public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"cheptsov@ispras.ru" <cheptsov@ispras.ru>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Andrew Fish" <afish@apple.com>,
	"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
	"Bret Barkelew" <bret.barkelew@microsoft.com>,
	"Brian J . Johnson" <brian.johnson@hpe.com>,
	"Chiu, Chasel" <chasel.chiu@intel.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>,
	"Laszlo Ersek" <lersek@redhat.com>,
	"Leif Lindholm" <leif@nuviainc.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"Marvin Häuser" <mhaeuser@outlook.de>,
	"Zimmer, Vincent" <vincent.zimmer@intel.com>,
	"Gao, Zhichao" <zhichao.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks
Date: Mon, 18 May 2020 17:04:20 +0000	[thread overview]
Message-ID: <MN2PR11MB44612906D88F2FCA03C61DA0D2B80@MN2PR11MB4461.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20200514173131.38072-2-cheptsov@ispras.ru>

Vitaly,

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

I agree that can go in now for the stable tag.

The only additional comment I have received is if a DEBUG() message
can be added where the ASSERT() was removed.  Perhaps only at the
DEBUG_VERBOSE level that is not usually enabled by default.  A 
developer that wants to see SAFE_STRING_CONSTRAINT_CHECK() conditions
that fail would need to enable DEBUG_VERBOSE messages.

Thanks,

Mike


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On
> Behalf Of Vitaly Cheptsov
> Sent: Thursday, May 14, 2020 10:32 AM
> To: devel@edk2.groups.io
> Cc: Andrew Fish <afish@apple.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Bret Barkelew
> <bret.barkelew@microsoft.com>; Brian J . Johnson
> <brian.johnson@hpe.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Leif Lindholm <leif@nuviainc.com>;
> Gao, Liming <liming.gao@intel.com>; Marvin Häuser
> <mhaeuser@outlook.de>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Gao, Zhichao
> <zhichao.gao@intel.com>
> Subject: [edk2-devel] [PATCH V7 1/1] MdePkg: Fix
> SafeString performing assertions on runtime checks
> 
> REF:
> https://bugzilla.tianocore.org/show_bug.cgi?id=2054
> 
> Runtime checks returned via status return code should
> not work as
> assertions to permit parsing not trusted data with
> SafeString
> interfaces.
> 
> CC: Andrew Fish <afish@apple.com>
> CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> CC: Bret Barkelew <bret.barkelew@microsoft.com>
> CC: Brian J. Johnson <brian.johnson@hpe.com>
> CC: Chasel Chiu <chasel.chiu@intel.com>
> CC: Jordan Justen <jordan.l.justen@intel.com>
> CC: Laszlo Ersek <lersek@redhat.com>
> CC: Leif Lindholm <leif@nuviainc.com>
> CC: Liming Gao <liming.gao@intel.com>
> CC: Marvin Häuser <mhaeuser@outlook.de>
> CC: Mike Kinney <michael.d.kinney@intel.com>
> CC: Vincent Zimmer <vincent.zimmer@intel.com>
> CC: Zhichao Gao <zhichao.gao@intel.com>
> Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
> ---
>  MdePkg/Include/Library/BaseLib.h    | 111 ------------
> -------
>  MdePkg/Library/BaseLib/SafeString.c | 112 ------------
> --------
>  2 files changed, 223 deletions(-)
> 
> diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
> index ecadff8b23..2c194ad943 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -189,7 +189,6 @@ StrnSizeS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -225,7 +224,6 @@ StrCpyS (
> 
> 
> 
>    If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
> 
> 
>    If Length > 0 and Source is not aligned on a 16-bit
> boundary, then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -263,7 +261,6 @@ StrnCpyS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -303,7 +300,6 @@ StrCatS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -350,12 +346,7 @@ StrnCatS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
> @@ -406,12 +397,7 @@ StrDecimalToUintnS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
> @@ -467,12 +453,7 @@ StrDecimalToUint64S (
>    the first character that is a not a valid
> hexadecimal character or NULL,
> 
> 
>    whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
> @@ -528,12 +509,7 @@ StrHexToUintnS (
>    the first character that is a not a valid
> hexadecimal character or NULL,
> 
> 
>    whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
> @@ -622,8 +598,6 @@ AsciiStrnSizeS (
> 
> 
> 
>    This function is similar as strcpy_s defined in C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -656,8 +630,6 @@ AsciiStrCpyS (
> 
> 
> 
>    This function is similar as strncpy_s defined in
> C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -692,8 +664,6 @@ AsciiStrnCpyS (
> 
> 
> 
>    This function is similar as strcat_s defined in C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -730,8 +700,6 @@ AsciiStrCatS (
> 
> 
> 
>    This function is similar as strncat_s defined in
> C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -777,12 +745,6 @@ AsciiStrnCatS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINTN, then
> 
> 
> @@ -832,12 +794,6 @@ AsciiStrDecimalToUintnS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINT64, then
> 
> 
> @@ -891,12 +847,6 @@ AsciiStrDecimalToUint64S (
>    character that is a not a valid hexadecimal
> character or Null-terminator,
> 
> 
>    whichever on comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINTN, then
> 
> 
> @@ -950,12 +900,6 @@ AsciiStrHexToUintnS (
>    character that is a not a valid hexadecimal
> character or Null-terminator,
> 
> 
>    whichever on comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINT64, then
> 
> 
> @@ -1506,16 +1450,8 @@ StrHexToUint64 (
>    "::" can be used to compress one or more groups of X
> when X contains only 0.
> 
> 
>    The "::" can only appear once in the String.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -1567,16 +1503,8 @@ StrToIpv6Address (
>    When /P is in the String, the function stops at the
> first character that is not
> 
> 
>    a valid decimal digit character after P is
> converted.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -1640,8 +1568,6 @@ StrToIpv4Address (
>                    oo          Data4[48:55]
> 
> 
>                    pp          Data4[56:63]
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Guid is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
>    @param  String                   Pointer to a Null-
> terminated Unicode string.
> 
> 
> @@ -1676,17 +1602,6 @@ StrToGuid (
> 
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Buffer is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Length is not multiple of 2, then ASSERT().
> 
> 
> -
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero and
> Length is greater than
> 
> 
> -  PcdMaximumUnicodeStringLength, then ASSERT().
> 
> 
> -
> 
> 
> -  If MaxBufferSize is less than (Length / 2), then
> ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated Unicode string.
> 
> 
>    @param  Length                   The number of
> Unicode characters to decode.
> 
> 
>    @param  Buffer                   Pointer to the
> converted bytes array.
> 
> 
> @@ -1777,7 +1692,6 @@ UnicodeStrToAsciiStr (
>    the upper 8 bits, then ASSERT().
> 
> 
> 
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -1824,7 +1738,6 @@ UnicodeStrToAsciiStrS (
>    If any Unicode characters in Source contain non-zero
> value in the upper 8
> 
> 
>    bits, then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -2388,10 +2301,6 @@ AsciiStrHexToUint64 (
>    "::" can be used to compress one or more groups of X
> when X contains only 0.
> 
> 
>    The "::" can only appear once in the String.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -2443,10 +2352,6 @@ AsciiStrToIpv6Address (
>    When /P is in the String, the function stops at the
> first character that is not
> 
> 
>    a valid decimal digit character after P is
> converted.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -2508,9 +2413,6 @@ AsciiStrToIpv4Address (
>                    oo          Data4[48:55]
> 
> 
>                    pp          Data4[56:63]
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Guid is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated ASCII string.
> 
> 
>    @param  Guid                     Pointer to the
> converted GUID.
> 
> 
> 
> 
> 
> @@ -2541,17 +2443,6 @@ AsciiStrToGuid (
>    decoding stops after Length of characters and
> outputs Buffer containing
> 
> 
>    (Length / 2) bytes.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Buffer is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Length is not multiple of 2, then ASSERT().
> 
> 
> -
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
> 
> 
> -  PcdMaximumAsciiStringLength, then ASSERT().
> 
> 
> -
> 
> 
> -  If MaxBufferSize is less than (Length / 2), then
> ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated ASCII string.
> 
> 
>    @param  Length                   The number of ASCII
> characters to decode.
> 
> 
>    @param  Buffer                   Pointer to the
> converted bytes array.
> 
> 
> @@ -2632,7 +2523,6 @@ AsciiStrToUnicodeStr (
>    equal or greater than ((AsciiStrLen (Source) + 1) *
> sizeof (CHAR16)) in bytes.
> 
> 
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -2678,7 +2568,6 @@ AsciiStrToUnicodeStrS (
>    ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
> 
> 
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then Destination and
> DestinationLength are
> 
> 
>    unmodified.
> 
> 
> diff --git a/MdePkg/Library/BaseLib/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> index 7dc03d2caa..41d9137b83 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -14,7 +14,6 @@
> 
> 
> 
>  #define SAFE_STRING_CONSTRAINT_CHECK(Expression,
> Status)  \
> 
> 
>    do { \
> 
> 
> -    ASSERT (Expression); \
> 
> 
>      if (!(Expression)) { \
> 
> 
>        return Status; \
> 
> 
>      } \
> 
> 
> @@ -197,7 +196,6 @@ StrnSizeS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -279,7 +277,6 @@ StrCpyS (
> 
> 
> 
>    If Length > 0 and Destination is not aligned on a
> 16-bit boundary, then ASSERT().
> 
> 
>    If Length > 0 and Source is not aligned on a 16-bit
> boundary, then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -372,7 +369,6 @@ StrnCpyS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -473,7 +469,6 @@ StrCatS (
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -590,12 +585,7 @@ StrnCatS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
> @@ -705,12 +695,7 @@ StrDecimalToUintnS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
> @@ -825,12 +810,7 @@ StrDecimalToUint64S (
>    the first character that is a not a valid
> hexadecimal character or NULL,
> 
> 
>    whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
> @@ -956,12 +936,7 @@ StrHexToUintnS (
>    the first character that is a not a valid
> hexadecimal character or NULL,
> 
> 
>    whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> 
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
> @@ -1091,16 +1066,8 @@ StrHexToUint64S (
>    "::" can be used to compress one or more groups of X
> when X contains only 0.
> 
> 
>    The "::" can only appear once in the String.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -1317,16 +1284,8 @@ StrToIpv6Address (
>    When /P is in the String, the function stops at the
> first character that is not
> 
> 
>    a valid decimal digit character after P is
> converted.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumUnicodeStringLength Unicode characters,
> not including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -1482,8 +1441,6 @@ StrToIpv4Address (
>                    oo          Data4[48:55]
> 
> 
>                    pp          Data4[56:63]
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Guid is NULL, then ASSERT().
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
>    @param  String                   Pointer to a Null-
> terminated Unicode string.
> 
> 
> @@ -1589,17 +1546,6 @@ StrToGuid (
> 
> 
> 
>    If String is not aligned in a 16-bit boundary, then
> ASSERT().
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Buffer is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Length is not multiple of 2, then ASSERT().
> 
> 
> -
> 
> 
> -  If PcdMaximumUnicodeStringLength is not zero and
> Length is greater than
> 
> 
> -  PcdMaximumUnicodeStringLength, then ASSERT().
> 
> 
> -
> 
> 
> -  If MaxBufferSize is less than (Length / 2), then
> ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated Unicode string.
> 
> 
>    @param  Length                   The number of
> Unicode characters to decode.
> 
> 
>    @param  Buffer                   Pointer to the
> converted bytes array.
> 
> 
> @@ -1779,8 +1725,6 @@ AsciiStrnSizeS (
> 
> 
> 
>    This function is similar as strcpy_s defined in C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -1856,8 +1800,6 @@ AsciiStrCpyS (
> 
> 
> 
>    This function is similar as strncpy_s defined in
> C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -1944,8 +1886,6 @@ AsciiStrnCpyS (
> 
> 
> 
>    This function is similar as strcat_s defined in C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -2040,8 +1980,6 @@ AsciiStrCatS (
> 
> 
> 
>    This function is similar as strncat_s defined in
> C11.
> 
> 
> 
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> -
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
>    @param  Destination              A pointer to a
> Null-terminated Ascii string.
> 
> 
> @@ -2154,12 +2092,6 @@ AsciiStrnCatS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINTN, then
> 
> 
> @@ -2266,12 +2198,6 @@ AsciiStrDecimalToUintnS (
>    be ignored. Then, the function stops at the first
> character that is a not a
> 
> 
>    valid decimal character or a Null-terminator,
> whichever one comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid decimal digits in the above
> format, then 0 is stored
> 
> 
>    at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINT64, then
> 
> 
> @@ -2382,12 +2308,6 @@ AsciiStrDecimalToUint64S (
>    character that is a not a valid hexadecimal
> character or Null-terminator,
> 
> 
>    whichever on comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINTN, then
> 
> 
> @@ -2509,12 +2429,6 @@ AsciiStrHexToUintnS (
>    character that is a not a valid hexadecimal
> character or Null-terminator,
> 
> 
>    whichever on comes first.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Data is NULL, then ASSERT().
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero, and
> String contains more than
> 
> 
> -  PcdMaximumAsciiStringLength Ascii characters, not
> including the
> 
> 
> -  Null-terminator, then ASSERT().
> 
> 
> -
> 
> 
>    If String has no valid hexadecimal digits in the
> above format, then 0 is
> 
> 
>    stored at the location pointed to by Data.
> 
> 
>    If the number represented by String exceeds the
> range defined by UINT64, then
> 
> 
> @@ -2635,7 +2549,6 @@ AsciiStrHexToUint64S (
>    the upper 8 bits, then ASSERT().
> 
> 
> 
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -2735,7 +2648,6 @@ UnicodeStrToAsciiStrS (
>    If any Unicode characters in Source contain non-zero
> value in the upper 8
> 
> 
>    bits, then ASSERT().
> 
> 
>    If Source is not aligned on a 16-bit boundary, then
> ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then Destination and
> DestinationLength are
> 
> 
>    unmodified.
> 
> 
> @@ -2855,7 +2767,6 @@ UnicodeStrnToAsciiStrS (
>    equal or greater than ((AsciiStrLen (Source) + 1) *
> sizeof (CHAR16)) in bytes.
> 
> 
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then the Destination is
> unmodified.
> 
> 
> 
> 
> 
> @@ -2948,7 +2859,6 @@ AsciiStrToUnicodeStrS (
>    ((MIN(AsciiStrLen(Source), Length) + 1) * sizeof
> (CHAR8)) in bytes.
> 
> 
> 
> 
> 
>    If Destination is not aligned on a 16-bit boundary,
> then ASSERT().
> 
> 
> -  If an error would be returned, then the function
> will also ASSERT().
> 
> 
> 
> 
> 
>    If an error is returned, then Destination and
> DestinationLength are
> 
> 
>    unmodified.
> 
> 
> @@ -3072,10 +2982,6 @@ AsciiStrnToUnicodeStrS (
>    "::" can be used to compress one or more groups of X
> when X contains only 0.
> 
> 
>    The "::" can only appear once in the String.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -3291,10 +3197,6 @@ AsciiStrToIpv6Address (
>    When /P is in the String, the function stops at the
> first character that is not
> 
> 
>    a valid decimal digit character after P is
> converted.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Address is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    If EndPointer is not NULL and Address is translated
> from String, a pointer
> 
> 
>    to the character that stopped the scan is stored at
> the location pointed to
> 
> 
>    by EndPointer.
> 
> 
> @@ -3448,9 +3350,6 @@ AsciiStrToIpv4Address (
>                    oo          Data4[48:55]
> 
> 
>                    pp          Data4[56:63]
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -  If Guid is NULL, then ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated ASCII string.
> 
> 
>    @param  Guid                     Pointer to the
> converted GUID.
> 
> 
> 
> 
> 
> @@ -3550,17 +3449,6 @@ AsciiStrToGuid (
>    decoding stops after Length of characters and
> outputs Buffer containing
> 
> 
>    (Length / 2) bytes.
> 
> 
> 
> 
> 
> -  If String is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Buffer is NULL, then ASSERT().
> 
> 
> -
> 
> 
> -  If Length is not multiple of 2, then ASSERT().
> 
> 
> -
> 
> 
> -  If PcdMaximumAsciiStringLength is not zero and
> Length is greater than
> 
> 
> -  PcdMaximumAsciiStringLength, then ASSERT().
> 
> 
> -
> 
> 
> -  If MaxBufferSize is less than (Length / 2), then
> ASSERT().
> 
> 
> -
> 
> 
>    @param  String                   Pointer to a Null-
> terminated ASCII string.
> 
> 
>    @param  Length                   The number of ASCII
> characters to decode.
> 
> 
>    @param  Buffer                   Pointer to the
> converted bytes array.
> 
> 
> --
> 2.24.2 (Apple Git-127)
> 
> 
> 


  parent reply	other threads:[~2020-05-18 17:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-14 17:31 [PATCH V7 0/1] Disable safe string constraint assertions Vitaly Cheptsov
2020-05-14 17:31 ` [PATCH V7 1/1] MdePkg: Fix SafeString performing assertions on runtime checks Vitaly Cheptsov
2020-05-15 11:30   ` Laszlo Ersek
2020-05-18 17:04   ` Michael D Kinney [this message]
2020-05-18 18:07     ` [edk2-devel] " Vitaly Cheptsov
2020-05-20  2:48       ` Michael D Kinney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MN2PR11MB44612906D88F2FCA03C61DA0D2B80@MN2PR11MB4461.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox