]>
git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Library/BaseLib/SafeString.c
4 Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php.
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/DebugLib.h>
17 #include <Library/PcdLib.h>
18 #include <Library/BaseLib.h>
20 #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))
22 #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))
24 #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
26 ASSERT (Expression); \
27 if (!(Expression)) { \
33 Returns if 2 memory blocks are overlapped.
35 @param Base1 Base address of 1st memory block.
36 @param Size1 Size of 1st memory block.
37 @param Base2 Base address of 2nd memory block.
38 @param Size2 Size of 2nd memory block.
40 @retval TRUE 2 memory blocks are overlapped.
41 @retval FALSE 2 memory blocks are not overlapped.
44 InternalSafeStringIsOverlap (
51 if ((((UINTN
)Base1
>= (UINTN
)Base2
) && ((UINTN
)Base1
< (UINTN
)Base2
+ Size2
)) ||
52 (((UINTN
)Base2
>= (UINTN
)Base1
) && ((UINTN
)Base2
< (UINTN
)Base1
+ Size1
))) {
59 Returns if 2 Unicode strings are not overlapped.
61 @param Str1 Start address of 1st Unicode string.
62 @param Size1 The number of char in 1st Unicode string,
63 including terminating null char.
64 @param Str2 Start address of 2nd Unicode string.
65 @param Size2 The number of char in 2nd Unicode string,
66 including terminating null char.
68 @retval TRUE 2 Unicode strings are NOT overlapped.
69 @retval FALSE 2 Unicode strings are overlapped.
72 InternalSafeStringNoStrOverlap (
79 return !InternalSafeStringIsOverlap (Str1
, Size1
* sizeof(CHAR16
), Str2
, Size2
* sizeof(CHAR16
));
83 Returns if 2 Ascii strings are not overlapped.
85 @param Str1 Start address of 1st Ascii string.
86 @param Size1 The number of char in 1st Ascii string,
87 including terminating null char.
88 @param Str2 Start address of 2nd Ascii string.
89 @param Size2 The number of char in 2nd Ascii string,
90 including terminating null char.
92 @retval TRUE 2 Ascii strings are NOT overlapped.
93 @retval FALSE 2 Ascii strings are overlapped.
96 InternalSafeStringNoAsciiStrOverlap (
103 return !InternalSafeStringIsOverlap (Str1
, Size1
, Str2
, Size2
);
107 Returns the length of a Null-terminated Unicode string.
109 If String is not aligned on a 16-bit boundary, then ASSERT().
111 @param String A pointer to a Null-terminated Unicode string.
112 @param MaxSize The maximum number of Destination Unicode
113 char, including terminating null char.
115 @retval 0 If String is NULL.
116 @retval MaxSize If there is no null character in the first MaxSize characters of String.
117 @return The number of characters that percede the terminating null character.
123 IN CONST CHAR16
*String
,
129 ASSERT (((UINTN
) String
& BIT0
) == 0);
132 // If String is a null pointer, then the StrnLenS function returns zero.
134 if (String
== NULL
) {
139 // Otherwise, the StrnLenS function returns the number of characters that precede the
140 // terminating null character. If there is no null character in the first MaxSize characters of
141 // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
142 // be accessed by StrnLenS.
144 for (Length
= 0; (*String
!= 0) && (Length
< MaxSize
); String
++, Length
++) {
151 Copies the string pointed to by Source (including the terminating null char)
152 to the array pointed to by Destination.
154 If Destination is not aligned on a 16-bit boundary, then ASSERT().
155 If Source is not aligned on a 16-bit boundary, then ASSERT().
157 @param Destination A pointer to a Null-terminated Unicode string.
158 @param DestMax The maximum number of Destination Unicode
159 char, including terminating null char.
160 @param Source A pointer to a Null-terminated Unicode string.
162 @retval RETURN_SUCCESS String is copied.
163 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
164 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
166 If PcdMaximumUnicodeStringLength is not zero,
167 and DestMax is greater than
168 PcdMaximumUnicodeStringLength.
170 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
175 OUT CHAR16
*Destination
,
177 IN CONST CHAR16
*Source
182 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
183 ASSERT (((UINTN
) Source
& BIT0
) == 0);
186 // 1. Neither Destination nor Source shall be a null pointer.
188 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
189 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
192 // 2. DestMax shall not be greater than RSIZE_MAX.
194 if (RSIZE_MAX
!= 0) {
195 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
199 // 3. DestMax shall not equal zero.
201 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
204 // 4. DestMax shall be greater than StrnLenS(Source, DestMax).
206 SourceLen
= StrnLenS (Source
, DestMax
);
207 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
210 // 5. Copying shall not take place between objects that overlap.
212 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
215 // The StrCpyS function copies the string pointed to by Source (including the terminating
216 // null character) into the array pointed to by Destination.
218 while (*Source
!= 0) {
219 *(Destination
++) = *(Source
++);
223 return RETURN_SUCCESS
;
227 Copies not more than Length successive char from the string pointed to by
228 Source to the array pointed to by Destination. If no null char is copied from
229 Source, then Destination[Length] is always set to null.
231 If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
232 If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
234 @param Destination A pointer to a Null-terminated Unicode string.
235 @param DestMax The maximum number of Destination Unicode
236 char, including terminating null char.
237 @param Source A pointer to a Null-terminated Unicode string.
238 @param Length The maximum number of Unicode characters to copy.
240 @retval RETURN_SUCCESS String is copied.
241 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
242 MIN(StrLen(Source), Length).
243 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
245 If PcdMaximumUnicodeStringLength is not zero,
246 and DestMax is greater than
247 PcdMaximumUnicodeStringLength.
249 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
254 OUT CHAR16
*Destination
,
256 IN CONST CHAR16
*Source
,
262 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
263 ASSERT (((UINTN
) Source
& BIT0
) == 0);
266 // 1. Neither Destination nor Source shall be a null pointer.
268 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
269 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
272 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX
274 if (RSIZE_MAX
!= 0) {
275 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
276 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
280 // 3. DestMax shall not equal zero.
282 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
285 // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).
287 SourceLen
= StrnLenS (Source
, DestMax
);
288 if (Length
>= DestMax
) {
289 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
293 // 5. Copying shall not take place between objects that overlap.
295 if (SourceLen
> Length
) {
298 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
301 // The StrnCpyS function copies not more than Length successive characters (characters that
302 // follow a null character are not copied) from the array pointed to by Source to the array
303 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
306 while ((*Source
!= 0) && (SourceLen
> 0)) {
307 *(Destination
++) = *(Source
++);
312 return RETURN_SUCCESS
;
316 Appends a copy of the string pointed to by Source (including the terminating
317 null char) to the end of the string pointed to by Destination.
319 If Destination is not aligned on a 16-bit boundary, then ASSERT().
320 If Source is not aligned on a 16-bit boundary, then ASSERT().
322 @param Destination A pointer to a Null-terminated Unicode string.
323 @param DestMax The maximum number of Destination Unicode
324 char, including terminating null char.
325 @param Source A pointer to a Null-terminated Unicode string.
327 @retval RETURN_SUCCESS String is appended.
328 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
330 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
331 greater than StrLen(Source).
332 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
334 If PcdMaximumUnicodeStringLength is not zero,
335 and DestMax is greater than
336 PcdMaximumUnicodeStringLength.
338 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
343 IN OUT CHAR16
*Destination
,
345 IN CONST CHAR16
*Source
352 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
353 ASSERT (((UINTN
) Source
& BIT0
) == 0);
356 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.
358 DestLen
= StrnLenS (Destination
, DestMax
);
359 CopyLen
= DestMax
- DestLen
;
362 // 1. Neither Destination nor Source shall be a null pointer.
364 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
365 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
368 // 2. DestMax shall not be greater than RSIZE_MAX.
370 if (RSIZE_MAX
!= 0) {
371 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
375 // 3. DestMax shall not equal zero.
377 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
380 // 4. CopyLen shall not equal zero.
382 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
385 // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).
387 SourceLen
= StrnLenS (Source
, CopyLen
);
388 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
391 // 6. Copying shall not take place between objects that overlap.
393 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
396 // The StrCatS function appends a copy of the string pointed to by Source (including the
397 // terminating null character) to the end of the string pointed to by Destination. The initial character
398 // from Source overwrites the null character at the end of Destination.
400 Destination
= Destination
+ DestLen
;
401 while (*Source
!= 0) {
402 *(Destination
++) = *(Source
++);
406 return RETURN_SUCCESS
;
410 Appends not more than Length successive char from the string pointed to by
411 Source to the end of the string pointed to by Destination. If no null char is
412 copied from Source, then Destination[StrLen(Destination) + Length] is always
415 If Destination is not aligned on a 16-bit boundary, then ASSERT().
416 If and Source is not aligned on a 16-bit boundary, then ASSERT().
418 @param Destination A pointer to a Null-terminated Unicode string.
419 @param DestMax The maximum number of Destination Unicode
420 char, including terminating null char.
421 @param Source A pointer to a Null-terminated Unicode string.
422 @param Length The maximum number of Unicode characters to copy.
424 @retval RETURN_SUCCESS String is appended.
425 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
427 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
428 greater than MIN(StrLen(Source), Length).
429 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
431 If PcdMaximumUnicodeStringLength is not zero,
432 and DestMax is greater than
433 PcdMaximumUnicodeStringLength.
435 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
440 IN OUT CHAR16
*Destination
,
442 IN CONST CHAR16
*Source
,
450 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
451 ASSERT (((UINTN
) Source
& BIT0
) == 0);
454 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.
456 DestLen
= StrnLenS (Destination
, DestMax
);
457 CopyLen
= DestMax
- DestLen
;
460 // 1. Neither Destination nor Source shall be a null pointer.
462 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
463 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
466 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.
468 if (RSIZE_MAX
!= 0) {
469 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
470 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
474 // 3. DestMax shall not equal zero.
476 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
479 // 4. CopyLen shall not equal zero.
481 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
484 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).
486 SourceLen
= StrnLenS (Source
, CopyLen
);
487 if (Length
>= CopyLen
) {
488 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
492 // 6. Copying shall not take place between objects that overlap.
494 if (SourceLen
> Length
) {
497 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
500 // The StrnCatS function appends not more than Length successive characters (characters
501 // that follow a null character are not copied) from the array pointed to by Source to the end of
502 // the string pointed to by Destination. The initial character from Source overwrites the null character at
503 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
506 Destination
= Destination
+ DestLen
;
507 while ((*Source
!= 0) && (SourceLen
> 0)) {
508 *(Destination
++) = *(Source
++);
513 return RETURN_SUCCESS
;
517 Returns the length of a Null-terminated Ascii string.
519 @param String A pointer to a Null-terminated Ascii string.
520 @param MaxSize The maximum number of Destination Ascii
521 char, including terminating null char.
523 @retval 0 If String is NULL.
524 @retval MaxSize If there is no null character in the first MaxSize characters of String.
525 @return The number of characters that percede the terminating null character.
531 IN CONST CHAR8
*String
,
538 // If String is a null pointer, then the AsciiStrnLenS function returns zero.
540 if (String
== NULL
) {
545 // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the
546 // terminating null character. If there is no null character in the first MaxSize characters of
547 // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
548 // be accessed by AsciiStrnLenS.
550 for (Length
= 0; (*String
!= 0) && (Length
< MaxSize
); String
++, Length
++) {
557 Copies the string pointed to by Source (including the terminating null char)
558 to the array pointed to by Destination.
560 @param Destination A pointer to a Null-terminated Ascii string.
561 @param DestMax The maximum number of Destination Ascii
562 char, including terminating null char.
563 @param Source A pointer to a Null-terminated Ascii string.
565 @retval RETURN_SUCCESS String is copied.
566 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
567 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
569 If PcdMaximumAsciiStringLength is not zero,
570 and DestMax is greater than
571 PcdMaximumAsciiStringLength.
573 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
578 OUT CHAR8
*Destination
,
580 IN CONST CHAR8
*Source
586 // 1. Neither Destination nor Source shall be a null pointer.
588 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
589 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
592 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
594 if (ASCII_RSIZE_MAX
!= 0) {
595 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
599 // 3. DestMax shall not equal zero.
601 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
604 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
606 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
607 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
610 // 5. Copying shall not take place between objects that overlap.
612 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
615 // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating
616 // null character) into the array pointed to by Destination.
618 while (*Source
!= 0) {
619 *(Destination
++) = *(Source
++);
623 return RETURN_SUCCESS
;
627 Copies not more than Length successive char from the string pointed to by
628 Source to the array pointed to by Destination. If no null char is copied from
629 Source, then Destination[Length] is always set to null.
631 @param Destination A pointer to a Null-terminated Ascii string.
632 @param DestMax The maximum number of Destination Ascii
633 char, including terminating null char.
634 @param Source A pointer to a Null-terminated Ascii string.
635 @param Length The maximum number of Ascii characters to copy.
637 @retval RETURN_SUCCESS String is copied.
638 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
639 MIN(StrLen(Source), Length).
640 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
642 If PcdMaximumAsciiStringLength is not zero,
643 and DestMax is greater than
644 PcdMaximumAsciiStringLength.
646 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
651 OUT CHAR8
*Destination
,
653 IN CONST CHAR8
*Source
,
660 // 1. Neither Destination nor Source shall be a null pointer.
662 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
663 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
666 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX
668 if (ASCII_RSIZE_MAX
!= 0) {
669 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
670 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
674 // 3. DestMax shall not equal zero.
676 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
679 // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
681 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
682 if (Length
>= DestMax
) {
683 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
687 // 5. Copying shall not take place between objects that overlap.
689 if (SourceLen
> Length
) {
692 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
695 // The AsciiStrnCpyS function copies not more than Length successive characters (characters that
696 // follow a null character are not copied) from the array pointed to by Source to the array
697 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
700 while ((*Source
!= 0) && (SourceLen
> 0)) {
701 *(Destination
++) = *(Source
++);
706 return RETURN_SUCCESS
;
710 Appends a copy of the string pointed to by Source (including the terminating
711 null char) to the end of the string pointed to by Destination.
713 @param Destination A pointer to a Null-terminated Ascii string.
714 @param DestMax The maximum number of Destination Ascii
715 char, including terminating null char.
716 @param Source A pointer to a Null-terminated Ascii string.
718 @retval RETURN_SUCCESS String is appended.
719 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
721 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
722 greater than StrLen(Source).
723 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
725 If PcdMaximumAsciiStringLength is not zero,
726 and DestMax is greater than
727 PcdMaximumAsciiStringLength.
729 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
734 IN OUT CHAR8
*Destination
,
736 IN CONST CHAR8
*Source
744 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
746 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
747 CopyLen
= DestMax
- DestLen
;
750 // 1. Neither Destination nor Source shall be a null pointer.
752 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
753 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
756 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
758 if (ASCII_RSIZE_MAX
!= 0) {
759 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
763 // 3. DestMax shall not equal zero.
765 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
768 // 4. CopyLen shall not equal zero.
770 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
773 // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
775 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
776 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
779 // 6. Copying shall not take place between objects that overlap.
781 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
784 // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the
785 // terminating null character) to the end of the string pointed to by Destination. The initial character
786 // from Source overwrites the null character at the end of Destination.
788 Destination
= Destination
+ DestLen
;
789 while (*Source
!= 0) {
790 *(Destination
++) = *(Source
++);
794 return RETURN_SUCCESS
;
798 Appends not more than Length successive char from the string pointed to by
799 Source to the end of the string pointed to by Destination. If no null char is
800 copied from Source, then Destination[StrLen(Destination) + Length] is always
803 @param Destination A pointer to a Null-terminated Ascii string.
804 @param DestMax The maximum number of Destination Ascii
805 char, including terminating null char.
806 @param Source A pointer to a Null-terminated Ascii string.
807 @param Length The maximum number of Ascii characters to copy.
809 @retval RETURN_SUCCESS String is appended.
810 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
812 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
813 greater than MIN(StrLen(Source), Length).
814 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
816 If PcdMaximumAsciiStringLength is not zero,
817 and DestMax is greater than
818 PcdMaximumAsciiStringLength.
820 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
825 IN OUT CHAR8
*Destination
,
827 IN CONST CHAR8
*Source
,
836 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
838 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
839 CopyLen
= DestMax
- DestLen
;
842 // 1. Neither Destination nor Source shall be a null pointer.
844 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
845 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
848 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.
850 if (ASCII_RSIZE_MAX
!= 0) {
851 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
852 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
856 // 3. DestMax shall not equal zero.
858 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
861 // 4. CopyLen shall not equal zero.
863 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
866 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
868 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
869 if (Length
>= CopyLen
) {
870 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
874 // 6. Copying shall not take place between objects that overlap.
876 if (SourceLen
> Length
) {
879 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
882 // The AsciiStrnCatS function appends not more than Length successive characters (characters
883 // that follow a null character are not copied) from the array pointed to by Source to the end of
884 // the string pointed to by Destination. The initial character from Source overwrites the null character at
885 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
888 Destination
= Destination
+ DestLen
;
889 while ((*Source
!= 0) && (SourceLen
> 0)) {
890 *(Destination
++) = *(Source
++);
895 return RETURN_SUCCESS
;