]>
Commit | Line | Data |
---|---|---|
c058d59f JY |
1 | /** @file\r |
2 | Safe String functions.\r | |
3 | \r | |
4 | Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php.\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <Base.h>\r | |
16 | #include <Library/DebugLib.h>\r | |
17 | #include <Library/PcdLib.h>\r | |
18 | #include <Library/BaseLib.h>\r | |
19 | \r | |
20 | #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))\r | |
21 | \r | |
22 | #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))\r | |
23 | \r | |
24 | #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \\r | |
25 | do { \\r | |
26 | ASSERT (Expression); \\r | |
27 | if (!(Expression)) { \\r | |
28 | return Status; \\r | |
29 | } \\r | |
30 | } while (FALSE)\r | |
31 | \r | |
32 | /**\r | |
33 | Returns if 2 memory blocks are overlapped.\r | |
34 | \r | |
35 | @param Base1 Base address of 1st memory block.\r | |
36 | @param Size1 Size of 1st memory block.\r | |
37 | @param Base2 Base address of 2nd memory block.\r | |
38 | @param Size2 Size of 2nd memory block.\r | |
39 | \r | |
40 | @retval TRUE 2 memory blocks are overlapped.\r | |
41 | @retval FALSE 2 memory blocks are not overlapped.\r | |
42 | **/\r | |
43 | BOOLEAN\r | |
44 | InternalSafeStringIsOverlap (\r | |
45 | IN VOID *Base1,\r | |
46 | IN UINTN Size1,\r | |
47 | IN VOID *Base2,\r | |
48 | IN UINTN Size2\r | |
49 | )\r | |
50 | {\r | |
51 | if ((((UINTN)Base1 >= (UINTN)Base2) && ((UINTN)Base1 < (UINTN)Base2 + Size2)) ||\r | |
52 | (((UINTN)Base2 >= (UINTN)Base1) && ((UINTN)Base2 < (UINTN)Base1 + Size1))) {\r | |
53 | return TRUE;\r | |
54 | }\r | |
55 | return FALSE;\r | |
56 | }\r | |
57 | \r | |
58 | /**\r | |
59 | Returns if 2 Unicode strings are not overlapped.\r | |
60 | \r | |
61 | @param Str1 Start address of 1st Unicode string.\r | |
62 | @param Size1 The number of char in 1st Unicode string,\r | |
63 | including terminating null char.\r | |
64 | @param Str2 Start address of 2nd Unicode string.\r | |
65 | @param Size2 The number of char in 2nd Unicode string,\r | |
66 | including terminating null char.\r | |
67 | \r | |
68 | @retval TRUE 2 Unicode strings are NOT overlapped.\r | |
69 | @retval FALSE 2 Unicode strings are overlapped.\r | |
70 | **/\r | |
71 | BOOLEAN\r | |
72 | InternalSafeStringNoStrOverlap (\r | |
73 | IN CHAR16 *Str1,\r | |
74 | IN UINTN Size1,\r | |
75 | IN CHAR16 *Str2,\r | |
76 | IN UINTN Size2\r | |
77 | )\r | |
78 | {\r | |
79 | return !InternalSafeStringIsOverlap (Str1, Size1 * sizeof(CHAR16), Str2, Size2 * sizeof(CHAR16));\r | |
80 | }\r | |
81 | \r | |
82 | /**\r | |
83 | Returns if 2 Ascii strings are not overlapped.\r | |
84 | \r | |
85 | @param Str1 Start address of 1st Ascii string.\r | |
86 | @param Size1 The number of char in 1st Ascii string,\r | |
87 | including terminating null char.\r | |
88 | @param Str2 Start address of 2nd Ascii string.\r | |
89 | @param Size2 The number of char in 2nd Ascii string,\r | |
90 | including terminating null char.\r | |
91 | \r | |
92 | @retval TRUE 2 Ascii strings are NOT overlapped.\r | |
93 | @retval FALSE 2 Ascii strings are overlapped.\r | |
94 | **/\r | |
95 | BOOLEAN\r | |
96 | InternalSafeStringNoAsciiStrOverlap (\r | |
97 | IN CHAR8 *Str1,\r | |
98 | IN UINTN Size1,\r | |
99 | IN CHAR8 *Str2,\r | |
100 | IN UINTN Size2\r | |
101 | )\r | |
102 | {\r | |
103 | return !InternalSafeStringIsOverlap (Str1, Size1, Str2, Size2);\r | |
104 | }\r | |
105 | \r | |
106 | /**\r | |
107 | Returns the length of a Null-terminated Unicode string.\r | |
108 | \r | |
109 | If String is not aligned on a 16-bit boundary, then ASSERT().\r | |
110 | \r | |
111 | @param String A pointer to a Null-terminated Unicode string.\r | |
112 | @param MaxSize The maximum number of Destination Unicode\r | |
113 | char, including terminating null char.\r | |
114 | \r | |
115 | @retval 0 If String is NULL.\r | |
116 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
117 | @return The number of characters that percede the terminating null character.\r | |
118 | \r | |
119 | **/\r | |
120 | UINTN\r | |
121 | EFIAPI\r | |
122 | StrnLenS (\r | |
123 | IN CONST CHAR16 *String,\r | |
124 | IN UINTN MaxSize\r | |
125 | )\r | |
126 | {\r | |
127 | UINTN Length;\r | |
128 | \r | |
129 | ASSERT (((UINTN) String & BIT0) == 0);\r | |
130 | \r | |
131 | //\r | |
132 | // If String is a null pointer, then the StrnLenS function returns zero.\r | |
133 | //\r | |
134 | if (String == NULL) {\r | |
135 | return 0;\r | |
136 | }\r | |
137 | \r | |
138 | //\r | |
139 | // Otherwise, the StrnLenS function returns the number of characters that precede the\r | |
140 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
141 | // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
142 | // be accessed by StrnLenS.\r | |
143 | //\r | |
144 | for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {\r | |
145 | ;\r | |
146 | }\r | |
147 | return Length;\r | |
148 | }\r | |
149 | \r | |
150 | /**\r | |
151 | Copies the string pointed to by Source (including the terminating null char)\r | |
152 | to the array pointed to by Destination.\r | |
153 | \r | |
154 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
155 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
156 | \r | |
157 | @param Destination A pointer to a Null-terminated Unicode string.\r | |
158 | @param DestMax The maximum number of Destination Unicode\r | |
159 | char, including terminating null char.\r | |
160 | @param Source A pointer to a Null-terminated Unicode string.\r | |
161 | \r | |
162 | @retval RETURN_SUCCESS String is copied.\r | |
163 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
164 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
165 | If Source is NULL.\r | |
166 | If PcdMaximumUnicodeStringLength is not zero,\r | |
167 | and DestMax is greater than \r | |
168 | PcdMaximumUnicodeStringLength.\r | |
169 | If DestMax is 0.\r | |
170 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
171 | **/\r | |
172 | RETURN_STATUS\r | |
173 | EFIAPI\r | |
174 | StrCpyS (\r | |
175 | OUT CHAR16 *Destination,\r | |
176 | IN UINTN DestMax,\r | |
177 | IN CONST CHAR16 *Source\r | |
178 | )\r | |
179 | {\r | |
180 | UINTN SourceLen;\r | |
181 | \r | |
182 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
183 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
184 | \r | |
185 | //\r | |
186 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
187 | //\r | |
188 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
189 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
190 | \r | |
191 | //\r | |
192 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
193 | //\r | |
194 | if (RSIZE_MAX != 0) {\r | |
195 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
196 | }\r | |
197 | \r | |
198 | //\r | |
199 | // 3. DestMax shall not equal zero.\r | |
200 | //\r | |
201 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
202 | \r | |
203 | //\r | |
204 | // 4. DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
205 | //\r | |
206 | SourceLen = StrnLenS (Source, DestMax);\r | |
207 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
208 | \r | |
209 | //\r | |
210 | // 5. Copying shall not take place between objects that overlap.\r | |
211 | //\r | |
212 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
213 | \r | |
214 | //\r | |
215 | // The StrCpyS function copies the string pointed to by Source (including the terminating\r | |
216 | // null character) into the array pointed to by Destination.\r | |
217 | //\r | |
218 | while (*Source != 0) {\r | |
219 | *(Destination++) = *(Source++);\r | |
220 | }\r | |
221 | *Destination = 0;\r | |
222 | \r | |
223 | return RETURN_SUCCESS;\r | |
224 | }\r | |
225 | \r | |
226 | /**\r | |
227 | Copies not more than Length successive char from the string pointed to by\r | |
228 | Source to the array pointed to by Destination. If no null char is copied from\r | |
229 | Source, then Destination[Length] is always set to null.\r | |
230 | \r | |
231 | If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
232 | If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
233 | \r | |
234 | @param Destination A pointer to a Null-terminated Unicode string.\r | |
235 | @param DestMax The maximum number of Destination Unicode\r | |
236 | char, including terminating null char.\r | |
237 | @param Source A pointer to a Null-terminated Unicode string.\r | |
238 | @param Length The maximum number of Unicode characters to copy.\r | |
239 | \r | |
240 | @retval RETURN_SUCCESS String is copied.\r | |
241 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
242 | MIN(StrLen(Source), Length).\r | |
243 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
244 | If Source is NULL.\r | |
245 | If PcdMaximumUnicodeStringLength is not zero,\r | |
246 | and DestMax is greater than \r | |
247 | PcdMaximumUnicodeStringLength.\r | |
248 | If DestMax is 0.\r | |
249 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
250 | **/\r | |
251 | RETURN_STATUS\r | |
252 | EFIAPI\r | |
253 | StrnCpyS (\r | |
254 | OUT CHAR16 *Destination,\r | |
255 | IN UINTN DestMax,\r | |
256 | IN CONST CHAR16 *Source,\r | |
257 | IN UINTN Length\r | |
258 | )\r | |
259 | {\r | |
260 | UINTN SourceLen;\r | |
261 | \r | |
262 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
263 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
264 | \r | |
265 | //\r | |
266 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
267 | //\r | |
268 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
269 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
270 | \r | |
271 | //\r | |
272 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX\r | |
273 | //\r | |
274 | if (RSIZE_MAX != 0) {\r | |
275 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
276 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
277 | }\r | |
278 | \r | |
279 | //\r | |
280 | // 3. DestMax shall not equal zero.\r | |
281 | //\r | |
282 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
283 | \r | |
284 | //\r | |
285 | // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
286 | //\r | |
287 | SourceLen = StrnLenS (Source, DestMax);\r | |
288 | if (Length >= DestMax) {\r | |
289 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
290 | }\r | |
291 | \r | |
292 | //\r | |
293 | // 5. Copying shall not take place between objects that overlap.\r | |
294 | //\r | |
295 | if (SourceLen > Length) {\r | |
296 | SourceLen = Length;\r | |
297 | }\r | |
298 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
299 | \r | |
300 | //\r | |
301 | // The StrnCpyS function copies not more than Length successive characters (characters that\r | |
302 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
303 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
304 | // character.\r | |
305 | //\r | |
306 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
307 | *(Destination++) = *(Source++);\r | |
308 | SourceLen--;\r | |
309 | }\r | |
310 | *Destination = 0;\r | |
311 | \r | |
312 | return RETURN_SUCCESS;\r | |
313 | }\r | |
314 | \r | |
315 | /**\r | |
316 | Appends a copy of the string pointed to by Source (including the terminating\r | |
317 | null char) to the end of the string pointed to by Destination.\r | |
318 | \r | |
319 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
320 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
321 | \r | |
322 | @param Destination A pointer to a Null-terminated Unicode string.\r | |
323 | @param DestMax The maximum number of Destination Unicode\r | |
324 | char, including terminating null char.\r | |
325 | @param Source A pointer to a Null-terminated Unicode string.\r | |
326 | \r | |
327 | @retval RETURN_SUCCESS String is appended.\r | |
328 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
329 | StrLen(Destination).\r | |
330 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
331 | greater than StrLen(Source).\r | |
332 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
333 | If Source is NULL.\r | |
334 | If PcdMaximumUnicodeStringLength is not zero,\r | |
335 | and DestMax is greater than \r | |
336 | PcdMaximumUnicodeStringLength.\r | |
337 | If DestMax is 0.\r | |
338 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
339 | **/\r | |
340 | RETURN_STATUS\r | |
341 | EFIAPI\r | |
342 | StrCatS (\r | |
343 | IN OUT CHAR16 *Destination,\r | |
344 | IN UINTN DestMax,\r | |
345 | IN CONST CHAR16 *Source\r | |
346 | )\r | |
347 | {\r | |
348 | UINTN DestLen;\r | |
349 | UINTN CopyLen;\r | |
350 | UINTN SourceLen;\r | |
351 | \r | |
352 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
353 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
354 | \r | |
355 | //\r | |
356 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.\r | |
357 | //\r | |
358 | DestLen = StrnLenS (Destination, DestMax);\r | |
359 | CopyLen = DestMax - DestLen;\r | |
360 | \r | |
361 | //\r | |
362 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
363 | //\r | |
364 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
365 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
366 | \r | |
367 | //\r | |
368 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
369 | //\r | |
370 | if (RSIZE_MAX != 0) {\r | |
371 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
372 | }\r | |
373 | \r | |
374 | //\r | |
375 | // 3. DestMax shall not equal zero.\r | |
376 | //\r | |
377 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
378 | \r | |
379 | //\r | |
380 | // 4. CopyLen shall not equal zero.\r | |
381 | //\r | |
382 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
383 | \r | |
384 | //\r | |
385 | // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
386 | //\r | |
387 | SourceLen = StrnLenS (Source, CopyLen);\r | |
388 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
389 | \r | |
390 | //\r | |
391 | // 6. Copying shall not take place between objects that overlap.\r | |
392 | //\r | |
393 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
394 | \r | |
395 | //\r | |
396 | // The StrCatS function appends a copy of the string pointed to by Source (including the\r | |
397 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
398 | // from Source overwrites the null character at the end of Destination.\r | |
399 | //\r | |
400 | Destination = Destination + DestLen;\r | |
401 | while (*Source != 0) {\r | |
402 | *(Destination++) = *(Source++);\r | |
403 | }\r | |
404 | *Destination = 0;\r | |
405 | \r | |
406 | return RETURN_SUCCESS;\r | |
407 | }\r | |
408 | \r | |
409 | /**\r | |
410 | Appends not more than Length successive char from the string pointed to by\r | |
411 | Source to the end of the string pointed to by Destination. If no null char is\r | |
412 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
413 | set to null.\r | |
414 | \r | |
415 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
416 | If and Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
417 | \r | |
418 | @param Destination A pointer to a Null-terminated Unicode string.\r | |
419 | @param DestMax The maximum number of Destination Unicode\r | |
420 | char, including terminating null char.\r | |
421 | @param Source A pointer to a Null-terminated Unicode string.\r | |
422 | @param Length The maximum number of Unicode characters to copy.\r | |
423 | \r | |
424 | @retval RETURN_SUCCESS String is appended.\r | |
425 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
426 | StrLen(Destination).\r | |
427 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
428 | greater than MIN(StrLen(Source), Length).\r | |
429 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
430 | If Source is NULL.\r | |
431 | If PcdMaximumUnicodeStringLength is not zero,\r | |
432 | and DestMax is greater than \r | |
433 | PcdMaximumUnicodeStringLength.\r | |
434 | If DestMax is 0.\r | |
435 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
436 | **/\r | |
437 | RETURN_STATUS\r | |
438 | EFIAPI\r | |
439 | StrnCatS (\r | |
440 | IN OUT CHAR16 *Destination,\r | |
441 | IN UINTN DestMax,\r | |
442 | IN CONST CHAR16 *Source,\r | |
443 | IN UINTN Length\r | |
444 | )\r | |
445 | {\r | |
446 | UINTN DestLen;\r | |
447 | UINTN CopyLen;\r | |
448 | UINTN SourceLen;\r | |
449 | \r | |
450 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
451 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
452 | \r | |
453 | //\r | |
454 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.\r | |
455 | //\r | |
456 | DestLen = StrnLenS (Destination, DestMax);\r | |
457 | CopyLen = DestMax - DestLen;\r | |
458 | \r | |
459 | //\r | |
460 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
461 | //\r | |
462 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
463 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
464 | \r | |
465 | //\r | |
466 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.\r | |
467 | //\r | |
468 | if (RSIZE_MAX != 0) {\r | |
469 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
470 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
471 | }\r | |
472 | \r | |
473 | //\r | |
474 | // 3. DestMax shall not equal zero.\r | |
475 | //\r | |
476 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
477 | \r | |
478 | //\r | |
479 | // 4. CopyLen shall not equal zero.\r | |
480 | //\r | |
481 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
482 | \r | |
483 | //\r | |
484 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
485 | //\r | |
486 | SourceLen = StrnLenS (Source, CopyLen);\r | |
487 | if (Length >= CopyLen) {\r | |
488 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
489 | }\r | |
490 | \r | |
491 | //\r | |
492 | // 6. Copying shall not take place between objects that overlap.\r | |
493 | //\r | |
494 | if (SourceLen > Length) {\r | |
495 | SourceLen = Length;\r | |
496 | }\r | |
497 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
498 | \r | |
499 | //\r | |
500 | // The StrnCatS function appends not more than Length successive characters (characters\r | |
501 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
502 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
503 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
504 | // a null character.\r | |
505 | //\r | |
506 | Destination = Destination + DestLen;\r | |
507 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
508 | *(Destination++) = *(Source++);\r | |
509 | SourceLen--;\r | |
510 | }\r | |
511 | *Destination = 0;\r | |
512 | \r | |
513 | return RETURN_SUCCESS;\r | |
514 | }\r | |
515 | \r | |
516 | /**\r | |
517 | Returns the length of a Null-terminated Ascii string.\r | |
518 | \r | |
519 | @param String A pointer to a Null-terminated Ascii string.\r | |
520 | @param MaxSize The maximum number of Destination Ascii\r | |
521 | char, including terminating null char.\r | |
522 | \r | |
523 | @retval 0 If String is NULL.\r | |
524 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
525 | @return The number of characters that percede the terminating null character.\r | |
526 | \r | |
527 | **/\r | |
528 | UINTN\r | |
529 | EFIAPI\r | |
530 | AsciiStrnLenS (\r | |
531 | IN CONST CHAR8 *String,\r | |
532 | IN UINTN MaxSize\r | |
533 | )\r | |
534 | {\r | |
535 | UINTN Length;\r | |
536 | \r | |
537 | //\r | |
538 | // If String is a null pointer, then the AsciiStrnLenS function returns zero.\r | |
539 | //\r | |
540 | if (String == NULL) {\r | |
541 | return 0;\r | |
542 | }\r | |
543 | \r | |
544 | //\r | |
545 | // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the\r | |
546 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
547 | // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
548 | // be accessed by AsciiStrnLenS.\r | |
549 | //\r | |
550 | for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {\r | |
551 | ;\r | |
552 | }\r | |
553 | return Length;\r | |
554 | }\r | |
555 | \r | |
556 | /**\r | |
557 | Copies the string pointed to by Source (including the terminating null char)\r | |
558 | to the array pointed to by Destination.\r | |
559 | \r | |
560 | @param Destination A pointer to a Null-terminated Ascii string.\r | |
561 | @param DestMax The maximum number of Destination Ascii\r | |
562 | char, including terminating null char.\r | |
563 | @param Source A pointer to a Null-terminated Ascii string.\r | |
564 | \r | |
565 | @retval RETURN_SUCCESS String is copied.\r | |
566 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
567 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
568 | If Source is NULL.\r | |
569 | If PcdMaximumAsciiStringLength is not zero,\r | |
570 | and DestMax is greater than \r | |
571 | PcdMaximumAsciiStringLength.\r | |
572 | If DestMax is 0.\r | |
573 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
574 | **/\r | |
575 | RETURN_STATUS\r | |
576 | EFIAPI\r | |
577 | AsciiStrCpyS (\r | |
578 | OUT CHAR8 *Destination,\r | |
579 | IN UINTN DestMax,\r | |
580 | IN CONST CHAR8 *Source\r | |
581 | )\r | |
582 | {\r | |
583 | UINTN SourceLen;\r | |
584 | \r | |
585 | //\r | |
586 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
587 | //\r | |
588 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
589 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
590 | \r | |
591 | //\r | |
592 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
593 | //\r | |
594 | if (ASCII_RSIZE_MAX != 0) {\r | |
595 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
596 | }\r | |
597 | \r | |
598 | //\r | |
599 | // 3. DestMax shall not equal zero.\r | |
600 | //\r | |
601 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
602 | \r | |
603 | //\r | |
604 | // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
605 | //\r | |
606 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
607 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
608 | \r | |
609 | //\r | |
610 | // 5. Copying shall not take place between objects that overlap.\r | |
611 | //\r | |
612 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
613 | \r | |
614 | //\r | |
615 | // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating\r | |
616 | // null character) into the array pointed to by Destination.\r | |
617 | //\r | |
618 | while (*Source != 0) {\r | |
619 | *(Destination++) = *(Source++);\r | |
620 | }\r | |
621 | *Destination = 0;\r | |
622 | \r | |
623 | return RETURN_SUCCESS;\r | |
624 | }\r | |
625 | \r | |
626 | /**\r | |
627 | Copies not more than Length successive char from the string pointed to by\r | |
628 | Source to the array pointed to by Destination. If no null char is copied from\r | |
629 | Source, then Destination[Length] is always set to null.\r | |
630 | \r | |
631 | @param Destination A pointer to a Null-terminated Ascii string.\r | |
632 | @param DestMax The maximum number of Destination Ascii\r | |
633 | char, including terminating null char.\r | |
634 | @param Source A pointer to a Null-terminated Ascii string.\r | |
635 | @param Length The maximum number of Ascii characters to copy.\r | |
636 | \r | |
637 | @retval RETURN_SUCCESS String is copied.\r | |
638 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
639 | MIN(StrLen(Source), Length).\r | |
640 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
641 | If Source is NULL.\r | |
642 | If PcdMaximumAsciiStringLength is not zero,\r | |
643 | and DestMax is greater than \r | |
644 | PcdMaximumAsciiStringLength.\r | |
645 | If DestMax is 0.\r | |
646 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
647 | **/\r | |
648 | RETURN_STATUS\r | |
649 | EFIAPI\r | |
650 | AsciiStrnCpyS (\r | |
651 | OUT CHAR8 *Destination,\r | |
652 | IN UINTN DestMax,\r | |
653 | IN CONST CHAR8 *Source,\r | |
654 | IN UINTN Length\r | |
655 | )\r | |
656 | {\r | |
657 | UINTN SourceLen;\r | |
658 | \r | |
659 | //\r | |
660 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
661 | //\r | |
662 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
663 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
664 | \r | |
665 | //\r | |
666 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX\r | |
667 | //\r | |
668 | if (ASCII_RSIZE_MAX != 0) {\r | |
669 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
670 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
671 | }\r | |
672 | \r | |
673 | //\r | |
674 | // 3. DestMax shall not equal zero.\r | |
675 | //\r | |
676 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
677 | \r | |
678 | //\r | |
679 | // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
680 | //\r | |
681 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
682 | if (Length >= DestMax) {\r | |
683 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
684 | }\r | |
685 | \r | |
686 | //\r | |
687 | // 5. Copying shall not take place between objects that overlap.\r | |
688 | //\r | |
689 | if (SourceLen > Length) {\r | |
690 | SourceLen = Length;\r | |
691 | }\r | |
692 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
693 | \r | |
694 | //\r | |
695 | // The AsciiStrnCpyS function copies not more than Length successive characters (characters that\r | |
696 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
697 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
698 | // character.\r | |
699 | //\r | |
700 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
701 | *(Destination++) = *(Source++);\r | |
702 | SourceLen--;\r | |
703 | }\r | |
704 | *Destination = 0;\r | |
705 | \r | |
706 | return RETURN_SUCCESS;\r | |
707 | }\r | |
708 | \r | |
709 | /**\r | |
710 | Appends a copy of the string pointed to by Source (including the terminating\r | |
711 | null char) to the end of the string pointed to by Destination.\r | |
712 | \r | |
713 | @param Destination A pointer to a Null-terminated Ascii string.\r | |
714 | @param DestMax The maximum number of Destination Ascii\r | |
715 | char, including terminating null char.\r | |
716 | @param Source A pointer to a Null-terminated Ascii string.\r | |
717 | \r | |
718 | @retval RETURN_SUCCESS String is appended.\r | |
719 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
720 | StrLen(Destination).\r | |
721 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
722 | greater than StrLen(Source).\r | |
723 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
724 | If Source is NULL.\r | |
725 | If PcdMaximumAsciiStringLength is not zero,\r | |
726 | and DestMax is greater than \r | |
727 | PcdMaximumAsciiStringLength.\r | |
728 | If DestMax is 0.\r | |
729 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
730 | **/\r | |
731 | RETURN_STATUS\r | |
732 | EFIAPI\r | |
733 | AsciiStrCatS (\r | |
734 | IN OUT CHAR8 *Destination,\r | |
735 | IN UINTN DestMax,\r | |
736 | IN CONST CHAR8 *Source\r | |
737 | )\r | |
738 | {\r | |
739 | UINTN DestLen;\r | |
740 | UINTN CopyLen;\r | |
741 | UINTN SourceLen;\r | |
742 | \r | |
743 | //\r | |
744 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.\r | |
745 | //\r | |
746 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
747 | CopyLen = DestMax - DestLen;\r | |
748 | \r | |
749 | //\r | |
750 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
751 | //\r | |
752 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
753 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
754 | \r | |
755 | //\r | |
756 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
757 | //\r | |
758 | if (ASCII_RSIZE_MAX != 0) {\r | |
759 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
760 | }\r | |
761 | \r | |
762 | //\r | |
763 | // 3. DestMax shall not equal zero.\r | |
764 | //\r | |
765 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
766 | \r | |
767 | //\r | |
768 | // 4. CopyLen shall not equal zero.\r | |
769 | //\r | |
770 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
771 | \r | |
772 | //\r | |
773 | // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
774 | //\r | |
775 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
776 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
777 | \r | |
778 | //\r | |
779 | // 6. Copying shall not take place between objects that overlap.\r | |
780 | //\r | |
781 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
782 | \r | |
783 | //\r | |
784 | // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the\r | |
785 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
786 | // from Source overwrites the null character at the end of Destination.\r | |
787 | //\r | |
788 | Destination = Destination + DestLen;\r | |
789 | while (*Source != 0) {\r | |
790 | *(Destination++) = *(Source++);\r | |
791 | }\r | |
792 | *Destination = 0;\r | |
793 | \r | |
794 | return RETURN_SUCCESS;\r | |
795 | }\r | |
796 | \r | |
797 | /**\r | |
798 | Appends not more than Length successive char from the string pointed to by\r | |
799 | Source to the end of the string pointed to by Destination. If no null char is\r | |
800 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
801 | set to null.\r | |
802 | \r | |
803 | @param Destination A pointer to a Null-terminated Ascii string.\r | |
804 | @param DestMax The maximum number of Destination Ascii\r | |
805 | char, including terminating null char.\r | |
806 | @param Source A pointer to a Null-terminated Ascii string.\r | |
807 | @param Length The maximum number of Ascii characters to copy.\r | |
808 | \r | |
809 | @retval RETURN_SUCCESS String is appended.\r | |
810 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
811 | StrLen(Destination).\r | |
812 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
813 | greater than MIN(StrLen(Source), Length).\r | |
814 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
815 | If Source is NULL.\r | |
816 | If PcdMaximumAsciiStringLength is not zero,\r | |
817 | and DestMax is greater than \r | |
818 | PcdMaximumAsciiStringLength.\r | |
819 | If DestMax is 0.\r | |
820 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
821 | **/\r | |
822 | RETURN_STATUS\r | |
823 | EFIAPI\r | |
824 | AsciiStrnCatS (\r | |
825 | IN OUT CHAR8 *Destination,\r | |
826 | IN UINTN DestMax,\r | |
827 | IN CONST CHAR8 *Source,\r | |
828 | IN UINTN Length\r | |
829 | )\r | |
830 | {\r | |
831 | UINTN DestLen;\r | |
832 | UINTN CopyLen;\r | |
833 | UINTN SourceLen;\r | |
834 | \r | |
835 | //\r | |
836 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.\r | |
837 | //\r | |
838 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
839 | CopyLen = DestMax - DestLen;\r | |
840 | \r | |
841 | //\r | |
842 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
843 | //\r | |
844 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
845 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
846 | \r | |
847 | //\r | |
848 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.\r | |
849 | //\r | |
850 | if (ASCII_RSIZE_MAX != 0) {\r | |
851 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
852 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
853 | }\r | |
854 | \r | |
855 | //\r | |
856 | // 3. DestMax shall not equal zero.\r | |
857 | //\r | |
858 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
859 | \r | |
860 | //\r | |
861 | // 4. CopyLen shall not equal zero.\r | |
862 | //\r | |
863 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
864 | \r | |
865 | //\r | |
866 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
867 | //\r | |
868 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
869 | if (Length >= CopyLen) {\r | |
870 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
871 | }\r | |
872 | \r | |
873 | //\r | |
874 | // 6. Copying shall not take place between objects that overlap.\r | |
875 | //\r | |
876 | if (SourceLen > Length) {\r | |
877 | SourceLen = Length;\r | |
878 | }\r | |
879 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
880 | \r | |
881 | //\r | |
882 | // The AsciiStrnCatS function appends not more than Length successive characters (characters\r | |
883 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
884 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
885 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
886 | // a null character.\r | |
887 | //\r | |
888 | Destination = Destination + DestLen;\r | |
889 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
890 | *(Destination++) = *(Source++);\r | |
891 | SourceLen--;\r | |
892 | }\r | |
893 | *Destination = 0;\r | |
894 | \r | |
895 | return RETURN_SUCCESS;\r | |
896 | }\r |