From c2fb3cd16628f4962c882dbcb6f31e661c91b23f Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Apr 2017 14:03:32 +0200 Subject: [PATCH] ShellPkg/Shell: clean up bogus member types in SPLIT_LIST MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The "SPLIT_LIST.SplitStdOut" and "SPLIT_LIST.SplitStdIn" members currently have type (SHELL_FILE_HANDLE *). This is wrong; SHELL_FILE_HANDLE is already a pointer, there's no need to store a pointer to a pointer. The error is obvious if we check where and how these members are used: - In the RunSplitCommand() function, these members are used (populated) extensively; this function has to be updated in sync. ConvertEfiFileProtocolToShellHandle() already returns the temporary memory file created with CreateFileInterfaceMem() as SHELL_FILE_HANDLE, not as (SHELL_FILE_HANDLE *). - In particular, the ConvertShellHandleToEfiFileProtocol() calls need to be dropped as well in RunSplitCommand(), since EFI_SHELL_PROTOCOL.SetFilePosition() and EFI_SHELL_PROTOCOL.CloseFile() take SHELL_FILE_HANDLE parameters, not (EFI_FILE_PROTOCOL *). Given that ConvertShellHandleToEfiFileProtocol() only performs a type-cast (it does not adjust any pointer values), *and* SHELL_FILE_HANDLE -- taken by EFI_SHELL_PROTOCOL member functions -- is actually a typedef to (VOID *) -- see more on this later --, this conversion error hasn't been caught by compilers. - In the ProcessNewSplitCommandLine() function, RunSplitCommand() is called either initially (passing in NULL / NULL; no update needed), or recursively (passing in Split->SplitStdIn / Split->SplitStdOut; again no update is necessary beyond the RunSplitCommand() modification above). - In the UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr() functions, said structure members are compared and assigned to "EFI_SHELL_PARAMETERS_PROTOCOL.StdIn" and "EFI_SHELL_PARAMETERS_PROTOCOL.StdOut", both of which have type SHELL_FILE_HANDLE, *not* (SHELL_FILE_HANDLE *). The compiler hasn't caught this error because of the fatally flawed type definition of SHELL_FILE_HANDLE, namely typedef VOID *SHELL_FILE_HANDLE; Pointer-to-void silently converts to and from most other pointer types; among them, pointer-to-pointer-to-void. That is also why no update is necessary for UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr() in this fix. ( Generally speaking, using (VOID *) typedefs for opaque handles is a tragic mistake in all of the UEFI-related specifications; this practice defeats any type checking that compilers might help programmers with. The right way to define an opaque handle is as follows: // // Introduce the incomplete structure type, and the derived pointer // type, in both the specification and the public edk2 headers. Note // that the derived pointer type itself is a complete type, and it can // be used freely by client code. // typedef struct SHELL_FILE *SHELL_FILE_HANDLE; // // Complete the structure type in the edk2 internal C source files. // struct SHELL_FILE { // // list fields // }; This way the structure size and members remain hidden from client code, but the C compiler can nonetheless catch any invalid conversions between incompatible XXX_HANDLE types. ) Cc: Jaben Carsey Cc: Marvin Häuser Cc: Qiu Shumin Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Jaben Carsey (cherry picked from commit 1bd0bf153ebf4993421afd5084c52a6e57e17fdc) --- ShellPkg/Application/Shell/Shell.c | 12 ++++++------ ShellPkg/Application/Shell/Shell.h | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ShellPkg/Application/Shell/Shell.c b/ShellPkg/Application/Shell/Shell.c index 4383298aab..fa958170a1 100644 --- a/ShellPkg/Application/Shell/Shell.c +++ b/ShellPkg/Application/Shell/Shell.c @@ -1714,8 +1714,8 @@ ShellConvertVariables ( EFI_STATUS RunSplitCommand( IN CONST CHAR16 *CmdLine, - IN SHELL_FILE_HANDLE *StdIn, - IN SHELL_FILE_HANDLE *StdOut + IN SHELL_FILE_HANDLE StdIn, + IN SHELL_FILE_HANDLE StdOut ) { EFI_STATUS Status; @@ -1724,7 +1724,7 @@ RunSplitCommand( UINTN Size1; UINTN Size2; SPLIT_LIST *Split; - SHELL_FILE_HANDLE *TempFileHandle; + SHELL_FILE_HANDLE TempFileHandle; BOOLEAN Unicode; ASSERT(StdOut == NULL); @@ -1790,7 +1790,7 @@ RunSplitCommand( Split->SplitStdOut = Split->SplitStdIn; } Split->SplitStdIn = TempFileHandle; - ShellInfoObject.NewEfiShellProtocol->SetFilePosition(ConvertShellHandleToEfiFileProtocol(Split->SplitStdIn), 0); + ShellInfoObject.NewEfiShellProtocol->SetFilePosition (Split->SplitStdIn, 0); if (!EFI_ERROR(Status)) { Status = RunCommand(NextCommandLine); @@ -1806,10 +1806,10 @@ RunSplitCommand( // Note that the original StdIn is now the StdOut... // if (Split->SplitStdOut != NULL) { - ShellInfoObject.NewEfiShellProtocol->CloseFile(ConvertShellHandleToEfiFileProtocol(Split->SplitStdOut)); + ShellInfoObject.NewEfiShellProtocol->CloseFile (Split->SplitStdOut); } if (Split->SplitStdIn != NULL) { - ShellInfoObject.NewEfiShellProtocol->CloseFile(ConvertShellHandleToEfiFileProtocol(Split->SplitStdIn)); + ShellInfoObject.NewEfiShellProtocol->CloseFile (Split->SplitStdIn); FreePool (Split->SplitStdIn); } diff --git a/ShellPkg/Application/Shell/Shell.h b/ShellPkg/Application/Shell/Shell.h index 25ac114da7..ff08494468 100644 --- a/ShellPkg/Application/Shell/Shell.h +++ b/ShellPkg/Application/Shell/Shell.h @@ -63,8 +63,8 @@ extern CONST CHAR16 mNoNestingFalse[]; typedef struct { LIST_ENTRY Link; ///< Standard linked list handler. - SHELL_FILE_HANDLE *SplitStdOut; ///< ConsoleOut for use in the split. - SHELL_FILE_HANDLE *SplitStdIn; ///< ConsoleIn for use in the split. + SHELL_FILE_HANDLE SplitStdOut; ///< ConsoleOut for use in the split. + SHELL_FILE_HANDLE SplitStdIn; ///< ConsoleIn for use in the split. } SPLIT_LIST; typedef struct {