MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798 SafeIntLib provides helper functions to prevent integer overflow during type conversion, addition, subtraction, and multiplication. Conversion Functions ==================== * Converting from a signed type to an unsigned type of the same size, or vice-versa. * Converting to a smaller type that could possibly overflow. * Converting from a signed type to a larger unsigned type. Unsigned Addition, Subtraction, Multiplication =============================================== * Unsigned integer math functions protect from overflow and underflow (in case of subtraction). Signed Addition, Subtraction, Multiplication ============================================ * Strongly consider using unsigned numbers. * Signed numbers are often used where unsigned numbers should be used. For example file sizes and array indices should always be unsigned. Subtracting a larger positive signed number from a smaller positive signed number with SafeInt32Sub() will succeed, producing a negative number, that then must not be used as an array index (but can occasionally be used as a pointer index.) Similarly for adding a larger magnitude negative number to a smaller magnitude positive number. * SafeIntLib does not protect you from such errors. It tells you if your integer operations overflowed, not if you are doing the right thing with your non-overflowed integers. * Likewise you can overflow a buffer with a non-overflowed unsigned index. Based on content from the following branch/commits: https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport21ef3a321cca516b1a6133bab4031aCc: Sean Brogan <sean.brogan@microsoft.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Sean Brogan
committed by
Kinney, Michael D
Kinney, Michael D
parent
11cf02f6d0
commit
d7a09cb86a
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
Processor or Compiler specific defines and types for Intel Itanium(TM) processors.
|
||||
|
||||
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials are licensed and made available
|
||||
under the terms and conditions of the BSD License which accompanies this
|
||||
distribution. The full text of the license may be found at
|
||||
@@ -242,6 +242,11 @@ typedef INT64 INTN;
|
||||
#define MAX_INTN ((INTN)0x7FFFFFFFFFFFFFFFULL)
|
||||
#define MAX_UINTN ((UINTN)0xFFFFFFFFFFFFFFFFULL)
|
||||
|
||||
///
|
||||
/// Minimum legal Itanium-based INTN value.
|
||||
///
|
||||
#define MIN_INTN (((INTN)-9223372036854775807LL) - 1)
|
||||
|
||||
///
|
||||
/// Per the Itanium Software Conventions and Runtime Architecture Guide,
|
||||
/// section 3.3.4, IPF stack must always be 16-byte aligned.
|
||||
|
||||
Reference in New Issue
Block a user