From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5E7041A1E43 for ; Wed, 26 Oct 2016 04:55:27 -0700 (PDT) Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F275C66CB0; Wed, 26 Oct 2016 11:55:26 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-27.phx2.redhat.com [10.3.116.27]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u9QBtPIl004271; Wed, 26 Oct 2016 07:55:25 -0400 To: Ard Biesheuvel , edk2-devel@ml01.01.org, leif.lindholm@linaro.org References: <1477469862-10046-1-git-send-email-ard.biesheuvel@linaro.org> <1477469862-10046-5-git-send-email-ard.biesheuvel@linaro.org> Cc: ryan.harkin@linaro.org From: Laszlo Ersek Message-ID: Date: Wed, 26 Oct 2016 13:55:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <1477469862-10046-5-git-send-email-ard.biesheuvel@linaro.org> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 26 Oct 2016 11:55:27 +0000 (UTC) Subject: Re: [PATCH v2 4/6] ArmPkg/SemihostFs: eliminate calls to deprecated string functions X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2016 11:55:27 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 10/26/16 10:17, Ard Biesheuvel wrote: > Remove calls to deprecated string functions like AsciiStrCpy() and > UnicodeStrToAsciiStr() > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel > --- > ArmPkg/Filesystem/SemihostFs/Arm/SemihostFs.c | 20 ++++++++++++-------- > 1 file changed, 12 insertions(+), 8 deletions(-) > > diff --git a/ArmPkg/Filesystem/SemihostFs/Arm/SemihostFs.c b/ArmPkg/Filesystem/SemihostFs/Arm/SemihostFs.c > index 6efdad9ebcce..cf94ecd5d56f 100644 > --- a/ArmPkg/Filesystem/SemihostFs/Arm/SemihostFs.c > +++ b/ArmPkg/Filesystem/SemihostFs/Arm/SemihostFs.c > @@ -207,11 +207,12 @@ FileOpen ( > return EFI_WRITE_PROTECTED; > } > > - AsciiFileName = AllocatePool (StrLen (FileName) + 1); > + Length = StrLen (FileName) + 1; > + AsciiFileName = AllocatePool (Length); > if (AsciiFileName == NULL) { > return EFI_OUT_OF_RESOURCES; > } > - UnicodeStrToAsciiStr (FileName, AsciiFileName); > + UnicodeStrToAsciiStrS (FileName, AsciiFileName, Length); > > // Opening '/', '\', '.', or the NULL pathname is trying to open the root directory > if ((AsciiStrCmp (AsciiFileName, "\\") == 0) || > @@ -463,7 +464,7 @@ FileDelete ( > NameSize = AsciiStrLen (Fcb->FileName); > FileName = AllocatePool (NameSize + 1); > > - AsciiStrCpy (FileName, Fcb->FileName); > + AsciiStrCpyS (FileName, NameSize + 1, Fcb->FileName); > > // Close the file if it's open. Disregard return status, > // since it might give an error if the file isn't open. > @@ -828,8 +829,10 @@ GetFilesystemInfo ( > EFI_FILE_SYSTEM_INFO *Info; > EFI_STATUS Status; > UINTN ResultSize; > + UINTN StringSize; > > - ResultSize = SIZE_OF_EFI_FILE_SYSTEM_INFO + StrSize (mSemihostFsLabel); > + StringSize = StrSize (mSemihostFsLabel); > + ResultSize = SIZE_OF_EFI_FILE_SYSTEM_INFO + StringSize; > > if (*BufferSize >= ResultSize) { > ZeroMem (Buffer, ResultSize); > @@ -843,7 +846,7 @@ GetFilesystemInfo ( > Info->FreeSpace = 0; > Info->BlockSize = 0; > > - StrCpy (Info->VolumeLabel, mSemihostFsLabel); > + CopyMem (Info->VolumeLabel, mSemihostFsLabel, StringSize); > } else { > Status = EFI_BUFFER_TOO_SMALL; > } > @@ -903,7 +906,7 @@ FileGetInfo ( > ResultSize = StrSize (mSemihostFsLabel); > > if (*BufferSize >= ResultSize) { > - StrCpy (Buffer, mSemihostFsLabel); > + CopyMem (Buffer, mSemihostFsLabel, *BufferSize); This is still wrong; here *BufferSize is the size of the recipient buffer, passed in from the caller. As written, the code can overrun the *source* buffer. Please use CopyMem (Buffer, mSemihostFsLabel, ResultSize); instead. With that update: Reviewed-by: Laszlo Ersek Thanks Laszlo > Status = EFI_SUCCESS; > } else { > Status = EFI_BUFFER_TOO_SMALL; > @@ -963,11 +966,12 @@ SetFileInfo ( > return EFI_ACCESS_DENIED; > } > > - AsciiFileName = AllocatePool (StrLen (Info->FileName) + 1); > + Length = StrLen (Info->FileName) + 1; > + AsciiFileName = AllocatePool (Length); > if (AsciiFileName == NULL) { > return EFI_OUT_OF_RESOURCES; > } > - UnicodeStrToAsciiStr (Info->FileName, AsciiFileName); > + UnicodeStrToAsciiStrS (Info->FileName, AsciiFileName, Length); > > FileSizeIsDifferent = (Info->FileSize != Fcb->Info.FileSize); > FileNameIsDifferent = (AsciiStrCmp (AsciiFileName, Fcb->FileName) != 0); >