The StrnLenS and AsciiStrnLenS functions, when presented with a string with no terminating NULL in the first MaxSize characters will check the character at String[MaxSize] before checking if Length < MaxSize. (They return the correct value, but have accessed beyond the stated limit in the process.)
Flip the order of the tests to prevent this behaviour. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leif Lindholm <leif.lindh...@linaro.org> --- MdePkg/Library/BaseLib/SafeString.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c index 7c1b075..b0e1ce7 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -141,7 +141,7 @@ StrnLenS ( // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall // be accessed by StrnLenS. // - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) { ; } return Length; @@ -551,7 +551,7 @@ AsciiStrnLenS ( // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall // be accessed by AsciiStrnLenS. // - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) { ; } return Length; -- 2.1.4 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel