MdeModulePkg:Use safe string functions

[mirror_edk2.git] / MdeModulePkg / Universal / SetupBrowserDxe / IfrParse.c

diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
index 7b77634973ec8b1a47006c7d226ac60ed3a41423..953e3a50717be2c936e8eaded027ec00670d2ac5 100644 (file)
--- a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
@@ -688,6 +688,7 @@ InitializeRequestElement (
   LIST_ENTRY       *Link;\r
   BOOLEAN          Find;\r
   FORM_BROWSER_CONFIG_REQUEST  *ConfigInfo;\r
+  UINTN            MaxLen;\r
 \r
   Storage = Question->Storage;\r
   if (Storage == NULL) {\r
@@ -732,6 +733,8 @@ InitializeRequestElement (
   //\r
   FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);\r
   ASSERT (FormsetStorage != NULL);\r
+  StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize (FormsetStorage->ConfigRequest) : sizeof (CHAR16);\r
+  MaxLen = StringSize / sizeof (CHAR16) + FormsetStorage->SpareStrLen;\r
 \r
   //\r
   // Append <RequestElement> to <ConfigRequest>\r
@@ -740,8 +743,8 @@ InitializeRequestElement (
     //\r
     // Old String buffer is not sufficient for RequestElement, allocate a new one\r
     //\r
-    StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize (FormsetStorage->ConfigRequest) : sizeof (CHAR16);\r
-    NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16));\r
+    MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;\r
+    NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));\r
     ASSERT (NewStr != NULL);\r
     if (FormsetStorage->ConfigRequest != NULL) {\r
       CopyMem (NewStr, FormsetStorage->ConfigRequest, StringSize);\r
@@ -751,7 +754,7 @@ InitializeRequestElement (
     FormsetStorage->SpareStrLen   = CONFIG_REQUEST_STRING_INCREMENTAL;\r
   }\r
 \r
-  StrCat (FormsetStorage->ConfigRequest, RequestElement);\r
+  StrCatS (FormsetStorage->ConfigRequest, MaxLen, RequestElement);\r
   FormsetStorage->ElementCount++;\r
   FormsetStorage->SpareStrLen -= StrLen;\r
 \r
@@ -782,6 +785,8 @@ InitializeRequestElement (
     ConfigInfo->Storage       = FormsetStorage->BrowserStorage;\r
     InsertTailList(&Form->ConfigRequestHead, &ConfigInfo->Link);\r
   }\r
+  StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize (ConfigInfo->ConfigRequest) : sizeof (CHAR16);\r
+  MaxLen = StringSize / sizeof (CHAR16) + ConfigInfo->SpareStrLen;\r
 \r
   //\r
   // Append <RequestElement> to <ConfigRequest>\r
@@ -790,8 +795,8 @@ InitializeRequestElement (
     //\r
     // Old String buffer is not sufficient for RequestElement, allocate a new one\r
     //\r
-    StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize (ConfigInfo->ConfigRequest) : sizeof (CHAR16);\r
-    NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16));\r
+    MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;\r
+    NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));\r
     ASSERT (NewStr != NULL);\r
     if (ConfigInfo->ConfigRequest != NULL) {\r
       CopyMem (NewStr, ConfigInfo->ConfigRequest, StringSize);\r
@@ -801,7 +806,7 @@ InitializeRequestElement (
     ConfigInfo->SpareStrLen   = CONFIG_REQUEST_STRING_INCREMENTAL;\r
   }\r
 \r
-  StrCat (ConfigInfo->ConfigRequest, RequestElement);\r
+  StrCatS (ConfigInfo->ConfigRequest, MaxLen, RequestElement);\r
   ConfigInfo->ElementCount++;\r
   ConfigInfo->SpareStrLen -= StrLen;\r
   return EFI_SUCCESS;\r
@@ -1152,7 +1157,8 @@ IsExpressionOpCode (
       (Operand == EFI_IFR_TO_UPPER_OP) ||\r
       (Operand == EFI_IFR_MAP_OP)      ||\r
       (Operand == EFI_IFR_VERSION_OP)  ||\r
-      (Operand == EFI_IFR_SECURITY_OP)) {\r
+      (Operand == EFI_IFR_SECURITY_OP) ||\r
+      (Operand == EFI_IFR_MATCH2_OP)) {\r
     return TRUE;\r
   } else {\r
     return FALSE;\r
@@ -1207,7 +1213,7 @@ IsUnKnownOpCode (
   IN UINT8              Operand\r
   )\r
 {\r
-  return Operand > EFI_IFR_WARNING_IF_OP ? TRUE : FALSE;\r
+  return Operand > EFI_IFR_MATCH2_OP ? TRUE : FALSE;\r
 }\r
 \r
 /**\r
@@ -1479,6 +1485,10 @@ ParseOpCodes (
         CopyMem (&ExpressionOpCode->Guid, &((EFI_IFR_SECURITY *) OpCodeData)->Permissions, sizeof (EFI_GUID));\r
         break;\r
 \r
+      case EFI_IFR_MATCH2_OP:\r
+        CopyMem (&ExpressionOpCode->Guid, &((EFI_IFR_MATCH2 *) OpCodeData)->SyntaxType, sizeof (EFI_GUID));\r
+        break;\r
+\r
       case EFI_IFR_GET_OP:\r
       case EFI_IFR_SET_OP:\r
         CopyMem (&TempVarstoreId, &((EFI_IFR_GET *) OpCodeData)->VarStoreId, sizeof (TempVarstoreId));\r
@@ -1704,6 +1714,7 @@ ParseOpCodes (
 \r
       CopyMem (&FormSet->FormSetTitle, &((EFI_IFR_FORM_SET *) OpCodeData)->FormSetTitle, sizeof (EFI_STRING_ID));\r
       CopyMem (&FormSet->Help,         &((EFI_IFR_FORM_SET *) OpCodeData)->Help,         sizeof (EFI_STRING_ID));\r
+      FormSet->OpCode = (EFI_IFR_OP_HEADER *) OpCodeData;//save the opcode address of formset\r
 \r
       if (OpCodeLength > OFFSET_OF (EFI_IFR_FORM_SET, Flags)) {\r
         //\r
@@ -2139,6 +2150,7 @@ ParseOpCodes (
     // Option\r
     //\r
     case EFI_IFR_ONE_OF_OPTION_OP:\r
+      ASSERT (ParentStatement != NULL);\r
       if (ParentStatement->Operand == EFI_IFR_ORDERED_LIST_OP && ((((EFI_IFR_ONE_OF_OPTION *) OpCodeData)->Flags & (EFI_IFR_OPTION_DEFAULT | EFI_IFR_OPTION_DEFAULT_MFG)) != 0)) {\r
         //\r
         // It's keep the default value for ordered list opcode.\r
@@ -2193,7 +2205,6 @@ ParseOpCodes (
         CopyMem (CurrentOption->SuppressExpression->Expression, GetConditionalExpressionList(ExpressOption), (UINTN) (sizeof (FORM_EXPRESSION *) * ConditionalExprCount));\r
       }\r
 \r
-      ASSERT (ParentStatement != NULL);\r
       //\r
       // Insert to Option list of current Question\r
       //\r