diff options
author | Jiewen Yao <jiewen.yao@intel.com> | 2016-06-02 22:38:23 +0800 |
---|---|---|
committer | Jiewen Yao <jiewen.yao@intel.com> | 2016-06-06 09:19:59 +0800 |
commit | 3ab41b7a325ca11a12b42f5ad1661c4b6791cb49 (patch) | |
tree | 94c3fc3306f0e99d46fe3b96616412d8b0839728 /MdePkg/Library | |
parent | d3858e1006f3b88cb510f7c71452a53ff6f75c05 (diff) | |
download | edk2-platforms-3ab41b7a325ca11a12b42f5ad1661c4b6791cb49.tar.xz |
MdePkg/BaseLib: Add 2 more safe string functions.
Add UnicodeStrToAsciiStrS() and AsciiStrToUnicodeStrS() API.
These 2 safe version APIs are used to replace UnicodeStrToAsciiStr() and
AsciiStrToUnicodeStr() API.
The safe version string convert APIs use similar check as StrCpyS().
Cc: Liming Gao <Liming.Gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <Jiewen.Yao@intel.com>
Reviewed-by: Liming Gao <Liming.Gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Diffstat (limited to 'MdePkg/Library')
-rw-r--r-- | MdePkg/Library/BaseLib/SafeString.c | 196 |
1 files changed, 195 insertions, 1 deletions
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c index 34d3efeafc..ede2f4c5b4 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -1,7 +1,7 @@ /** @file
Safe String functions.
- Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -942,3 +942,197 @@ AsciiStrnCatS ( return RETURN_SUCCESS;
}
+
+/**
+ Convert a Null-terminated Unicode string to a Null-terminated
+ ASCII string.
+
+ This function is similar to AsciiStrCpyS.
+
+ This function converts the content of the Unicode string Source
+ to the ASCII string Destination by copying the lower 8 bits of
+ each Unicode character. The function terminates the ASCII string
+ Destination by appending a Null-terminator character at the end.
+
+ The caller is responsible to make sure Destination points to a buffer with size
+ equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
+
+ If any Unicode characters in Source contain non-zero value in
+ the upper 8 bits, then ASSERT().
+
+ If Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ If an error is returned, then the Destination is unmodified.
+
+ @param Source The pointer to a Null-terminated Unicode string.
+ @param Destination The pointer to a Null-terminated ASCII string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+
+ @retval RETURN_SUCCESS String is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeStrToAsciiStrS (
+ IN CONST CHAR16 *Source,
+ OUT CHAR8 *Destination,
+ IN UINTN DestMax
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than StrnLenS (Source, DestMax).
+ //
+ SourceLen = StrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)), RETURN_ACCESS_DENIED);
+
+ //
+ // convert string
+ //
+ while (*Source != '\0') {
+ //
+ // If any Unicode characters in Source contain
+ // non-zero value in the upper 8 bits, then ASSERT().
+ //
+ ASSERT (*Source < 0x100);
+ *(Destination++) = (CHAR8) *(Source++);
+ }
+ *Destination = '\0';
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ Convert one Null-terminated ASCII string to a Null-terminated
+ Unicode string.
+
+ This function is similar to StrCpyS.
+
+ This function converts the contents of the ASCII string Source to the Unicode
+ string Destination. The function terminates the Unicode string Destination by
+ appending a Null-terminator character at the end.
+
+ The caller is responsible to make sure Destination points to a buffer with size
+ equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
+
+ If Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ If an error is returned, then the Destination is unmodified.
+
+ @param Source The pointer to a Null-terminated ASCII string.
+ @param Destination The pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+
+ @retval RETURN_SUCCESS String is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrToUnicodeStrS (
+ IN CONST CHAR8 *Source,
+ OUT CHAR16 *Destination,
+ IN UINTN DestMax
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
+ //
+ SourceLen = AsciiStrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // Convert string
+ //
+ while (*Source != '\0') {
+ *(Destination++) = (CHAR16)*(Source++);
+ }
+ *Destination = '\0';
+
+ return RETURN_SUCCESS;
+}
|