Revision: 17724
http://sourceforge.net/p/edk2/code/17724
Author: dandanbi
Date: 2015-06-29 02:36:31 +0000 (Mon, 29 Jun 2015)
Log Message:
-----------
MdeModulePkg:Use safe string functions
Replace unsafe String functions with new added safe string functions
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c
trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
trunk/edk2/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/String.c
trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c
Modified: trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c
===================================================================
--- trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c 2015-06-29 02:21:54 UTC
(rev 17723)
+++ trunk/edk2/MdeModulePkg/Library/UefiHiiLib/HiiLib.c 2015-06-29 02:36:31 UTC
(rev 17724)
@@ -1,7 +1,7 @@
/** @file
HII Library implementation that uses DXE protocols and services.
- Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -606,6 +606,7 @@
CHAR16 *ReturnString;
UINTN Index;
UINT8 *Buffer;
+ UINTN MaxLen;
//
// Compute the length of Name in Unicode characters.
@@ -636,7 +637,8 @@
// GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null>
// | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 |
1 |
//
- String = AllocateZeroPool ((5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 +
6 + DevicePathSize * 2 + 1) * sizeof (CHAR16));
+ MaxLen = 5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize
* 2 + 1;
+ String = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (String == NULL) {
return NULL;
}
@@ -644,7 +646,8 @@
//
// Start with L"GUID="
//
- ReturnString = StrCpy (String, L"GUID=");
+ StrCpyS (String, MaxLen, L"GUID=");
+ ReturnString = String;
String += StrLen (String);
if (Guid != NULL) {
@@ -659,7 +662,7 @@
//
// Append L"&NAME="
//
- StrCpy (String, L"&NAME=");
+ StrCpyS (String, MaxLen, L"&NAME=");
String += StrLen (String);
if (Name != NULL) {
@@ -674,7 +677,7 @@
//
// Append L"&PATH="
//
- StrCpy (String, L"&PATH=");
+ StrCpyS (String, MaxLen, L"&PATH=");
String += StrLen (String);
//
@@ -786,7 +789,7 @@
StringPtr = (CHAR16 *) DataBuffer;
ZeroMem (TemStr, sizeof (TemStr));
for (Index = 0; Index < Length; Index += 4) {
- StrnCpy (TemStr, ConfigHdr + Index, 4);
+ StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), ConfigHdr + Index,
4);
StringPtr[Index/4] = (CHAR16) StrHexToUint64 (TemStr);
}
//
@@ -2011,6 +2014,7 @@
EFI_HII_PACKAGE_LIST_HEADER *HiiPackageList;
UINTN PackageListLength;
+ UINTN MaxLen;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
@@ -2266,14 +2270,15 @@
// Construct ConfigAltHdr string "&<ConfigHdr>&ALTCFG=\0"
// | 1 | StrLen (ConfigHdr) | 8 | 1 |
//
- ConfigAltHdr = AllocateZeroPool ((1 + StringPtr - StringHdr + 8 + 1) *
sizeof (CHAR16));
+ MaxLen = 1 + StringPtr - StringHdr + 8 + 1;
+ ConfigAltHdr = AllocateZeroPool ( MaxLen * sizeof (CHAR16));
if (ConfigAltHdr == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
- StrCpy (ConfigAltHdr, L"&");
- StrnCat (ConfigAltHdr, StringHdr, StringPtr - StringHdr);
- StrCat (ConfigAltHdr, L"&ALTCFG=");
+ StrCpyS (ConfigAltHdr, MaxLen, L"&");
+ StrnCatS (ConfigAltHdr, MaxLen, StringHdr, StringPtr - StringHdr);
+ StrCatS (ConfigAltHdr, MaxLen, L"&ALTCFG=");
//
// Skip all AltResp (AltConfigHdr ConfigBody) for the same ConfigHdr
Modified: trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -2149,6 +2149,7 @@
UINT32 CheckFlags;
BOOLEAN RetVal;
UINTN CatLen;
+ UINTN MaxLen;
CfmStrLen = 0;
CatLen = StrLen (gConfirmMsgConnect);
@@ -2209,50 +2210,51 @@
// Allocate buffer to save the string.
// String + "?" + "\0"
//
- CfmStr = AllocateZeroPool ((CfmStrLen + 1 + 1) * sizeof (CHAR16));
+ MaxLen = CfmStrLen + 1 + 1;
+ CfmStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (CfmStr != NULL);
if ((Action & BROWSER_ACTION_DISCARD) == BROWSER_ACTION_DISCARD) {
- StrCpy (CfmStr, gConfirmDiscardMsg);
+ StrCpyS (CfmStr, MaxLen, gConfirmDiscardMsg);
}
if ((Action & BROWSER_ACTION_DEFAULT) == BROWSER_ACTION_DEFAULT) {
if (CfmStr[0] != 0) {
- StrCat (CfmStr, gConfirmMsgConnect);
- StrCat (CfmStr, gConfirmDefaultMsg2nd);
+ StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
+ StrCatS (CfmStr, MaxLen, gConfirmDefaultMsg2nd);
} else {
- StrCpy (CfmStr, gConfirmDefaultMsg);
+ StrCpyS (CfmStr, MaxLen, gConfirmDefaultMsg);
}
}
if ((Action & BROWSER_ACTION_SUBMIT) == BROWSER_ACTION_SUBMIT) {
if (CfmStr[0] != 0) {
- StrCat (CfmStr, gConfirmMsgConnect);
- StrCat (CfmStr, gConfirmSubmitMsg2nd);
+ StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
+ StrCatS (CfmStr, MaxLen, gConfirmSubmitMsg2nd);
} else {
- StrCpy (CfmStr, gConfirmSubmitMsg);
+ StrCpyS (CfmStr, MaxLen, gConfirmSubmitMsg);
}
}
if ((Action & BROWSER_ACTION_RESET) == BROWSER_ACTION_RESET) {
if (CfmStr[0] != 0) {
- StrCat (CfmStr, gConfirmMsgConnect);
- StrCat (CfmStr, gConfirmResetMsg2nd);
+ StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
+ StrCatS (CfmStr, MaxLen, gConfirmResetMsg2nd);
} else {
- StrCpy (CfmStr, gConfirmResetMsg);
+ StrCpyS (CfmStr, MaxLen, gConfirmResetMsg);
}
}
if ((Action & BROWSER_ACTION_EXIT) == BROWSER_ACTION_EXIT) {
if (CfmStr[0] != 0) {
- StrCat (CfmStr, gConfirmMsgConnect);
- StrCat (CfmStr, gConfirmExitMsg2nd);
+ StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
+ StrCatS (CfmStr, MaxLen, gConfirmExitMsg2nd);
} else {
- StrCpy (CfmStr, gConfirmExitMsg);
+ StrCpyS (CfmStr, MaxLen, gConfirmExitMsg);
}
}
- StrCat (CfmStr, gConfirmMsgEnd);
+ StrCatS (CfmStr, MaxLen, gConfirmMsgEnd);
do {
CreateDialog (&Key, gEmptyString, CfmStr, gConfirmOpt, gEmptyString, NULL);
Modified: trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -1,7 +1,7 @@
/** @file
Implementation for handling user input from the User Interfaces.
-Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -84,6 +84,7 @@
UINTN Maximum;
FORM_DISPLAY_ENGINE_STATEMENT *Question;
BOOLEAN IsPassword;
+ UINTN MaxLen;
DimensionsWidth = gStatementDimensions.RightColumn -
gStatementDimensions.LeftColumn;
DimensionsHeight = gStatementDimensions.BottomRow -
gStatementDimensions.TopRow;
@@ -102,7 +103,8 @@
IsPassword = FALSE;
}
- TempString = AllocateZeroPool ((Maximum + 1)* sizeof (CHAR16));
+ MaxLen = Maximum + 1;
+ TempString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (TempString);
if (ScreenSize < (Maximum + 1)) {
@@ -244,7 +246,7 @@
//
// Effectively truncate string by 1 character
//
- StrCpy (StringPtr, TempString);
+ StrCpyS (StringPtr, MaxLen, TempString);
CurrentCursor --;
}
@@ -253,7 +255,7 @@
// If it is the beginning of the string, don't worry about checking
maximum limits
//
if ((StringPtr[0] == CHAR_NULL) && (Key.UnicodeChar != CHAR_BACKSPACE)) {
- StrnCpy (StringPtr, &Key.UnicodeChar, 1);
+ StrnCpyS (StringPtr, MaxLen, &Key.UnicodeChar, 1);
CurrentCursor++;
} else if ((GetStringWidth (StringPtr) < ((Maximum + 1) * sizeof
(CHAR16))) && (Key.UnicodeChar != CHAR_BACKSPACE)) {
KeyPad[0] = Key.UnicodeChar;
@@ -264,11 +266,11 @@
TempString[Index] = StringPtr[Index];
}
TempString[Index] = CHAR_NULL;
- StrCat (TempString, KeyPad);
- StrCat (TempString, StringPtr + CurrentCursor);
- StrCpy (StringPtr, TempString);
+ StrCatS (TempString, MaxLen, KeyPad);
+ StrCatS (TempString, MaxLen, StringPtr + CurrentCursor);
+ StrCpyS (StringPtr, MaxLen, TempString);
} else {
- StrCat (StringPtr, KeyPad);
+ StrCatS (StringPtr, MaxLen, KeyPad);
}
CurrentCursor++;
}
@@ -1447,7 +1449,7 @@
CopyMem (TempStringPtr, StringPtr, (sizeof (CHAR16) * (PopUpWidth -
5)));
FreePool (StringPtr);
StringPtr = TempStringPtr;
- StrCat (StringPtr, L"...");
+ StrCatS (StringPtr, PopUpWidth - 1, L"...");
}
if (Index == HighlightOptionIndex) {
Modified: trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -28,6 +28,7 @@
VOID
NewStrCat (
IN OUT CHAR16 *Destination,
+ IN UINTN DestMax,
IN CHAR16 *Source
)
{
@@ -45,7 +46,7 @@
Destination[Length] = NARROW_CHAR;
Length++;
- StrCpy (Destination + Length, Source);
+ StrCpyS (Destination + Length, DestMax - Length, Source);
}
/**
@@ -957,6 +958,7 @@
UINT8 ValueType;
EFI_IFR_ORDERED_LIST *OrderList;
BOOLEAN ValueInvalid;
+ UINTN MaxLen;
Status = EFI_SUCCESS;
@@ -999,7 +1001,8 @@
// We now know how many strings we will have, so we can allocate the
// space required for the array or strings.
//
- *OptionString = AllocateZeroPool (OrderList->MaxContainers * BufferSize);
+ MaxLen = OrderList->MaxContainers * BufferSize / sizeof (CHAR16);
+ *OptionString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (*OptionString);
HiiValue.Type = ValueType;
@@ -1057,14 +1060,14 @@
}
Character[0] = LEFT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option,
gFormData->HiiHandle);
ASSERT (StringPtr != NULL);
- NewStrCat (OptionString[0], StringPtr);
+ NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
Character[0] = CHAR_CARRIAGE_RETURN;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr);
}
@@ -1092,14 +1095,14 @@
// Not report error, just get the correct option string info.
//
Character[0] = LEFT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option,
gFormData->HiiHandle);
ASSERT (StringPtr != NULL);
- NewStrCat (OptionString[0], StringPtr);
+ NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
Character[0] = CHAR_CARRIAGE_RETURN;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr);
continue;
@@ -1151,6 +1154,7 @@
//
Status = GetSelectionInputPopUp (MenuOption);
} else {
+ MaxLen = BufferSize / sizeof(CHAR16);
*OptionString = AllocateZeroPool (BufferSize);
ASSERT (*OptionString);
@@ -1204,12 +1208,12 @@
}
Character[0] = LEFT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option,
gFormData->HiiHandle);
ASSERT (StringPtr != NULL);
- NewStrCat (OptionString[0], StringPtr);
+ NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER;
- NewStrCat (OptionString[0], Character);
+ NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr);
}
Modified: trunk/edk2/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -330,7 +330,7 @@
//
EncodedPassword = AllocateZeroPool (PasswordMaxSize);
ASSERT (EncodedPassword != NULL);
- StrnCpy (EncodedPassword, Password, StrLen (Password));
+ StrnCpyS (EncodedPassword, PasswordMaxSize / sizeof (CHAR16), Password,
StrLen (Password));
EncodePassword (EncodedPassword, StrLen (EncodedPassword) * sizeof (CHAR16));
if (CompareMem (EncodedPassword,
PrivateData->Configuration.WhatIsThePassword2, PasswordMaxSize) != 0) {
//
@@ -400,7 +400,7 @@
FreePool (TempPassword);
return EFI_NOT_READY;
}
- StrnCpy (Password, TempPassword, StrLen (TempPassword));
+ StrnCpyS (Password, PasswordSize / sizeof (CHAR16), TempPassword, StrLen
(TempPassword));
FreePool (TempPassword);
//
@@ -601,7 +601,7 @@
TmpStr = StringPtr;
if (Result != NULL) {
- StrCpy (StringPtr, Result);
+ StrCpyS (StringPtr, NewLen / sizeof (CHAR16), Result);
StringPtr += StrLen (Result);
FreePool (Result);
}
@@ -908,7 +908,7 @@
1 + sizeof (PrivateData->Configuration.NameValueVar2) * 2 + 1) * sizeof
(CHAR16);
*Results = AllocateZeroPool (BufferSize);
ASSERT (*Results != NULL);
- StrCpy (*Results, ConfigRequest);
+ StrCpyS (*Results, BufferSize / sizeof (CHAR16), ConfigRequest);
Value = *Results;
//
@@ -1184,7 +1184,7 @@
StrBuffer = (CHAR16 *) PrivateData->Configuration.NameValueVar2;
ZeroMem (TemStr, sizeof (TemStr));
while (Value < StrPtr) {
- StrnCpy (TemStr, Value, 4);
+ StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), Value, 4);
*(StrBuffer++) = (CHAR16) StrHexToUint64 (TemStr);
Value += 4;
}
Modified:
trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -1670,6 +1670,7 @@
CHAR16 *Name;
CHAR8 *AsciiName;
EFI_GUID *Guid;
+ UINTN MaxLen;
ASSERT (OpCodeData != NULL);
@@ -1733,7 +1734,8 @@
// GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null>
// | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 |
1 |
//
- String = AllocateZeroPool ((5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 +
6 + DevicePathSize * 2 + 1) * sizeof (CHAR16));
+ MaxLen = 5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize
* 2 + 1;
+ String = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (String == NULL) {
return NULL;
}
@@ -1741,7 +1743,8 @@
//
// Start with L"GUID="
//
- ReturnString = StrCpy (String, L"GUID=");
+ StrCpyS (String, MaxLen, L"GUID=");
+ ReturnString = String;
String += StrLen (String);
if (Guid != NULL) {
@@ -1756,7 +1759,7 @@
//
// Append L"&NAME="
//
- StrCpy (String, L"&NAME=");
+ StrCpyS (String, MaxLen, L"&NAME=");
String += StrLen (String);
if (Name != NULL) {
@@ -1771,7 +1774,7 @@
//
// Append L"&PATH="
//
- StrCpy (String, L"&PATH=");
+ StrCpyS (String, MaxLen, L"&PATH=");
String += StrLen (String);
//
@@ -1991,7 +1994,7 @@
UINT16 Width;
CHAR16 *ConfigHdr;
CHAR16 *RequestElement;
- UINTN Length;
+ UINTN MaxLen;
CHAR16 *StringPtr;
ASSERT (DatabaseRecord != NULL && OpCodeData != NULL && ConfigRequest !=
NULL);
@@ -2032,8 +2035,8 @@
ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle);
ASSERT (ConfigHdr != NULL);
- Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1) * sizeof
(CHAR16);
- *ConfigRequest = AllocatePool (Length);
+ MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1;
+ *ConfigRequest = AllocatePool (MaxLen * sizeof (CHAR16));
if (*ConfigRequest == NULL) {
FreePool (ConfigHdr);
FreePool (RequestElement);
@@ -2041,13 +2044,13 @@
}
StringPtr = *ConfigRequest;
- StrCpy (StringPtr, ConfigHdr);
+ StrCpyS (StringPtr, MaxLen, ConfigHdr);
StringPtr += StrLen (StringPtr);
*StringPtr = L'&';
StringPtr++;
- StrCpy (StringPtr, RequestElement);
+ StrCpyS (StringPtr, MaxLen, RequestElement);
StringPtr += StrLen (StringPtr);
*StringPtr = L'\0';
@@ -2098,7 +2101,7 @@
UINT16 Width;
CHAR16 *ConfigHdr;
CHAR16 *RequestElement;
- UINTN Length;
+ UINTN MaxLen;
CHAR16 *StringPtr;
ASSERT ((DatabaseRecord != NULL) && (OpCodeData != NULL) && (ConfigResp !=
NULL) && (ValueElement != NULL));
@@ -2140,8 +2143,8 @@
ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle);
ASSERT (ConfigHdr != NULL);
- Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen
(L"VALUE=") + StrLen(ValueElement) + 1) * sizeof (CHAR16);
- *ConfigResp = AllocatePool (Length);
+ MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen
(L"VALUE=") + StrLen(ValueElement) + 1;
+ *ConfigResp = AllocatePool (MaxLen * sizeof (CHAR16));
if (*ConfigResp == NULL) {
FreePool (ConfigHdr);
FreePool (RequestElement);
@@ -2149,22 +2152,22 @@
}
StringPtr = *ConfigResp;
- StrCpy (StringPtr, ConfigHdr);
+ StrCpyS (StringPtr, MaxLen, ConfigHdr);
StringPtr += StrLen (StringPtr);
*StringPtr = L'&';
StringPtr++;
- StrCpy (StringPtr, RequestElement);
+ StrCpyS (StringPtr, MaxLen, RequestElement);
StringPtr += StrLen (StringPtr);
*StringPtr = L'&';
StringPtr++;
- StrCpy (StringPtr, L"VALUE=");
+ StrCpyS (StringPtr, MaxLen, L"VALUE=");
StringPtr += StrLen (StringPtr);
- StrCpy (StringPtr, ValueElement);
+ StrCpyS (StringPtr, MaxLen, ValueElement);
StringPtr += StrLen (StringPtr);
*StringPtr = L'\0';
@@ -2433,9 +2436,10 @@
}
//
- // 2. Allocate the buffer and create the KeywordResp string.
+ // 2. Allocate the buffer and create the KeywordResp string include '\0'.
//
- *KeywordResp = AllocatePool ((RespStrLen + 1) * sizeof (CHAR16));
+ RespStrLen += 1;
+ *KeywordResp = AllocatePool (RespStrLen * sizeof (CHAR16));
if (*KeywordResp == NULL) {
if (UnicodeNameSpace != NULL) {
FreePool (UnicodeNameSpace);
@@ -2448,36 +2452,36 @@
//
// 2.1 Copy NameSpaceId section.
//
- StrCpy (RespStr, L"NAMESPACE=");
+ StrCpyS (RespStr, RespStrLen, L"NAMESPACE=");
RespStr += StrLen (RespStr);
- StrCpy (RespStr, UnicodeNameSpace);
+ StrCpyS (RespStr, RespStrLen, UnicodeNameSpace);
RespStr += StrLen (RespStr);
//
// 2.2 Copy PathHdr section.
//
- StrCpy (RespStr, PathHdr);
+ StrCpyS (RespStr, RespStrLen, PathHdr);
RespStr += StrLen (RespStr);
//
// 2.3 Copy Keyword section.
//
- StrCpy (RespStr, L"KEYWORD=");
+ StrCpyS (RespStr, RespStrLen, L"KEYWORD=");
RespStr += StrLen (RespStr);
- StrCpy (RespStr, KeywordData);
+ StrCpyS (RespStr, RespStrLen, KeywordData);
RespStr += StrLen (RespStr);
//
// 2.4 Copy the Value section.
//
- StrCpy (RespStr, ValueStr);
+ StrCpyS (RespStr, RespStrLen, ValueStr);
RespStr += StrLen (RespStr);
//
// 2.5 Copy ReadOnly section if exist.
//
if (ReadOnly) {
- StrCpy (RespStr, L"&READONLY");
+ StrCpyS (RespStr, RespStrLen, L"&READONLY");
RespStr += StrLen (RespStr);
}
@@ -2538,7 +2542,7 @@
*StringPtr = L'&';
StringPtr++;
- StrCpy (StringPtr, *KeywordResp);
+ StrCpyS (StringPtr, MultiKeywordRespLen / sizeof (CHAR16), *KeywordResp);
return EFI_SUCCESS;
}
Modified: trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -1,7 +1,7 @@
/** @file
Implementation of interfaces function for EFI_HII_CONFIG_ROUTING_PROTOCOL.
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -252,8 +252,7 @@
Str = AllocateZeroPool (Length * sizeof (CHAR16));
ASSERT (Str != NULL);
- StrCpy (Str, String);
- Length = (BufferLen * 2 + 1) * sizeof (CHAR16);
+ StrCpyS (Str, Length, String);
StringHeader = Str + StrLen (String);
TemString = (CHAR16 *) StringHeader;
@@ -297,7 +296,7 @@
//
// Convert the uppercase to lowercase since <HexAf> is defined in lowercase
format.
//
- StrCat (Str, L"&");
+ StrCatS (Str, Length, L"&");
HiiToLower (Str);
*SubStr = Str;
@@ -392,6 +391,7 @@
{
UINTN AppendStringSize;
UINTN MultiStringSize;
+ UINTN MaxLen;
if (MultiString == NULL || *MultiString == NULL || AppendString == NULL) {
return EFI_INVALID_PARAMETER;
@@ -399,6 +399,7 @@
AppendStringSize = StrSize (AppendString);
MultiStringSize = StrSize (*MultiString);
+ MaxLen = MAX_STRING_LENGTH / sizeof (CHAR16);
//
// Enlarge the buffer each time when length exceeds MAX_STRING_LENGTH.
@@ -410,12 +411,13 @@
MultiStringSize + AppendStringSize,
(VOID *) (*MultiString)
);
+ MaxLen = (MultiStringSize + AppendStringSize) / sizeof (CHAR16);
ASSERT (*MultiString != NULL);
}
//
// Append the incoming string
//
- StrCat (*MultiString, AppendString);
+ StrCatS (*MultiString, MaxLen, AppendString);
return EFI_SUCCESS;
}
@@ -536,6 +538,8 @@
EFI_STRING AltConfigHdr;
UINTN HeaderLength;
UINTN SizeAltCfgResp;
+ UINTN MaxLen;
+ UINTN TotalSize;
if (*AltCfgResp == NULL) {
return EFI_INVALID_PARAMETER;
@@ -572,13 +576,14 @@
// Construct AltConfigHdr string "&<ConfigHdr>&ALTCFG=XXXX\0"
// |1| StrLen (ConfigHdr) | 8 | 4 | 1 |
//
- AltConfigHdr = AllocateZeroPool ((1 + HeaderLength + 8 + 4 + 1) * sizeof
(CHAR16));
+ MaxLen = 1 + HeaderLength + 8 + 4 + 1;
+ AltConfigHdr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (AltConfigHdr == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- StrCpy (AltConfigHdr, L"&");
- StrnCat (AltConfigHdr, *AltCfgResp, HeaderLength);
- StrCat (AltConfigHdr, L"&ALTCFG=");
+ StrCpyS (AltConfigHdr, MaxLen, L"&");
+ StrnCatS (AltConfigHdr, MaxLen, *AltCfgResp, HeaderLength);
+ StrCatS (AltConfigHdr, MaxLen, L"&ALTCFG=");
HeaderLength = StrLen (AltConfigHdr);
StringPtrDefault = StrStr (DefaultAltCfgResp, AltConfigHdr);
@@ -586,7 +591,7 @@
//
// Get AltCfg Name
//
- StrnCat (AltConfigHdr, StringPtrDefault + HeaderLength, 4);
+ StrnCatS (AltConfigHdr, MaxLen, StringPtrDefault + HeaderLength, 4);
StringPtr = StrStr (*AltCfgResp, AltConfigHdr);
//
@@ -595,34 +600,35 @@
if (StringPtr == NULL) {
StringPtrEnd = StrStr (StringPtrDefault + 1, L"&GUID");
SizeAltCfgResp = StrSize (*AltCfgResp);
+ TotalSize = SizeAltCfgResp + StrSize (StringPtrDefault);
if (StringPtrEnd == NULL) {
//
// No more default string is found.
//
*AltCfgResp = (EFI_STRING) ReallocatePool (
SizeAltCfgResp,
- SizeAltCfgResp + StrSize
(StringPtrDefault),
+ TotalSize,
(VOID *) (*AltCfgResp)
);
if (*AltCfgResp == NULL) {
FreePool (AltConfigHdr);
return EFI_OUT_OF_RESOURCES;
}
- StrCat (*AltCfgResp, StringPtrDefault);
+ StrCatS (*AltCfgResp, TotalSize / sizeof (CHAR16), StringPtrDefault);
break;
} else {
TempChar = *StringPtrEnd;
*StringPtrEnd = L'\0';
*AltCfgResp = (EFI_STRING) ReallocatePool (
SizeAltCfgResp,
- SizeAltCfgResp + StrSize
(StringPtrDefault),
+ TotalSize,
(VOID *) (*AltCfgResp)
);
if (*AltCfgResp == NULL) {
FreePool (AltConfigHdr);
return EFI_OUT_OF_RESOURCES;
}
- StrCat (*AltCfgResp, StringPtrDefault);
+ StrCatS (*AltCfgResp, TotalSize / sizeof (CHAR16), StringPtrDefault);
*StringPtrEnd = TempChar;
}
}
@@ -1188,8 +1194,8 @@
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
- StrCpy (TempStr, GuidStr);
- StrCat (TempStr, NameStr);
+ StrCpyS (TempStr, LengthString, GuidStr);
+ StrCatS (TempStr, LengthString, NameStr);
if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr))
== 0) {
*EfiVarStore = (EFI_IFR_VARSTORE_EFI *) AllocateZeroPool
(IfrOpHdr->Length);
if (*EfiVarStore == NULL) {
@@ -1304,8 +1310,8 @@
goto Done;
}
- StrCpy (TempStr, GuidStr);
- StrCat (TempStr, NameStr);
+ StrCpyS (TempStr, LengthString, GuidStr);
+ StrCatS (TempStr, LengthString, NameStr);
if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr)) ==
0) {
RetVal = TRUE;
@@ -2666,7 +2672,7 @@
//
// Start with <ConfigHdr>
//
- StrCpy (StringPtr, ConfigHdr);
+ StrCpyS (StringPtr, Length, ConfigHdr);
StringPtr += StrLen (StringPtr);
//
@@ -2765,12 +2771,12 @@
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
- StrCpy (*ConfigHdr, GuidStr);
- StrCat (*ConfigHdr, NameStr);
+ StrCpyS (*ConfigHdr, Length, GuidStr);
+ StrCatS (*ConfigHdr, Length, NameStr);
if (VarStorageData->Name == NULL) {
- StrCat (*ConfigHdr, L"&");
+ StrCatS (*ConfigHdr, Length, L"&");
}
- StrCat (*ConfigHdr, PathStr);
+ StrCatS (*ConfigHdr, Length, PathStr);
//
// Remove the last character L'&'
@@ -2934,7 +2940,7 @@
//
// Start with <ConfigHdr>
//
- StrCpy (StringPtr, ConfigHdr);
+ StrCpyS (StringPtr, Length, ConfigHdr);
StringPtr += StrLen (StringPtr);
for (Link = DefaultIdArray->Entry.ForwardLink; Link !=
&DefaultIdArray->Entry; Link = Link->ForwardLink) {
@@ -4612,8 +4618,8 @@
*(ConfigElement + (StringPtr - TmpPtr)) = L'&';
}
*(ConfigElement + (StringPtr - TmpPtr) + 1) = 0;
- StrCat (ConfigElement, L"VALUE=");
- StrCat (ConfigElement, ValueStr);
+ StrCatS (ConfigElement, Length, L"VALUE=");
+ StrCatS (ConfigElement, Length, ValueStr);
AppendToMultiString (Config, ConfigElement);
@@ -5130,8 +5136,8 @@
if (*AltCfgResp == NULL) {
Status = EFI_OUT_OF_RESOURCES;
} else {
- StrnCpy (*AltCfgResp, HdrStart, HdrEnd - HdrStart);
- StrCat (*AltCfgResp, Result);
+ StrnCpyS (*AltCfgResp, Length, HdrStart, HdrEnd - HdrStart);
+ StrCatS (*AltCfgResp, Length, Result);
Status = EFI_SUCCESS;
}
}
Modified: trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c 2015-06-29
02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c 2015-06-29
02:36:31 UTC (rev 17724)
@@ -1,7 +1,7 @@
/** @file
Implementation for EFI_HII_DATABASE_PROTOCOL.
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -798,7 +798,7 @@
if (Language == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- AsciiStrCpy (Language, (CHAR8 *) PackageHdr + HeaderSize - LanguageSize);
+ AsciiStrCpyS (Language, LanguageSize / sizeof (CHAR8), (CHAR8 *) PackageHdr
+ HeaderSize - LanguageSize);
for (Link = PackageList->StringPkgHdr.ForwardLink; Link !=
&PackageList->StringPkgHdr; Link = Link->ForwardLink) {
StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry,
HII_STRING_PACKAGE_SIGNATURE);
if (HiiCompareLanguage (Language, StringPackage->StringPkgHdr->Language)) {
@@ -1182,7 +1182,7 @@
}
FontInfo->FontStyle = FontPkgHdr->FontStyle;
FontInfo->FontSize = FontPkgHdr->Cell.Height;
- StrCpy (FontInfo->FontName, FontPkgHdr->FontFamily);
+ StrCpyS (FontInfo->FontName, sizeof (FontInfo->FontName) / sizeof (CHAR16),
FontPkgHdr->FontFamily);
if (IsFontInfoExisted (Private, FontInfo, NULL, NULL, NULL)) {
Status = EFI_UNSUPPORTED;
Modified: trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c 2015-06-29
02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/Font.c 2015-06-29
02:36:31 UTC (rev 17724)
@@ -2,7 +2,7 @@
Implementation for EFI_HII_FONT_PROTOCOL.
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -933,16 +933,18 @@
)
{
UINTN FontInfoLen;
+ UINTN NameSize;
ASSERT (FontName != NULL && FontInfo != NULL);
- FontInfoLen = sizeof (EFI_FONT_INFO) - sizeof (CHAR16) + StrSize (FontName);
+ NameSize = StrSize (FontName);
+ FontInfoLen = sizeof (EFI_FONT_INFO) - sizeof (CHAR16) + NameSize;
*FontInfo = (EFI_FONT_INFO *) AllocateZeroPool (FontInfoLen);
if (*FontInfo == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- StrCpy ((*FontInfo)->FontName, FontName);
+ StrCpyS ((*FontInfo)->FontName, NameSize / sizeof (CHAR16), FontName);
return EFI_SUCCESS;
}
@@ -971,6 +973,7 @@
{
EFI_FONT_DISPLAY_INFO *Info;
UINTN InfoSize;
+ UINTN NameSize;
if (Private == NULL || Private->Signature !=
HII_DATABASE_PRIVATE_DATA_SIGNATURE) {
return EFI_INVALID_PARAMETER;
@@ -982,7 +985,8 @@
//
// The standard font always has the name "sysdefault".
//
- InfoSize = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + StrSize
(L"sysdefault");
+ NameSize = StrSize (L"sysdefault");
+ InfoSize = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + NameSize;
Info = (EFI_FONT_DISPLAY_INFO *) AllocateZeroPool (InfoSize);
if (Info == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -993,7 +997,7 @@
Info->FontInfoMask = EFI_FONT_INFO_SYS_FONT | EFI_FONT_INFO_SYS_SIZE |
EFI_FONT_INFO_SYS_STYLE;
Info->FontInfo.FontStyle = 0;
Info->FontInfo.FontSize = EFI_GLYPH_HEIGHT;
- StrCpy (Info->FontInfo.FontName, L"sysdefault");
+ StrCpyS (Info->FontInfo.FontName, NameSize / sizeof (CHAR16), L"sysdefault");
*FontInfo = Info;
if (FontInfoSize != NULL) {
@@ -2310,6 +2314,7 @@
EFI_STRING String;
UINTN StringSize;
UINTN FontLen;
+ UINTN NameSize;
EFI_FONT_INFO *StringFontInfo;
EFI_FONT_DISPLAY_INFO *NewStringInfo;
CHAR8 TempSupportedLanguages;
@@ -2432,7 +2437,8 @@
// StringFontInfo equals NULL means system default font attaches with the
string block.
//
if (StringFontInfo != NULL && IsSystemFontInfo (Private,
(EFI_FONT_DISPLAY_INFO *) StringInfo, NULL, NULL)) {
- FontLen = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + StrSize
(StringFontInfo->FontName);
+ NameSize = StrSize (StringFontInfo->FontName);
+ FontLen = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + NameSize;
NewStringInfo = AllocateZeroPool (FontLen);
if (NewStringInfo == NULL) {
Status = EFI_OUT_OF_RESOURCES;
@@ -2441,7 +2447,7 @@
NewStringInfo->FontInfoMask = EFI_FONT_INFO_SYS_FORE_COLOR |
EFI_FONT_INFO_SYS_BACK_COLOR;
NewStringInfo->FontInfo.FontStyle = StringFontInfo->FontStyle;
NewStringInfo->FontInfo.FontSize = StringFontInfo->FontSize;
- StrCpy (NewStringInfo->FontInfo.FontName, StringFontInfo->FontName);
+ StrCpyS (NewStringInfo->FontInfo.FontName, NameSize / sizeof (CHAR16),
StringFontInfo->FontName);
Status = HiiStringToImage (
This,
Modified: trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/String.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/String.c 2015-06-29
02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/HiiDatabaseDxe/String.c 2015-06-29
02:36:31 UTC (rev 17724)
@@ -1333,7 +1333,7 @@
StringPackage->StringPkgHdr->StringInfoOffset = HeaderSize;
CopyMem (StringPackage->StringPkgHdr->LanguageWindow, mLanguageWindow, 16
* sizeof (CHAR16));
StringPackage->StringPkgHdr->LanguageName = 1;
- AsciiStrCpy (StringPackage->StringPkgHdr->Language, (CHAR8 *) Language);
+ AsciiStrCpyS (StringPackage->StringPkgHdr->Language,
sizeof(StringPackage->StringPkgHdr->Language) / sizeof (CHAR8), (CHAR8 *)
Language);
//
// Calculate the length of the string blocks, including string block to
record
@@ -1842,7 +1842,7 @@
}
ResultSize += AsciiStrSize (StringPackage->StringPkgHdr->Language);
if (ResultSize <= *LanguagesSize) {
- AsciiStrCpy (Languages, StringPackage->StringPkgHdr->Language);
+ AsciiStrCpyS (Languages, *LanguagesSize / sizeof (CHAR8),
StringPackage->StringPkgHdr->Language);
Languages += AsciiStrSize (StringPackage->StringPkgHdr->Language);
*(Languages - 1) = L';';
}
@@ -1959,7 +1959,7 @@
ResultSize = AsciiStrSize (Languages);
if (ResultSize <= *SecondaryLanguagesSize) {
- AsciiStrCpy (SecondaryLanguages, Languages);
+ AsciiStrCpyS (SecondaryLanguages, *SecondaryLanguagesSize / sizeof
(CHAR8), Languages);
} else {
*SecondaryLanguagesSize = ResultSize;
return EFI_BUFFER_TOO_SMALL;
@@ -2024,13 +2024,13 @@
StrLen = AsciiStrSize (Language1);
Lan1 = AllocateZeroPool (StrLen);
ASSERT (Lan1 != NULL);
- AsciiStrCpy(Lan1, Language1);
+ AsciiStrCpyS(Lan1, StrLen / sizeof (CHAR8), Language1);
AsciiHiiToLower (Lan1);
StrLen = AsciiStrSize (Language2);
Lan2 = AllocateZeroPool (StrLen);
ASSERT (Lan2 != NULL);
- AsciiStrCpy(Lan2, Language2);
+ AsciiStrCpyS(Lan2, StrLen / sizeof (CHAR8), Language2);
AsciiHiiToLower (Lan2);
//
Modified: trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -1324,6 +1324,7 @@
UINT16 Length0;
UINT16 Length1;
UINT8 *TmpBuf;
+ UINTN MaxLen;
//
// String[0] - The second string
@@ -1363,10 +1364,11 @@
if (Value[0].Type == EFI_IFR_TYPE_STRING) {
Size = StrSize (String[0]);
- StringPtr= AllocatePool (StrSize (String[1]) + Size);
+ MaxLen = (StrSize (String[1]) + Size) / sizeof (CHAR16);
+ StringPtr= AllocatePool (MaxLen * sizeof (CHAR16));
ASSERT (StringPtr != NULL);
- StrCpy (StringPtr, String[1]);
- StrCat (StringPtr, String[0]);
+ StrCpyS (StringPtr, MaxLen, String[1]);
+ StrCatS (StringPtr, MaxLen, String[0]);
Result->Type = EFI_IFR_TYPE_STRING;
Result->Value.string = NewString (StringPtr, FormSet->HiiHandle);
Modified: trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
2015-06-29 02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
2015-06-29 02:36:31 UTC (rev 17724)
@@ -688,6 +688,7 @@
LIST_ENTRY *Link;
BOOLEAN Find;
FORM_BROWSER_CONFIG_REQUEST *ConfigInfo;
+ UINTN MaxLen;
Storage = Question->Storage;
if (Storage == NULL) {
@@ -732,6 +733,8 @@
//
FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);
ASSERT (FormsetStorage != NULL);
+ StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize
(FormsetStorage->ConfigRequest) : sizeof (CHAR16);
+ MaxLen = StringSize / sizeof (CHAR16) + FormsetStorage->SpareStrLen;
//
// Append <RequestElement> to <ConfigRequest>
@@ -740,8 +743,8 @@
//
// Old String buffer is not sufficient for RequestElement, allocate a new
one
//
- StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize
(FormsetStorage->ConfigRequest) : sizeof (CHAR16);
- NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL
* sizeof (CHAR16));
+ MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
+ NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL);
if (FormsetStorage->ConfigRequest != NULL) {
CopyMem (NewStr, FormsetStorage->ConfigRequest, StringSize);
@@ -751,7 +754,7 @@
FormsetStorage->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
}
- StrCat (FormsetStorage->ConfigRequest, RequestElement);
+ StrCatS (FormsetStorage->ConfigRequest, MaxLen, RequestElement);
FormsetStorage->ElementCount++;
FormsetStorage->SpareStrLen -= StrLen;
@@ -782,6 +785,8 @@
ConfigInfo->Storage = FormsetStorage->BrowserStorage;
InsertTailList(&Form->ConfigRequestHead, &ConfigInfo->Link);
}
+ StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize
(ConfigInfo->ConfigRequest) : sizeof (CHAR16);
+ MaxLen = StringSize / sizeof (CHAR16) + ConfigInfo->SpareStrLen;
//
// Append <RequestElement> to <ConfigRequest>
@@ -790,8 +795,8 @@
//
// Old String buffer is not sufficient for RequestElement, allocate a new
one
//
- StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize
(ConfigInfo->ConfigRequest) : sizeof (CHAR16);
- NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL
* sizeof (CHAR16));
+ MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
+ NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL);
if (ConfigInfo->ConfigRequest != NULL) {
CopyMem (NewStr, ConfigInfo->ConfigRequest, StringSize);
@@ -801,7 +806,7 @@
ConfigInfo->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
}
- StrCat (ConfigInfo->ConfigRequest, RequestElement);
+ StrCatS (ConfigInfo->ConfigRequest, MaxLen, RequestElement);
ConfigInfo->ElementCount++;
ConfigInfo->SpareStrLen -= StrLen;
return EFI_SUCCESS;
Modified: trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c 2015-06-29
02:21:54 UTC (rev 17723)
+++ trunk/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c 2015-06-29
02:36:31 UTC (rev 17724)
@@ -635,6 +635,7 @@
CHAR16 *StrPtr;
UINTN BufferSize;
UINTN TmpSize;
+ UINTN MaxLen;
FORMSET_STORAGE *BrowserStorage;
if (RetrieveData) {
@@ -660,7 +661,7 @@
// Copy the data if the input buffer is bigger enough.
//
if (*ResultsDataSize >= BufferSize) {
- StrCpy (*ResultsData, StrPtr);
+ StrCpyS (*ResultsData, *ResultsDataSize / sizeof (CHAR16), StrPtr);
}
*ResultsDataSize = BufferSize;
@@ -673,12 +674,13 @@
ASSERT (BrowserStorage != NULL);
TmpSize = StrLen (*ResultsData);
BufferSize = (TmpSize + StrLen (BrowserStorage->ConfigHdr) + 2) * sizeof
(CHAR16);
+ MaxLen = BufferSize / sizeof (CHAR16);
ConfigResp = AllocateZeroPool (BufferSize);
ASSERT (ConfigResp != NULL);
- StrCpy (ConfigResp, BrowserStorage->ConfigHdr);
- StrCat (ConfigResp, L"&");
- StrCat (ConfigResp, *ResultsData);
+ StrCpyS (ConfigResp, MaxLen, BrowserStorage->ConfigHdr);
+ StrCatS (ConfigResp, MaxLen, L"&");
+ StrCatS (ConfigResp, MaxLen, *ResultsData);
//
// Update Browser uncommited data
@@ -1079,19 +1081,19 @@
)
{
CHAR16 *NewString;
- UINTN TmpSize;
+ UINTN MaxLen;
if (*Dest == NULL) {
NewStringCpy (Dest, Src);
return;
}
- TmpSize = StrSize (*Dest);
- NewString = AllocateZeroPool (TmpSize + StrSize (Src) - 1);
+ MaxLen = ( StrSize (*Dest) + StrSize (Src) - 1) / sizeof (CHAR16);
+ NewString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewString != NULL);
- StrCpy (NewString, *Dest);
- StrCat (NewString, Src);
+ StrCpyS (NewString, MaxLen, *Dest);
+ StrCatS (NewString, MaxLen, Src);
FreePool (*Dest);
*Dest = NewString;
@@ -1441,7 +1443,7 @@
DstBuf = (CHAR16 *) Dst;
ZeroMem (TemStr, sizeof (TemStr));
for (Index = 0; Index < LengthStr; Index += 4) {
- StrnCpy (TemStr, Value + Index, 4);
+ StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), Value + Index, 4);
DstBuf[Index/4] = (CHAR16) StrHexToUint64 (TemStr);
}
//
@@ -1505,6 +1507,7 @@
CHAR16 *Value;
UINTN Length;
BOOLEAN IsBufferStorage;
+ UINTN MaxLen;
Status = EFI_SUCCESS;
Value = NULL;
@@ -1704,15 +1707,17 @@
Length = StrLen (FormsetStorage->ConfigHdr);
Length += StrLen (Question->VariableName) + 1;
}
- ConfigRequest = AllocateZeroPool ((Length + 1) * sizeof (CHAR16));
+ // Allocate buffer include '\0'
+ MaxLen = Length + 1;
+ ConfigRequest = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigRequest != NULL);
- StrCpy (ConfigRequest, FormsetStorage->ConfigHdr);
+ StrCpyS (ConfigRequest, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) {
- StrCat (ConfigRequest, Question->BlockName);
+ StrCatS (ConfigRequest, MaxLen, Question->BlockName);
} else {
- StrCat (ConfigRequest, L"&");
- StrCat (ConfigRequest, Question->VariableName);
+ StrCatS (ConfigRequest, MaxLen, L"&");
+ StrCatS (ConfigRequest, MaxLen, Question->VariableName);
}
//
@@ -1818,6 +1823,7 @@
CHAR16 *TemString;
UINTN Index;
NAME_VALUE_NODE *Node;
+ UINTN MaxLen;
Status = EFI_SUCCESS;
Node = NULL;
@@ -2002,17 +2008,18 @@
}
FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);
ASSERT (FormsetStorage != NULL);
- ConfigResp = AllocateZeroPool ((StrLen (FormsetStorage->ConfigHdr) +
Length + 1) * sizeof (CHAR16));
+ MaxLen = StrLen (FormsetStorage->ConfigHdr) + Length + 1;
+ ConfigResp = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigResp != NULL);
- StrCpy (ConfigResp, FormsetStorage->ConfigHdr);
+ StrCpyS (ConfigResp, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) {
- StrCat (ConfigResp, Question->BlockName);
- StrCat (ConfigResp, L"&VALUE=");
+ StrCatS (ConfigResp, MaxLen, Question->BlockName);
+ StrCatS (ConfigResp, MaxLen, L"&VALUE=");
} else {
- StrCat (ConfigResp, L"&");
- StrCat (ConfigResp, Question->VariableName);
- StrCat (ConfigResp, L"=");
+ StrCatS (ConfigResp, MaxLen, L"&");
+ StrCatS (ConfigResp, MaxLen, Question->VariableName);
+ StrCatS (ConfigResp, MaxLen, L"=");
}
Value = ConfigResp + StrLen (ConfigResp);
@@ -4887,8 +4894,11 @@
CHAR16 *NewStr;
UINTN StringSize;
UINTN StrLength;
+ UINTN MaxLen;
StrLength = StrLen (RequestElement);
+ StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof
(CHAR16);
+ MaxLen = StringSize / sizeof (CHAR16) + *SpareStrLen;
//
// Append <RequestElement> to <ConfigRequest>
@@ -4897,8 +4907,8 @@
//
// Old String buffer is not sufficient for RequestElement, allocate a new
one
//
- StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof
(CHAR16);
- NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL
* sizeof (CHAR16));
+ MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
+ NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL);
if (*ConfigRequest != NULL) {
@@ -4909,7 +4919,7 @@
*SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
}
- StrCat (*ConfigRequest, RequestElement);
+ StrCatS (*ConfigRequest, MaxLen, RequestElement);
*SpareStrLen -= StrLength;
}
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
