The StrnLenS and AsciiStrnLenS functions, when presented with a string
with no terminating NULL in the first MaxSize characters will check
the character at String[MaxSize] before checking if Length < MaxSize.
(They return the correct value, but have accessed beyond the stated
limit in the process.)

Flip the order of the tests to prevent this behaviour.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindh...@linaro.org>
---
 MdePkg/Library/BaseLib/SafeString.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Library/BaseLib/SafeString.c 
b/MdePkg/Library/BaseLib/SafeString.c
index 7c1b075..b0e1ce7 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -141,7 +141,7 @@ StrnLenS (
   // String then StrnLenS returns MaxSize. At most the first MaxSize 
characters of String shall
   // be accessed by StrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;
@@ -551,7 +551,7 @@ AsciiStrnLenS (
   // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize 
characters of String shall
   // be accessed by AsciiStrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;
-- 
2.1.4


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to