]>
git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Library/BaseLib/SafeString.c
4 Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php.
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/DebugLib.h>
17 #include <Library/PcdLib.h>
18 #include <Library/BaseLib.h>
20 #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))
22 #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))
24 #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
26 ASSERT (Expression); \
27 if (!(Expression)) { \
33 Returns if 2 memory blocks are overlapped.
35 @param Base1 Base address of 1st memory block.
36 @param Size1 Size of 1st memory block.
37 @param Base2 Base address of 2nd memory block.
38 @param Size2 Size of 2nd memory block.
40 @retval TRUE 2 memory blocks are overlapped.
41 @retval FALSE 2 memory blocks are not overlapped.
44 InternalSafeStringIsOverlap (
51 if ((((UINTN
)Base1
>= (UINTN
)Base2
) && ((UINTN
)Base1
< (UINTN
)Base2
+ Size2
)) ||
52 (((UINTN
)Base2
>= (UINTN
)Base1
) && ((UINTN
)Base2
< (UINTN
)Base1
+ Size1
))) {
59 Returns if 2 Unicode strings are not overlapped.
61 @param Str1 Start address of 1st Unicode string.
62 @param Size1 The number of char in 1st Unicode string,
63 including terminating null char.
64 @param Str2 Start address of 2nd Unicode string.
65 @param Size2 The number of char in 2nd Unicode string,
66 including terminating null char.
68 @retval TRUE 2 Unicode strings are NOT overlapped.
69 @retval FALSE 2 Unicode strings are overlapped.
72 InternalSafeStringNoStrOverlap (
79 return !InternalSafeStringIsOverlap (Str1
, Size1
* sizeof(CHAR16
), Str2
, Size2
* sizeof(CHAR16
));
83 Returns if 2 Ascii strings are not overlapped.
85 @param Str1 Start address of 1st Ascii string.
86 @param Size1 The number of char in 1st Ascii string,
87 including terminating null char.
88 @param Str2 Start address of 2nd Ascii string.
89 @param Size2 The number of char in 2nd Ascii string,
90 including terminating null char.
92 @retval TRUE 2 Ascii strings are NOT overlapped.
93 @retval FALSE 2 Ascii strings are overlapped.
96 InternalSafeStringNoAsciiStrOverlap (
103 return !InternalSafeStringIsOverlap (Str1
, Size1
, Str2
, Size2
);
107 Returns the length of a Null-terminated Unicode string.
109 This function is similar as strlen_s defined in C11.
111 If String is not aligned on a 16-bit boundary, then ASSERT().
113 @param String A pointer to a Null-terminated Unicode string.
114 @param MaxSize The maximum number of Destination Unicode
115 char, including terminating null char.
117 @retval 0 If String is NULL.
118 @retval MaxSize If there is no null character in the first MaxSize characters of String.
119 @return The number of characters that percede the terminating null character.
125 IN CONST CHAR16
*String
,
131 ASSERT (((UINTN
) String
& BIT0
) == 0);
134 // If String is a null pointer, then the StrnLenS function returns zero.
136 if (String
== NULL
) {
141 // Otherwise, the StrnLenS function returns the number of characters that precede the
142 // terminating null character. If there is no null character in the first MaxSize characters of
143 // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
144 // be accessed by StrnLenS.
146 for (Length
= 0; (Length
< MaxSize
) && (*String
!= 0); String
++, Length
++) {
153 Copies the string pointed to by Source (including the terminating null char)
154 to the array pointed to by Destination.
156 This function is similar as strcpy_s defined in C11.
158 If Destination is not aligned on a 16-bit boundary, then ASSERT().
159 If Source is not aligned on a 16-bit boundary, then ASSERT().
160 If an error would be returned, then the function will also ASSERT().
162 If an error is returned, then the Destination is unmodified.
164 @param Destination A pointer to a Null-terminated Unicode string.
165 @param DestMax The maximum number of Destination Unicode
166 char, including terminating null char.
167 @param Source A pointer to a Null-terminated Unicode string.
169 @retval RETURN_SUCCESS String is copied.
170 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
171 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
173 If PcdMaximumUnicodeStringLength is not zero,
174 and DestMax is greater than
175 PcdMaximumUnicodeStringLength.
177 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
182 OUT CHAR16
*Destination
,
184 IN CONST CHAR16
*Source
189 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
190 ASSERT (((UINTN
) Source
& BIT0
) == 0);
193 // 1. Neither Destination nor Source shall be a null pointer.
195 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
196 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
199 // 2. DestMax shall not be greater than RSIZE_MAX.
201 if (RSIZE_MAX
!= 0) {
202 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
206 // 3. DestMax shall not equal zero.
208 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
211 // 4. DestMax shall be greater than StrnLenS(Source, DestMax).
213 SourceLen
= StrnLenS (Source
, DestMax
);
214 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
217 // 5. Copying shall not take place between objects that overlap.
219 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
222 // The StrCpyS function copies the string pointed to by Source (including the terminating
223 // null character) into the array pointed to by Destination.
225 while (*Source
!= 0) {
226 *(Destination
++) = *(Source
++);
230 return RETURN_SUCCESS
;
234 Copies not more than Length successive char from the string pointed to by
235 Source to the array pointed to by Destination. If no null char is copied from
236 Source, then Destination[Length] is always set to null.
238 This function is similar as strncpy_s defined in C11.
240 If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
241 If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
242 If an error would be returned, then the function will also ASSERT().
244 If an error is returned, then the Destination is unmodified.
246 @param Destination A pointer to a Null-terminated Unicode string.
247 @param DestMax The maximum number of Destination Unicode
248 char, including terminating null char.
249 @param Source A pointer to a Null-terminated Unicode string.
250 @param Length The maximum number of Unicode characters to copy.
252 @retval RETURN_SUCCESS String is copied.
253 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
254 MIN(StrLen(Source), Length).
255 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
257 If PcdMaximumUnicodeStringLength is not zero,
258 and DestMax is greater than
259 PcdMaximumUnicodeStringLength.
261 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
266 OUT CHAR16
*Destination
,
268 IN CONST CHAR16
*Source
,
274 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
275 ASSERT (((UINTN
) Source
& BIT0
) == 0);
278 // 1. Neither Destination nor Source shall be a null pointer.
280 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
281 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
284 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX
286 if (RSIZE_MAX
!= 0) {
287 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
288 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
292 // 3. DestMax shall not equal zero.
294 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
297 // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).
299 SourceLen
= StrnLenS (Source
, DestMax
);
300 if (Length
>= DestMax
) {
301 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
305 // 5. Copying shall not take place between objects that overlap.
307 if (SourceLen
> Length
) {
310 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
313 // The StrnCpyS function copies not more than Length successive characters (characters that
314 // follow a null character are not copied) from the array pointed to by Source to the array
315 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
318 while ((*Source
!= 0) && (SourceLen
> 0)) {
319 *(Destination
++) = *(Source
++);
324 return RETURN_SUCCESS
;
328 Appends a copy of the string pointed to by Source (including the terminating
329 null char) to the end of the string pointed to by Destination.
331 This function is similar as strcat_s defined in C11.
333 If Destination is not aligned on a 16-bit boundary, then ASSERT().
334 If Source is not aligned on a 16-bit boundary, then ASSERT().
335 If an error would be returned, then the function will also ASSERT().
337 If an error is returned, then the Destination is unmodified.
339 @param Destination A pointer to a Null-terminated Unicode string.
340 @param DestMax The maximum number of Destination Unicode
341 char, including terminating null char.
342 @param Source A pointer to a Null-terminated Unicode string.
344 @retval RETURN_SUCCESS String is appended.
345 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
347 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
348 greater than StrLen(Source).
349 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
351 If PcdMaximumUnicodeStringLength is not zero,
352 and DestMax is greater than
353 PcdMaximumUnicodeStringLength.
355 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
360 IN OUT CHAR16
*Destination
,
362 IN CONST CHAR16
*Source
369 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
370 ASSERT (((UINTN
) Source
& BIT0
) == 0);
373 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.
375 DestLen
= StrnLenS (Destination
, DestMax
);
376 CopyLen
= DestMax
- DestLen
;
379 // 1. Neither Destination nor Source shall be a null pointer.
381 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
382 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
385 // 2. DestMax shall not be greater than RSIZE_MAX.
387 if (RSIZE_MAX
!= 0) {
388 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
392 // 3. DestMax shall not equal zero.
394 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
397 // 4. CopyLen shall not equal zero.
399 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
402 // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).
404 SourceLen
= StrnLenS (Source
, CopyLen
);
405 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
408 // 6. Copying shall not take place between objects that overlap.
410 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
413 // The StrCatS function appends a copy of the string pointed to by Source (including the
414 // terminating null character) to the end of the string pointed to by Destination. The initial character
415 // from Source overwrites the null character at the end of Destination.
417 Destination
= Destination
+ DestLen
;
418 while (*Source
!= 0) {
419 *(Destination
++) = *(Source
++);
423 return RETURN_SUCCESS
;
427 Appends not more than Length successive char from the string pointed to by
428 Source to the end of the string pointed to by Destination. If no null char is
429 copied from Source, then Destination[StrLen(Destination) + Length] is always
432 This function is similar as strncat_s defined in C11.
434 If Destination is not aligned on a 16-bit boundary, then ASSERT().
435 If Source is not aligned on a 16-bit boundary, then ASSERT().
436 If an error would be returned, then the function will also ASSERT().
438 If an error is returned, then the Destination is unmodified.
440 @param Destination A pointer to a Null-terminated Unicode string.
441 @param DestMax The maximum number of Destination Unicode
442 char, including terminating null char.
443 @param Source A pointer to a Null-terminated Unicode string.
444 @param Length The maximum number of Unicode characters to copy.
446 @retval RETURN_SUCCESS String is appended.
447 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
449 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
450 greater than MIN(StrLen(Source), Length).
451 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
453 If PcdMaximumUnicodeStringLength is not zero,
454 and DestMax is greater than
455 PcdMaximumUnicodeStringLength.
457 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
462 IN OUT CHAR16
*Destination
,
464 IN CONST CHAR16
*Source
,
472 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
473 ASSERT (((UINTN
) Source
& BIT0
) == 0);
476 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.
478 DestLen
= StrnLenS (Destination
, DestMax
);
479 CopyLen
= DestMax
- DestLen
;
482 // 1. Neither Destination nor Source shall be a null pointer.
484 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
485 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
488 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.
490 if (RSIZE_MAX
!= 0) {
491 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
492 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
496 // 3. DestMax shall not equal zero.
498 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
501 // 4. CopyLen shall not equal zero.
503 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
506 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).
508 SourceLen
= StrnLenS (Source
, CopyLen
);
509 if (Length
>= CopyLen
) {
510 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
514 // 6. Copying shall not take place between objects that overlap.
516 if (SourceLen
> Length
) {
519 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
522 // The StrnCatS function appends not more than Length successive characters (characters
523 // that follow a null character are not copied) from the array pointed to by Source to the end of
524 // the string pointed to by Destination. The initial character from Source overwrites the null character at
525 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
528 Destination
= Destination
+ DestLen
;
529 while ((*Source
!= 0) && (SourceLen
> 0)) {
530 *(Destination
++) = *(Source
++);
535 return RETURN_SUCCESS
;
539 Returns the length of a Null-terminated Ascii string.
541 This function is similar as strlen_s defined in C11.
543 @param String A pointer to a Null-terminated Ascii string.
544 @param MaxSize The maximum number of Destination Ascii
545 char, including terminating null char.
547 @retval 0 If String is NULL.
548 @retval MaxSize If there is no null character in the first MaxSize characters of String.
549 @return The number of characters that percede the terminating null character.
555 IN CONST CHAR8
*String
,
562 // If String is a null pointer, then the AsciiStrnLenS function returns zero.
564 if (String
== NULL
) {
569 // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the
570 // terminating null character. If there is no null character in the first MaxSize characters of
571 // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
572 // be accessed by AsciiStrnLenS.
574 for (Length
= 0; (Length
< MaxSize
) && (*String
!= 0); String
++, Length
++) {
581 Copies the string pointed to by Source (including the terminating null char)
582 to the array pointed to by Destination.
584 This function is similar as strcpy_s defined in C11.
586 If an error would be returned, then the function will also ASSERT().
588 If an error is returned, then the Destination is unmodified.
590 @param Destination A pointer to a Null-terminated Ascii string.
591 @param DestMax The maximum number of Destination Ascii
592 char, including terminating null char.
593 @param Source A pointer to a Null-terminated Ascii string.
595 @retval RETURN_SUCCESS String is copied.
596 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
597 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
599 If PcdMaximumAsciiStringLength is not zero,
600 and DestMax is greater than
601 PcdMaximumAsciiStringLength.
603 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
608 OUT CHAR8
*Destination
,
610 IN CONST CHAR8
*Source
616 // 1. Neither Destination nor Source shall be a null pointer.
618 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
619 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
622 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
624 if (ASCII_RSIZE_MAX
!= 0) {
625 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
629 // 3. DestMax shall not equal zero.
631 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
634 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
636 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
637 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
640 // 5. Copying shall not take place between objects that overlap.
642 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
645 // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating
646 // null character) into the array pointed to by Destination.
648 while (*Source
!= 0) {
649 *(Destination
++) = *(Source
++);
653 return RETURN_SUCCESS
;
657 Copies not more than Length successive char from the string pointed to by
658 Source to the array pointed to by Destination. If no null char is copied from
659 Source, then Destination[Length] is always set to null.
661 This function is similar as strncpy_s defined in C11.
663 If an error would be returned, then the function will also ASSERT().
665 If an error is returned, then the Destination is unmodified.
667 @param Destination A pointer to a Null-terminated Ascii string.
668 @param DestMax The maximum number of Destination Ascii
669 char, including terminating null char.
670 @param Source A pointer to a Null-terminated Ascii string.
671 @param Length The maximum number of Ascii characters to copy.
673 @retval RETURN_SUCCESS String is copied.
674 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
675 MIN(StrLen(Source), Length).
676 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
678 If PcdMaximumAsciiStringLength is not zero,
679 and DestMax is greater than
680 PcdMaximumAsciiStringLength.
682 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
687 OUT CHAR8
*Destination
,
689 IN CONST CHAR8
*Source
,
696 // 1. Neither Destination nor Source shall be a null pointer.
698 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
699 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
702 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX
704 if (ASCII_RSIZE_MAX
!= 0) {
705 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
706 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
710 // 3. DestMax shall not equal zero.
712 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
715 // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
717 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
718 if (Length
>= DestMax
) {
719 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
723 // 5. Copying shall not take place between objects that overlap.
725 if (SourceLen
> Length
) {
728 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
731 // The AsciiStrnCpyS function copies not more than Length successive characters (characters that
732 // follow a null character are not copied) from the array pointed to by Source to the array
733 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
736 while ((*Source
!= 0) && (SourceLen
> 0)) {
737 *(Destination
++) = *(Source
++);
742 return RETURN_SUCCESS
;
746 Appends a copy of the string pointed to by Source (including the terminating
747 null char) to the end of the string pointed to by Destination.
749 This function is similar as strcat_s defined in C11.
751 If an error would be returned, then the function will also ASSERT().
753 If an error is returned, then the Destination is unmodified.
755 @param Destination A pointer to a Null-terminated Ascii string.
756 @param DestMax The maximum number of Destination Ascii
757 char, including terminating null char.
758 @param Source A pointer to a Null-terminated Ascii string.
760 @retval RETURN_SUCCESS String is appended.
761 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
763 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
764 greater than StrLen(Source).
765 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
767 If PcdMaximumAsciiStringLength is not zero,
768 and DestMax is greater than
769 PcdMaximumAsciiStringLength.
771 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
776 IN OUT CHAR8
*Destination
,
778 IN CONST CHAR8
*Source
786 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
788 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
789 CopyLen
= DestMax
- DestLen
;
792 // 1. Neither Destination nor Source shall be a null pointer.
794 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
795 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
798 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
800 if (ASCII_RSIZE_MAX
!= 0) {
801 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
805 // 3. DestMax shall not equal zero.
807 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
810 // 4. CopyLen shall not equal zero.
812 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
815 // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
817 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
818 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
821 // 6. Copying shall not take place between objects that overlap.
823 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
826 // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the
827 // terminating null character) to the end of the string pointed to by Destination. The initial character
828 // from Source overwrites the null character at the end of Destination.
830 Destination
= Destination
+ DestLen
;
831 while (*Source
!= 0) {
832 *(Destination
++) = *(Source
++);
836 return RETURN_SUCCESS
;
840 Appends not more than Length successive char from the string pointed to by
841 Source to the end of the string pointed to by Destination. If no null char is
842 copied from Source, then Destination[StrLen(Destination) + Length] is always
845 This function is similar as strncat_s defined in C11.
847 If an error would be returned, then the function will also ASSERT().
849 If an error is returned, then the Destination is unmodified.
851 @param Destination A pointer to a Null-terminated Ascii string.
852 @param DestMax The maximum number of Destination Ascii
853 char, including terminating null char.
854 @param Source A pointer to a Null-terminated Ascii string.
855 @param Length The maximum number of Ascii characters to copy.
857 @retval RETURN_SUCCESS String is appended.
858 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
860 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
861 greater than MIN(StrLen(Source), Length).
862 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
864 If PcdMaximumAsciiStringLength is not zero,
865 and DestMax is greater than
866 PcdMaximumAsciiStringLength.
868 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
873 IN OUT CHAR8
*Destination
,
875 IN CONST CHAR8
*Source
,
884 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
886 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
887 CopyLen
= DestMax
- DestLen
;
890 // 1. Neither Destination nor Source shall be a null pointer.
892 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
893 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
896 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.
898 if (ASCII_RSIZE_MAX
!= 0) {
899 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
900 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
904 // 3. DestMax shall not equal zero.
906 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
909 // 4. CopyLen shall not equal zero.
911 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
914 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
916 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
917 if (Length
>= CopyLen
) {
918 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
922 // 6. Copying shall not take place between objects that overlap.
924 if (SourceLen
> Length
) {
927 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
930 // The AsciiStrnCatS function appends not more than Length successive characters (characters
931 // that follow a null character are not copied) from the array pointed to by Source to the end of
932 // the string pointed to by Destination. The initial character from Source overwrites the null character at
933 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
936 Destination
= Destination
+ DestLen
;
937 while ((*Source
!= 0) && (SourceLen
> 0)) {
938 *(Destination
++) = *(Source
++);
943 return RETURN_SUCCESS
;
947 Convert a Null-terminated Unicode string to a Null-terminated
950 This function is similar to AsciiStrCpyS.
952 This function converts the content of the Unicode string Source
953 to the ASCII string Destination by copying the lower 8 bits of
954 each Unicode character. The function terminates the ASCII string
955 Destination by appending a Null-terminator character at the end.
957 The caller is responsible to make sure Destination points to a buffer with size
958 equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
960 If any Unicode characters in Source contain non-zero value in
961 the upper 8 bits, then ASSERT().
963 If Source is not aligned on a 16-bit boundary, then ASSERT().
964 If an error would be returned, then the function will also ASSERT().
966 If an error is returned, then the Destination is unmodified.
968 @param Source The pointer to a Null-terminated Unicode string.
969 @param Destination The pointer to a Null-terminated ASCII string.
970 @param DestMax The maximum number of Destination Ascii
971 char, including terminating null char.
973 @retval RETURN_SUCCESS String is converted.
974 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
975 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
977 If PcdMaximumAsciiStringLength is not zero,
978 and DestMax is greater than
979 PcdMaximumAsciiStringLength.
980 If PcdMaximumUnicodeStringLength is not zero,
981 and DestMax is greater than
982 PcdMaximumUnicodeStringLength.
984 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
989 UnicodeStrToAsciiStrS (
990 IN CONST CHAR16
*Source
,
991 OUT CHAR8
*Destination
,
997 ASSERT (((UINTN
) Source
& BIT0
) == 0);
1000 // 1. Neither Destination nor Source shall be a null pointer.
1002 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1003 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1006 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.
1008 if (ASCII_RSIZE_MAX
!= 0) {
1009 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1011 if (RSIZE_MAX
!= 0) {
1012 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1016 // 3. DestMax shall not equal zero.
1018 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1021 // 4. DestMax shall be greater than StrnLenS (Source, DestMax).
1023 SourceLen
= StrnLenS (Source
, DestMax
);
1024 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1027 // 5. Copying shall not take place between objects that overlap.
1029 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
, (VOID
*)Source
, (SourceLen
+ 1) * sizeof(CHAR16
)), RETURN_ACCESS_DENIED
);
1034 while (*Source
!= '\0') {
1036 // If any Unicode characters in Source contain
1037 // non-zero value in the upper 8 bits, then ASSERT().
1039 ASSERT (*Source
< 0x100);
1040 *(Destination
++) = (CHAR8
) *(Source
++);
1042 *Destination
= '\0';
1044 return RETURN_SUCCESS
;
1049 Convert one Null-terminated ASCII string to a Null-terminated
1052 This function is similar to StrCpyS.
1054 This function converts the contents of the ASCII string Source to the Unicode
1055 string Destination. The function terminates the Unicode string Destination by
1056 appending a Null-terminator character at the end.
1058 The caller is responsible to make sure Destination points to a buffer with size
1059 equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
1061 If Destination is not aligned on a 16-bit boundary, then ASSERT().
1062 If an error would be returned, then the function will also ASSERT().
1064 If an error is returned, then the Destination is unmodified.
1066 @param Source The pointer to a Null-terminated ASCII string.
1067 @param Destination The pointer to a Null-terminated Unicode string.
1068 @param DestMax The maximum number of Destination Unicode
1069 char, including terminating null char.
1071 @retval RETURN_SUCCESS String is converted.
1072 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
1073 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
1075 If PcdMaximumUnicodeStringLength is not zero,
1076 and DestMax is greater than
1077 PcdMaximumUnicodeStringLength.
1078 If PcdMaximumAsciiStringLength is not zero,
1079 and DestMax is greater than
1080 PcdMaximumAsciiStringLength.
1082 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
1087 AsciiStrToUnicodeStrS (
1088 IN CONST CHAR8
*Source
,
1089 OUT CHAR16
*Destination
,
1095 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
1098 // 1. Neither Destination nor Source shall be a null pointer.
1100 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1101 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1104 // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.
1106 if (RSIZE_MAX
!= 0) {
1107 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1109 if (ASCII_RSIZE_MAX
!= 0) {
1110 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1114 // 3. DestMax shall not equal zero.
1116 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1119 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
1121 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
1122 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1125 // 5. Copying shall not take place between objects that overlap.
1127 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
* sizeof(CHAR16
), (VOID
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
1132 while (*Source
!= '\0') {
1133 *(Destination
++) = (CHAR16
)*(Source
++);
1135 *Destination
= '\0';
1137 return RETURN_SUCCESS
;