sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdePkg: Fix SafeString performing assertions on runtime checks

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2054

Runtime checks returned via status return code should not work as
assertions to permit parsing not trusted data with SafeString
interfaces.  Replace ASSERT() with a DEBUG_VERBOSE message.

Cc: Andrew Fish <afish@apple.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Brian J. Johnson <brian.johnson@hpe.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Marvin Häuser <mhaeuser@outlook.de>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Vincent Zimmer <vincent.zimmer@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Vitaly Cheptsov <vit9696@protonmail.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
This commit is contained in:
Vitaly Cheptsov
2020-05-19 14:51:43 -07:00
committed by mergify[bot]
parent 1a2ad3ba9e
commit 09fe015af9
2 changed files with 3 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
MdePkg/Include/Library/BaseLib.h
View File

@@ -216,7 +216,6 @@ StrnSizeS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -252,7 +251,6 @@ StrCpyS (
If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -290,7 +288,6 @@ StrnCpyS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -330,7 +327,6 @@ StrCatS (
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -377,12 +373,7 @@ StrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -433,12 +424,7 @@ StrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
@@ -494,12 +480,7 @@ StrDecimalToUint64S (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -555,12 +536,7 @@ StrHexToUintnS (
the first character that is a not a valid hexadecimal character or NULL,
whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
@@ -649,8 +625,6 @@ AsciiStrnSizeS (
This function is similar as strcpy_s defined in C11.
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -683,8 +657,6 @@ AsciiStrCpyS (
This function is similar as strncpy_s defined in C11.
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -719,8 +691,6 @@ AsciiStrnCpyS (
This function is similar as strcat_s defined in C11.
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -757,8 +727,6 @@ AsciiStrCatS (
This function is similar as strncat_s defined in C11.
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@param Destination A pointer to a Null-terminated Ascii string.
@@ -804,12 +772,6 @@ AsciiStrnCatS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -859,12 +821,6 @@ AsciiStrDecimalToUintnS (
be ignored. Then, the function stops at the first character that is a not a
valid decimal character or a Null-terminator, whichever one comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
Null-terminator, then ASSERT().
If String has no valid decimal digits in the above format, then 0 is stored
at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -918,12 +874,6 @@ AsciiStrDecimalToUint64S (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINTN, then
@@ -977,12 +927,6 @@ AsciiStrHexToUintnS (
character that is a not a valid hexadecimal character or Null-terminator,
whichever on comes first.
If String is NULL, then ASSERT().
If Data is NULL, then ASSERT().
If PcdMaximumAsciiStringLength is not zero, and String contains more than
PcdMaximumAsciiStringLength Ascii characters, not including the
Null-terminator, then ASSERT().
If String has no valid hexadecimal digits in the above format, then 0 is
stored at the location pointed to by Data.
If the number represented by String exceeds the range defined by UINT64, then
@@ -1533,16 +1477,8 @@ StrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
If String is NULL, then ASSERT().
If Address is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1594,16 +1530,8 @@ StrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
If String is NULL, then ASSERT().
If Address is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero, and String contains more than
PcdMaximumUnicodeStringLength Unicode characters, not including the
Null-terminator, then ASSERT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -1667,8 +1595,6 @@ StrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
If String is NULL, then ASSERT().
If Guid is NULL, then ASSERT().
If String is not aligned in a 16-bit boundary, then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@@ -1703,17 +1629,6 @@ StrToGuid (
If String is not aligned in a 16-bit boundary, then ASSERT().
If String is NULL, then ASSERT().
If Buffer is NULL, then ASSERT().
If Length is not multiple of 2, then ASSERT().
If PcdMaximumUnicodeStringLength is not zero and Length is greater than
PcdMaximumUnicodeStringLength, then ASSERT().
If MaxBufferSize is less than (Length / 2), then ASSERT().
@param String Pointer to a Null-terminated Unicode string.
@param Length The number of Unicode characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -1804,7 +1719,6 @@ UnicodeStrToAsciiStr (
the upper 8 bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -1851,7 +1765,6 @@ UnicodeStrToAsciiStrS (
If any Unicode characters in Source contain non-zero value in the upper 8
bits, then ASSERT().
If Source is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2415,10 +2328,6 @@ AsciiStrHexToUint64 (
"::" can be used to compress one or more groups of X when X contains only 0.
The "::" can only appear once in the String.
If String is NULL, then ASSERT().
If Address is NULL, then ASSERT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2470,10 +2379,6 @@ AsciiStrToIpv6Address (
When /P is in the String, the function stops at the first character that is not
a valid decimal digit character after P is converted.
If String is NULL, then ASSERT().
If Address is NULL, then ASSERT().
If EndPointer is not NULL and Address is translated from String, a pointer
to the character that stopped the scan is stored at the location pointed to
by EndPointer.
@@ -2535,9 +2440,6 @@ AsciiStrToIpv4Address (
oo Data4[48:55]
pp Data4[56:63]
If String is NULL, then ASSERT().
If Guid is NULL, then ASSERT().
@param String Pointer to a Null-terminated ASCII string.
@param Guid Pointer to the converted GUID.
@@ -2568,17 +2470,6 @@ AsciiStrToGuid (
decoding stops after Length of characters and outputs Buffer containing
(Length / 2) bytes.
If String is NULL, then ASSERT().
If Buffer is NULL, then ASSERT().
If Length is not multiple of 2, then ASSERT().
If PcdMaximumAsciiStringLength is not zero and Length is greater than
PcdMaximumAsciiStringLength, then ASSERT().
If MaxBufferSize is less than (Length / 2), then ASSERT().
@param String Pointer to a Null-terminated ASCII string.
@param Length The number of ASCII characters to decode.
@param Buffer Pointer to the converted bytes array.
@@ -2659,7 +2550,6 @@ AsciiStrToUnicodeStr (
equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then the Destination is unmodified.
@@ -2705,7 +2595,6 @@ AsciiStrToUnicodeStrS (
((MIN(AsciiStrLen(Source), Length) + 1) * sizeof (CHAR8)) in bytes.
If Destination is not aligned on a 16-bit boundary, then ASSERT().
If an error would be returned, then the function will also ASSERT().
If an error is returned, then Destination and DestinationLength are
unmodified.