> >>>> >>>> @@ -1506,16 +1450,8 @@ StrHexToUint64 ( >>>> >>>> >>>> "::" can be used to compress one or more groups of >> X >>>> when X contains only 0. >>>> >>>> >>>> The "::" can only appear once in the String. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> by EndPointer. >>>> >>>> >>>> @@ -1567,15 +1503,10 @@ StrToIpv6Address ( >>>> >>>> >>>> When /P is in the String, the function stops at >> the >>>> first character that is not >>>> >>>> >>>> a valid decimal digit character after P is >>>> converted. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> @@ -1640,8 +1571,6 @@ StrToIpv4Address ( >>>> >>>> >>>> oo Data4[48:55] >>>> >>>> >>>> pp Data4[56:63] >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Guid is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated Unicode string. >>>> >>>> >>>> @@ -1676,17 +1605,6 @@ StrToGuid ( >>>> >>>> >>>> >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Buffer is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Length is not multiple of 2, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero and >>>> Length is greater than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If MaxBufferSize is less than (Length / 2), then >>>> ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated Unicode string. >>>> >>>> >>>> @param Length The number of >>>> Unicode characters to decode. >>>> >>>> >>>> @param Buffer Pointer to the >>>> converted bytes array. >>>> >>>> >>>> @@ -1777,7 +1695,6 @@ UnicodeStrToAsciiStr ( >>>> >>>> >>>> the upper 8 bits, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -1818,22 +1735,23 @@ UnicodeStrToAsciiStrS ( >>>> >>>> >>>> bits of each Unicode character. The function >>>> terminates the Ascii string >>>> >>>> >>>> Destination by appending a Null-terminator >> character >>>> at the end. >>>> >>>> >>>> >>>> >>>> >>>> - The caller is responsible to make sure >> Destination >>>> points to a buffer with size >>>> >>>> >>>> - equal or greater than ((StrLen (Source) + 1) * >>>> sizeof (CHAR8)) in bytes. >>>> >>>> >>>> + The caller is responsible to make sure >> Destination >>>> points to a buffer with >>>> >>>> >>>> + size not smaller than ((MIN(StrLen(Source), >> Length) >>>> + 1) * sizeof (CHAR8)) >>>> >>>> >>>> + in bytes. >>>> >>>> >>>> >>>> >>>> >>>> If any Unicode characters in Source contain non- >> zero >>>> value in the upper 8 >>>> >>>> >>>> bits, then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> - If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> + If an error is returned, then Destination and >>>> DestinationLength are >>>> >>>> >>>> + unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Source The pointer to a Null- >>>> terminated Unicode string. >>>> >>>> >>>> @param Length The maximum number of >>>> Unicode characters to >>>> >>>> >>>> convert. >>>> >>>> >>>> @param Destination The pointer to a Null- >>>> terminated Ascii string. >>>> >>>> >>>> - @param DestMax The maximum number of >>>> Destination Ascii >>>> >>>> >>>> - char, including >>>> terminating null char. >>>> >>>> >>>> + @param DestMax The maximum number of >>>> Destination Ascii char, >>>> >>>> >>>> + including terminating >>>> null char. >>>> >>>> >>>> @param DestinationLength The number of Unicode >>>> characters converted. >>>> >>>> >>>> >>>> >>>> >>>> @retval RETURN_SUCCESS String is >>>> converted. >>>> >>>> >>>> @@ -2388,10 +2306,6 @@ AsciiStrHexToUint64 ( >>>> >>>> >>>> "::" can be used to compress one or more groups of >> X >>>> when X contains only 0. >>>> >>>> >>>> The "::" can only appear once in the String. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> by EndPointer. >>>> >>>> >>>> @@ -2443,10 +2357,6 @@ AsciiStrToIpv6Address ( >>>> >>>> >>>> When /P is in the String, the function stops at >> the >>>> first character that is not >>>> >>>> >>>> a valid decimal digit character after P is >>>> converted. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> by EndPointer. >>>> >>>> >>>> @@ -2508,9 +2418,6 @@ AsciiStrToIpv4Address ( >>>> >>>> >>>> oo Data4[48:55] >>>> >>>> >>>> pp Data4[56:63] >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Guid is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated ASCII string. >>>> >>>> >>>> @param Guid Pointer to the >>>> converted GUID. >>>> >>>> >>>> >>>> >>>> >>>> @@ -2541,17 +2448,6 @@ AsciiStrToGuid ( >>>> >>>> >>>> decoding stops after Length of characters and >>>> outputs Buffer containing >>>> >>>> >>>> (Length / 2) bytes. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Buffer is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Length is not multiple of 2, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero and >>>> Length is greater than >>>> >>>> >>>> - PcdMaximumAsciiStringLength, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If MaxBufferSize is less than (Length / 2), then >>>> ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated ASCII string. >>>> >>>> >>>> @param Length The number of >> ASCII >>>> characters to decode. >>>> >>>> >>>> @param Buffer Pointer to the >>>> converted bytes array. >>>> >>>> >>>> @@ -2632,7 +2528,6 @@ AsciiStrToUnicodeStr ( >>>> >>>> >>>> equal or greater than ((AsciiStrLen (Source) + 1) >> * >>>> sizeof (CHAR16)) in bytes. >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -2678,7 +2573,6 @@ AsciiStrToUnicodeStrS ( >>>> >>>> >>>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof >>>> (CHAR8)) in bytes. >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then Destination and >>>> DestinationLength are >>>> >>>> >>>> unmodified. >>>> >>>> >>>> diff --git a/MdePkg/Library/BaseLib/SafeString.c >>>> b/MdePkg/Library/BaseLib/SafeString.c >>>> >>>> >>>> index 7dc03d2caa..1db42abb05 100644 >>>> >>>> >>>> --- a/MdePkg/Library/BaseLib/SafeString.c >>>> >>>> >>>> +++ b/MdePkg/Library/BaseLib/SafeString.c >>>> >>>> >>>> @@ -14,7 +14,6 @@ >>>> >>>> >>>> >>>> >>>> >>>> #define SAFE_STRING_CONSTRAINT_CHECK(Expression, >>>> Status) \ >>>> >>>> >>>> do { \ >>>> >>>> >>>> - ASSERT (Expression); \ >>>> >>>> >>>> if (!(Expression)) { \ >>>> >>>> >>>> return Status; \ >>>> >>>> >>>> } \ >>>> >>>> >>>> @@ -197,7 +196,6 @@ StrnSizeS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -279,7 +277,6 @@ StrCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> If Length > 0 and Destination is not aligned on a >>>> 16-bit boundary, then ASSERT(). >>>> >>>> >>>> If Length > 0 and Source is not aligned on a 16- >> bit >>>> boundary, then ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -372,7 +369,6 @@ StrnCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -473,7 +469,6 @@ StrCatS ( >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -590,12 +585,7 @@ StrnCatS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> @@ -705,12 +695,7 @@ StrDecimalToUintnS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> @@ -825,12 +810,7 @@ StrDecimalToUint64S ( >>>> >>>> >>>> the first character that is a not a valid >>>> hexadecimal character or NULL, >>>> >>>> >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> @@ -956,12 +936,7 @@ StrHexToUintnS ( >>>> >>>> >>>> the first character that is a not a valid >>>> hexadecimal character or NULL, >>>> >>>> >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> If String is not aligned in a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If PcdMaximumUnicodeStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumUnicodeStringLength Unicode characters, >>>> not including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> @@ -1856,8 +1831,6 @@ AsciiStrCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strncpy_s defined in >>>> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -1944,8 +1917,6 @@ AsciiStrnCpyS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strcat_s defined in >> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -2040,8 +2011,6 @@ AsciiStrCatS ( >>>> >>>> >>>> >>>> >>>> >>>> This function is similar as strncat_s defined in >>>> C11. >>>> >>>> >>>> >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @param Destination A pointer to a >>>> Null-terminated Ascii string. >>>> >>>> >>>> @@ -2154,12 +2123,6 @@ AsciiStrnCatS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINTN, then >>>> >>>> >>>> @@ -2266,12 +2229,6 @@ AsciiStrDecimalToUintnS ( >>>> >>>> >>>> be ignored. Then, the function stops at the first >>>> character that is a not a >>>> >>>> >>>> valid decimal character or a Null-terminator, >>>> whichever one comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid decimal digits in the above >>>> format, then 0 is stored >>>> >>>> >>>> at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINT64, then >>>> >>>> >>>> @@ -2382,12 +2339,6 @@ AsciiStrDecimalToUint64S ( >>>> >>>> >>>> character that is a not a valid hexadecimal >>>> character or Null-terminator, >>>> >>>> >>>> whichever on comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINTN, then >>>> >>>> >>>> @@ -2509,12 +2460,6 @@ AsciiStrHexToUintnS ( >>>> >>>> >>>> character that is a not a valid hexadecimal >>>> character or Null-terminator, >>>> >>>> >>>> whichever on comes first. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Data is NULL, then ASSERT(). >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero, and >>>> String contains more than >>>> >>>> >>>> - PcdMaximumAsciiStringLength Ascii characters, not >>>> including the >>>> >>>> >>>> - Null-terminator, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If String has no valid hexadecimal digits in the >>>> above format, then 0 is >>>> >>>> >>>> stored at the location pointed to by Data. >>>> >>>> >>>> If the number represented by String exceeds the >>>> range defined by UINT64, then >>>> >>>> >>>> @@ -2635,7 +2580,6 @@ AsciiStrHexToUint64S ( >>>> >>>> >>>> the upper 8 bits, then ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then the Destination is >>>> unmodified. >>>> >>>> >>>> >>>> >>>> >>>> @@ -2735,7 +2679,6 @@ UnicodeStrToAsciiStrS ( >>>> >>>> >>>> If any Unicode characters in Source contain non- >> zero >>>> value in the upper 8 >>>> >>>> >>>> bits, then ASSERT(). >>>> >>>> >>>> If Source is not aligned on a 16-bit boundary, >> then >>>> ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then Destination and >>>> DestinationLength are >>>> >>>> >>>> unmodified. >>>> >>>> >>>> @@ -2948,7 +2891,6 @@ AsciiStrToUnicodeStrS ( >>>> >>>> >>>> ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof >>>> (CHAR8)) in bytes. >>>> >>>> >>>> >>>> >>>> >>>> If Destination is not aligned on a 16-bit >> boundary, >>>> then ASSERT(). >>>> >>>> >>>> - If an error would be returned, then the function >>>> will also ASSERT(). >>>> >>>> >>>> >>>> >>>> >>>> If an error is returned, then Destination and >>>> DestinationLength are >>>> >>>> >>>> unmodified. >>>> >>>> >>>> @@ -3072,10 +3014,6 @@ AsciiStrnToUnicodeStrS ( >>>> >>>> >>>> "::" can be used to compress one or more groups of >> X >>>> when X contains only 0. >>>> >>>> >>>> The "::" can only appear once in the String. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> by EndPointer. >>>> >>>> >>>> @@ -3291,10 +3229,6 @@ AsciiStrToIpv6Address ( >>>> >>>> >>>> When /P is in the String, the function stops at >> the >>>> first character that is not >>>> >>>> >>>> a valid decimal digit character after P is >>>> converted. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Address is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> If EndPointer is not NULL and Address is >> translated >>>> from String, a pointer >>>> >>>> >>>> to the character that stopped the scan is stored >> at >>>> the location pointed to >>>> >>>> >>>> by EndPointer. >>>> >>>> >>>> @@ -3448,9 +3382,6 @@ AsciiStrToIpv4Address ( >>>> >>>> >>>> oo Data4[48:55] >>>> >>>> >>>> pp Data4[56:63] >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - If Guid is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated ASCII string. >>>> >>>> >>>> @param Guid Pointer to the >>>> converted GUID. >>>> >>>> >>>> >>>> >>>> >>>> @@ -3550,17 +3481,6 @@ AsciiStrToGuid ( >>>> >>>> >>>> decoding stops after Length of characters and >>>> outputs Buffer containing >>>> >>>> >>>> (Length / 2) bytes. >>>> >>>> >>>> >>>> >>>> >>>> - If String is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Buffer is NULL, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If Length is not multiple of 2, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If PcdMaximumAsciiStringLength is not zero and >>>> Length is greater than >>>> >>>> >>>> - PcdMaximumAsciiStringLength, then ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> - If MaxBufferSize is less than (Length / 2), then >>>> ASSERT(). >>>> >>>> >>>> - >>>> >>>> >>>> @param String Pointer to a >> Null- >>>> terminated ASCII string. >>>> >>>> >>>> @param Length The number of >> ASCII >>>> characters to decode. >>>> >>>> >>>> @param Buffer Pointer to the >>>> converted bytes array. >>>> >>>> >>>> -- >>>> >>>> >>>> 2.24.2 (Apple Git-127) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >> >> >>