summaryrefslogtreecommitdiff
path: root/Core/MdePkg/Library/BaseLib/SafeString.c
diff options
context:
space:
mode:
Diffstat (limited to 'Core/MdePkg/Library/BaseLib/SafeString.c')
-rw-r--r--Core/MdePkg/Library/BaseLib/SafeString.c1102
1 files changed, 1102 insertions, 0 deletions
diff --git a/Core/MdePkg/Library/BaseLib/SafeString.c b/Core/MdePkg/Library/BaseLib/SafeString.c
new file mode 100644
index 0000000000..bc9bc6b3d6
--- /dev/null
+++ b/Core/MdePkg/Library/BaseLib/SafeString.c
@@ -0,0 +1,1102 @@
+/** @file
+ Safe String functions.
+
+ Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Base.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/BaseLib.h>
+
+#define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))
+
+#define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))
+
+#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
+ do { \
+ ASSERT (Expression); \
+ if (!(Expression)) { \
+ return Status; \
+ } \
+ } while (FALSE)
+
+/**
+ Returns if 2 memory blocks are overlapped.
+
+ @param Base1 Base address of 1st memory block.
+ @param Size1 Size of 1st memory block.
+ @param Base2 Base address of 2nd memory block.
+ @param Size2 Size of 2nd memory block.
+
+ @retval TRUE 2 memory blocks are overlapped.
+ @retval FALSE 2 memory blocks are not overlapped.
+**/
+BOOLEAN
+InternalSafeStringIsOverlap (
+ IN VOID *Base1,
+ IN UINTN Size1,
+ IN VOID *Base2,
+ IN UINTN Size2
+ )
+{
+ if ((((UINTN)Base1 >= (UINTN)Base2) && ((UINTN)Base1 < (UINTN)Base2 + Size2)) ||
+ (((UINTN)Base2 >= (UINTN)Base1) && ((UINTN)Base2 < (UINTN)Base1 + Size1))) {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ Returns if 2 Unicode strings are not overlapped.
+
+ @param Str1 Start address of 1st Unicode string.
+ @param Size1 The number of char in 1st Unicode string,
+ including terminating null char.
+ @param Str2 Start address of 2nd Unicode string.
+ @param Size2 The number of char in 2nd Unicode string,
+ including terminating null char.
+
+ @retval TRUE 2 Unicode strings are NOT overlapped.
+ @retval FALSE 2 Unicode strings are overlapped.
+**/
+BOOLEAN
+InternalSafeStringNoStrOverlap (
+ IN CHAR16 *Str1,
+ IN UINTN Size1,
+ IN CHAR16 *Str2,
+ IN UINTN Size2
+ )
+{
+ return !InternalSafeStringIsOverlap (Str1, Size1 * sizeof(CHAR16), Str2, Size2 * sizeof(CHAR16));
+}
+
+/**
+ Returns if 2 Ascii strings are not overlapped.
+
+ @param Str1 Start address of 1st Ascii string.
+ @param Size1 The number of char in 1st Ascii string,
+ including terminating null char.
+ @param Str2 Start address of 2nd Ascii string.
+ @param Size2 The number of char in 2nd Ascii string,
+ including terminating null char.
+
+ @retval TRUE 2 Ascii strings are NOT overlapped.
+ @retval FALSE 2 Ascii strings are overlapped.
+**/
+BOOLEAN
+InternalSafeStringNoAsciiStrOverlap (
+ IN CHAR8 *Str1,
+ IN UINTN Size1,
+ IN CHAR8 *Str2,
+ IN UINTN Size2
+ )
+{
+ return !InternalSafeStringIsOverlap (Str1, Size1, Str2, Size2);
+}
+
+/**
+ Returns the length of a Null-terminated Unicode string.
+
+ If String is not aligned on a 16-bit boundary, then ASSERT().
+
+ @param String A pointer to a Null-terminated Unicode string.
+ @param MaxSize The maximum number of Destination Unicode
+ char, including terminating null char.
+
+ @retval 0 If String is NULL.
+ @retval MaxSize If there is no null character in the first MaxSize characters of String.
+ @return The number of characters that percede the terminating null character.
+
+**/
+UINTN
+EFIAPI
+StrnLenS (
+ IN CONST CHAR16 *String,
+ IN UINTN MaxSize
+ )
+{
+ UINTN Length;
+
+ ASSERT (((UINTN) String & BIT0) == 0);
+
+ //
+ // If String is a null pointer, then the StrnLenS function returns zero.
+ //
+ if (String == NULL) {
+ return 0;
+ }
+
+ //
+ // Otherwise, the StrnLenS function returns the number of characters that precede the
+ // terminating null character. If there is no null character in the first MaxSize characters of
+ // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
+ // be accessed by StrnLenS.
+ //
+ for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
+ ;
+ }
+ return Length;
+}
+
+/**
+ Copies the string pointed to by Source (including the terminating null char)
+ to the array pointed to by Destination.
+
+ If Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Unicode string.
+
+ @retval RETURN_SUCCESS String is copied.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+StrCpyS (
+ OUT CHAR16 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR16 *Source
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than RSIZE_MAX.
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than StrnLenS(Source, DestMax).
+ //
+ SourceLen = StrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The StrCpyS function copies the string pointed to by Source (including the terminating
+ // null character) into the array pointed to by Destination.
+ //
+ while (*Source != 0) {
+ *(Destination++) = *(Source++);
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Copies not more than Length successive char from the string pointed to by
+ Source to the array pointed to by Destination. If no null char is copied from
+ Source, then Destination[Length] is always set to null.
+
+ If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Unicode string.
+ @param Length The maximum number of Unicode characters to copy.
+
+ @retval RETURN_SUCCESS String is copied.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
+ MIN(StrLen(Source), Length).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+StrnCpyS (
+ OUT CHAR16 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR16 *Source,
+ IN UINTN Length
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).
+ //
+ SourceLen = StrnLenS (Source, DestMax);
+ if (Length >= DestMax) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+ }
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ if (SourceLen > Length) {
+ SourceLen = Length;
+ }
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The StrnCpyS function copies not more than Length successive characters (characters that
+ // follow a null character are not copied) from the array pointed to by Source to the array
+ // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
+ // character.
+ //
+ while ((*Source != 0) && (SourceLen > 0)) {
+ *(Destination++) = *(Source++);
+ SourceLen--;
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Appends a copy of the string pointed to by Source (including the terminating
+ null char) to the end of the string pointed to by Destination.
+
+ If Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Unicode string.
+
+ @retval RETURN_SUCCESS String is appended.
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ StrLen(Destination).
+ @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
+ greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+StrCatS (
+ IN OUT CHAR16 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR16 *Source
+ )
+{
+ UINTN DestLen;
+ UINTN CopyLen;
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.
+ //
+ DestLen = StrnLenS (Destination, DestMax);
+ CopyLen = DestMax - DestLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than RSIZE_MAX.
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. CopyLen shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);
+
+ //
+ // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).
+ //
+ SourceLen = StrnLenS (Source, CopyLen);
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 6. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The StrCatS function appends a copy of the string pointed to by Source (including the
+ // terminating null character) to the end of the string pointed to by Destination. The initial character
+ // from Source overwrites the null character at the end of Destination.
+ //
+ Destination = Destination + DestLen;
+ while (*Source != 0) {
+ *(Destination++) = *(Source++);
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Appends not more than Length successive char from the string pointed to by
+ Source to the end of the string pointed to by Destination. If no null char is
+ copied from Source, then Destination[StrLen(Destination) + Length] is always
+ set to null.
+
+ If Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Unicode string.
+ @param Length The maximum number of Unicode characters to copy.
+
+ @retval RETURN_SUCCESS String is appended.
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ StrLen(Destination).
+ @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
+ greater than MIN(StrLen(Source), Length).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+StrnCatS (
+ IN OUT CHAR16 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR16 *Source,
+ IN UINTN Length
+ )
+{
+ UINTN DestLen;
+ UINTN CopyLen;
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.
+ //
+ DestLen = StrnLenS (Destination, DestMax);
+ CopyLen = DestMax - DestLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. CopyLen shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);
+
+ //
+ // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).
+ //
+ SourceLen = StrnLenS (Source, CopyLen);
+ if (Length >= CopyLen) {
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);
+ }
+
+ //
+ // 6. Copying shall not take place between objects that overlap.
+ //
+ if (SourceLen > Length) {
+ SourceLen = Length;
+ }
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The StrnCatS function appends not more than Length successive characters (characters
+ // that follow a null character are not copied) from the array pointed to by Source to the end of
+ // the string pointed to by Destination. The initial character from Source overwrites the null character at
+ // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
+ // a null character.
+ //
+ Destination = Destination + DestLen;
+ while ((*Source != 0) && (SourceLen > 0)) {
+ *(Destination++) = *(Source++);
+ SourceLen--;
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Returns the length of a Null-terminated Ascii string.
+
+ @param String A pointer to a Null-terminated Ascii string.
+ @param MaxSize The maximum number of Destination Ascii
+ char, including terminating null char.
+
+ @retval 0 If String is NULL.
+ @retval MaxSize If there is no null character in the first MaxSize characters of String.
+ @return The number of characters that percede the terminating null character.
+
+**/
+UINTN
+EFIAPI
+AsciiStrnLenS (
+ IN CONST CHAR8 *String,
+ IN UINTN MaxSize
+ )
+{
+ UINTN Length;
+
+ //
+ // If String is a null pointer, then the AsciiStrnLenS function returns zero.
+ //
+ if (String == NULL) {
+ return 0;
+ }
+
+ //
+ // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the
+ // terminating null character. If there is no null character in the first MaxSize characters of
+ // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
+ // be accessed by AsciiStrnLenS.
+ //
+ for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
+ ;
+ }
+ return Length;
+}
+
+/**
+ Copies the string pointed to by Source (including the terminating null char)
+ to the array pointed to by Destination.
+
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Ascii string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Ascii string.
+
+ @retval RETURN_SUCCESS String is copied.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrCpyS (
+ OUT CHAR8 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR8 *Source
+ )
+{
+ UINTN SourceLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
+ //
+ SourceLen = AsciiStrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating
+ // null character) into the array pointed to by Destination.
+ //
+ while (*Source != 0) {
+ *(Destination++) = *(Source++);
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Copies not more than Length successive char from the string pointed to by
+ Source to the array pointed to by Destination. If no null char is copied from
+ Source, then Destination[Length] is always set to null.
+
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Ascii string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Ascii string.
+ @param Length The maximum number of Ascii characters to copy.
+
+ @retval RETURN_SUCCESS String is copied.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
+ MIN(StrLen(Source), Length).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrnCpyS (
+ OUT CHAR8 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR8 *Source,
+ IN UINTN Length
+ )
+{
+ UINTN SourceLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
+ //
+ SourceLen = AsciiStrnLenS (Source, DestMax);
+ if (Length >= DestMax) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+ }
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ if (SourceLen > Length) {
+ SourceLen = Length;
+ }
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The AsciiStrnCpyS function copies not more than Length successive characters (characters that
+ // follow a null character are not copied) from the array pointed to by Source to the array
+ // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
+ // character.
+ //
+ while ((*Source != 0) && (SourceLen > 0)) {
+ *(Destination++) = *(Source++);
+ SourceLen--;
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Appends a copy of the string pointed to by Source (including the terminating
+ null char) to the end of the string pointed to by Destination.
+
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Ascii string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Ascii string.
+
+ @retval RETURN_SUCCESS String is appended.
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ StrLen(Destination).
+ @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
+ greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrCatS (
+ IN OUT CHAR8 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR8 *Source
+ )
+{
+ UINTN DestLen;
+ UINTN CopyLen;
+ UINTN SourceLen;
+
+ //
+ // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
+ //
+ DestLen = AsciiStrnLenS (Destination, DestMax);
+ CopyLen = DestMax - DestLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. CopyLen shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);
+
+ //
+ // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
+ //
+ SourceLen = AsciiStrnLenS (Source, CopyLen);
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 6. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the
+ // terminating null character) to the end of the string pointed to by Destination. The initial character
+ // from Source overwrites the null character at the end of Destination.
+ //
+ Destination = Destination + DestLen;
+ while (*Source != 0) {
+ *(Destination++) = *(Source++);
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Appends not more than Length successive char from the string pointed to by
+ Source to the end of the string pointed to by Destination. If no null char is
+ copied from Source, then Destination[StrLen(Destination) + Length] is always
+ set to null.
+
+ If an error would be returned, then the function will also ASSERT().
+
+ @param Destination A pointer to a Null-terminated Ascii string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+ @param Source A pointer to a Null-terminated Ascii string.
+ @param Length The maximum number of Ascii characters to copy.
+
+ @retval RETURN_SUCCESS String is appended.
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ StrLen(Destination).
+ @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
+ greater than MIN(StrLen(Source), Length).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrnCatS (
+ IN OUT CHAR8 *Destination,
+ IN UINTN DestMax,
+ IN CONST CHAR8 *Source,
+ IN UINTN Length
+ )
+{
+ UINTN DestLen;
+ UINTN CopyLen;
+ UINTN SourceLen;
+
+ //
+ // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
+ //
+ DestLen = AsciiStrnLenS (Destination, DestMax);
+ CopyLen = DestMax - DestLen;
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. CopyLen shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);
+
+ //
+ // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
+ //
+ SourceLen = AsciiStrnLenS (Source, CopyLen);
+ if (Length >= CopyLen) {
+ SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);
+ }
+
+ //
+ // 6. Copying shall not take place between objects that overlap.
+ //
+ if (SourceLen > Length) {
+ SourceLen = Length;
+ }
+ SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // The AsciiStrnCatS function appends not more than Length successive characters (characters
+ // that follow a null character are not copied) from the array pointed to by Source to the end of
+ // the string pointed to by Destination. The initial character from Source overwrites the null character at
+ // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
+ // a null character.
+ //
+ Destination = Destination + DestLen;
+ while ((*Source != 0) && (SourceLen > 0)) {
+ *(Destination++) = *(Source++);
+ SourceLen--;
+ }
+ *Destination = 0;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Convert a Null-terminated Unicode string to a Null-terminated
+ ASCII string.
+
+ This function is similar to AsciiStrCpyS.
+
+ This function converts the content of the Unicode string Source
+ to the ASCII string Destination by copying the lower 8 bits of
+ each Unicode character. The function terminates the ASCII string
+ Destination by appending a Null-terminator character at the end.
+
+ The caller is responsible to make sure Destination points to a buffer with size
+ equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
+
+ If any Unicode characters in Source contain non-zero value in
+ the upper 8 bits, then ASSERT().
+
+ If Source is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ If an error is returned, then the Destination is unmodified.
+
+ @param Source The pointer to a Null-terminated Unicode string.
+ @param Destination The pointer to a Null-terminated ASCII string.
+ @param DestMax The maximum number of Destination Ascii
+ char, including terminating null char.
+
+ @retval RETURN_SUCCESS String is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeStrToAsciiStrS (
+ IN CONST CHAR16 *Source,
+ OUT CHAR8 *Destination,
+ IN UINTN DestMax
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Source & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.
+ //
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than StrnLenS (Source, DestMax).
+ //
+ SourceLen = StrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)), RETURN_ACCESS_DENIED);
+
+ //
+ // convert string
+ //
+ while (*Source != '\0') {
+ //
+ // If any Unicode characters in Source contain
+ // non-zero value in the upper 8 bits, then ASSERT().
+ //
+ ASSERT (*Source < 0x100);
+ *(Destination++) = (CHAR8) *(Source++);
+ }
+ *Destination = '\0';
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ Convert one Null-terminated ASCII string to a Null-terminated
+ Unicode string.
+
+ This function is similar to StrCpyS.
+
+ This function converts the contents of the ASCII string Source to the Unicode
+ string Destination. The function terminates the Unicode string Destination by
+ appending a Null-terminator character at the end.
+
+ The caller is responsible to make sure Destination points to a buffer with size
+ equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
+
+ If Destination is not aligned on a 16-bit boundary, then ASSERT().
+ If an error would be returned, then the function will also ASSERT().
+
+ If an error is returned, then the Destination is unmodified.
+
+ @param Source The pointer to a Null-terminated ASCII string.
+ @param Destination The pointer to a Null-terminated Unicode string.
+ @param DestMax The maximum number of Destination Unicode
+ char, including terminating null char.
+
+ @retval RETURN_SUCCESS String is converted.
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
+ @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+ If Source is NULL.
+ If PcdMaximumUnicodeStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumUnicodeStringLength.
+ If PcdMaximumAsciiStringLength is not zero,
+ and DestMax is greater than
+ PcdMaximumAsciiStringLength.
+ If DestMax is 0.
+ @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+
+**/
+RETURN_STATUS
+EFIAPI
+AsciiStrToUnicodeStrS (
+ IN CONST CHAR8 *Source,
+ OUT CHAR16 *Destination,
+ IN UINTN DestMax
+ )
+{
+ UINTN SourceLen;
+
+ ASSERT (((UINTN) Destination & BIT0) == 0);
+
+ //
+ // 1. Neither Destination nor Source shall be a null pointer.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);
+ SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);
+
+ //
+ // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.
+ //
+ if (RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+ if (ASCII_RSIZE_MAX != 0) {
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);
+ }
+
+ //
+ // 3. DestMax shall not equal zero.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);
+
+ //
+ // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
+ //
+ SourceLen = AsciiStrnLenS (Source, DestMax);
+ SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);
+
+ //
+ // 5. Copying shall not take place between objects that overlap.
+ //
+ SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);
+
+ //
+ // Convert string
+ //
+ while (*Source != '\0') {
+ *(Destination++) = (CHAR16)*(Source++);
+ }
+ *Destination = '\0';
+
+ return RETURN_SUCCESS;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 08:25:31 +0000