]>
Commit | Line | Data |
---|---|---|
c058d59f JY |
1 | /** @file\r |
2 | Safe String functions.\r | |
3 | \r | |
3ab41b7a | 4 | Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>\r |
c058d59f JY |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php.\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <Base.h>\r | |
16 | #include <Library/DebugLib.h>\r | |
17 | #include <Library/PcdLib.h>\r | |
18 | #include <Library/BaseLib.h>\r | |
19 | \r | |
20 | #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))\r | |
21 | \r | |
22 | #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))\r | |
23 | \r | |
24 | #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \\r | |
25 | do { \\r | |
26 | ASSERT (Expression); \\r | |
27 | if (!(Expression)) { \\r | |
28 | return Status; \\r | |
29 | } \\r | |
30 | } while (FALSE)\r | |
31 | \r | |
32 | /**\r | |
33 | Returns if 2 memory blocks are overlapped.\r | |
34 | \r | |
35 | @param Base1 Base address of 1st memory block.\r | |
36 | @param Size1 Size of 1st memory block.\r | |
37 | @param Base2 Base address of 2nd memory block.\r | |
38 | @param Size2 Size of 2nd memory block.\r | |
39 | \r | |
40 | @retval TRUE 2 memory blocks are overlapped.\r | |
41 | @retval FALSE 2 memory blocks are not overlapped.\r | |
42 | **/\r | |
43 | BOOLEAN\r | |
44 | InternalSafeStringIsOverlap (\r | |
45 | IN VOID *Base1,\r | |
46 | IN UINTN Size1,\r | |
47 | IN VOID *Base2,\r | |
48 | IN UINTN Size2\r | |
49 | )\r | |
50 | {\r | |
51 | if ((((UINTN)Base1 >= (UINTN)Base2) && ((UINTN)Base1 < (UINTN)Base2 + Size2)) ||\r | |
52 | (((UINTN)Base2 >= (UINTN)Base1) && ((UINTN)Base2 < (UINTN)Base1 + Size1))) {\r | |
53 | return TRUE;\r | |
54 | }\r | |
55 | return FALSE;\r | |
56 | }\r | |
57 | \r | |
58 | /**\r | |
59 | Returns if 2 Unicode strings are not overlapped.\r | |
60 | \r | |
61 | @param Str1 Start address of 1st Unicode string.\r | |
62 | @param Size1 The number of char in 1st Unicode string,\r | |
63 | including terminating null char.\r | |
64 | @param Str2 Start address of 2nd Unicode string.\r | |
65 | @param Size2 The number of char in 2nd Unicode string,\r | |
66 | including terminating null char.\r | |
67 | \r | |
68 | @retval TRUE 2 Unicode strings are NOT overlapped.\r | |
69 | @retval FALSE 2 Unicode strings are overlapped.\r | |
70 | **/\r | |
71 | BOOLEAN\r | |
72 | InternalSafeStringNoStrOverlap (\r | |
73 | IN CHAR16 *Str1,\r | |
74 | IN UINTN Size1,\r | |
75 | IN CHAR16 *Str2,\r | |
76 | IN UINTN Size2\r | |
77 | )\r | |
78 | {\r | |
79 | return !InternalSafeStringIsOverlap (Str1, Size1 * sizeof(CHAR16), Str2, Size2 * sizeof(CHAR16));\r | |
80 | }\r | |
81 | \r | |
82 | /**\r | |
83 | Returns if 2 Ascii strings are not overlapped.\r | |
84 | \r | |
85 | @param Str1 Start address of 1st Ascii string.\r | |
86 | @param Size1 The number of char in 1st Ascii string,\r | |
87 | including terminating null char.\r | |
88 | @param Str2 Start address of 2nd Ascii string.\r | |
89 | @param Size2 The number of char in 2nd Ascii string,\r | |
90 | including terminating null char.\r | |
91 | \r | |
92 | @retval TRUE 2 Ascii strings are NOT overlapped.\r | |
93 | @retval FALSE 2 Ascii strings are overlapped.\r | |
94 | **/\r | |
95 | BOOLEAN\r | |
96 | InternalSafeStringNoAsciiStrOverlap (\r | |
97 | IN CHAR8 *Str1,\r | |
98 | IN UINTN Size1,\r | |
99 | IN CHAR8 *Str2,\r | |
100 | IN UINTN Size2\r | |
101 | )\r | |
102 | {\r | |
103 | return !InternalSafeStringIsOverlap (Str1, Size1, Str2, Size2);\r | |
104 | }\r | |
105 | \r | |
106 | /**\r | |
107 | Returns the length of a Null-terminated Unicode string.\r | |
108 | \r | |
328f84b1 JY |
109 | This function is similar as strlen_s defined in C11.\r |
110 | \r | |
c058d59f JY |
111 | If String is not aligned on a 16-bit boundary, then ASSERT().\r |
112 | \r | |
113 | @param String A pointer to a Null-terminated Unicode string.\r | |
114 | @param MaxSize The maximum number of Destination Unicode\r | |
115 | char, including terminating null char.\r | |
116 | \r | |
117 | @retval 0 If String is NULL.\r | |
118 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
119 | @return The number of characters that percede the terminating null character.\r | |
120 | \r | |
121 | **/\r | |
122 | UINTN\r | |
123 | EFIAPI\r | |
124 | StrnLenS (\r | |
125 | IN CONST CHAR16 *String,\r | |
126 | IN UINTN MaxSize\r | |
127 | )\r | |
128 | {\r | |
129 | UINTN Length;\r | |
130 | \r | |
131 | ASSERT (((UINTN) String & BIT0) == 0);\r | |
132 | \r | |
133 | //\r | |
134 | // If String is a null pointer, then the StrnLenS function returns zero.\r | |
135 | //\r | |
136 | if (String == NULL) {\r | |
137 | return 0;\r | |
138 | }\r | |
139 | \r | |
140 | //\r | |
141 | // Otherwise, the StrnLenS function returns the number of characters that precede the\r | |
142 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
143 | // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
144 | // be accessed by StrnLenS.\r | |
145 | //\r | |
c07c517c HW |
146 | Length = 0;\r |
147 | while (String[Length] != 0) {\r | |
148 | if (Length >= MaxSize - 1) {\r | |
149 | return MaxSize;\r | |
150 | }\r | |
151 | Length++;\r | |
c058d59f JY |
152 | }\r |
153 | return Length;\r | |
154 | }\r | |
155 | \r | |
156 | /**\r | |
157 | Copies the string pointed to by Source (including the terminating null char)\r | |
158 | to the array pointed to by Destination.\r | |
159 | \r | |
328f84b1 JY |
160 | This function is similar as strcpy_s defined in C11.\r |
161 | \r | |
c058d59f JY |
162 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
163 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 164 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 165 | \r |
328f84b1 JY |
166 | If an error is returned, then the Destination is unmodified.\r |
167 | \r | |
c058d59f JY |
168 | @param Destination A pointer to a Null-terminated Unicode string.\r |
169 | @param DestMax The maximum number of Destination Unicode\r | |
170 | char, including terminating null char.\r | |
171 | @param Source A pointer to a Null-terminated Unicode string.\r | |
172 | \r | |
173 | @retval RETURN_SUCCESS String is copied.\r | |
174 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
175 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
176 | If Source is NULL.\r | |
177 | If PcdMaximumUnicodeStringLength is not zero,\r | |
178 | and DestMax is greater than \r | |
179 | PcdMaximumUnicodeStringLength.\r | |
180 | If DestMax is 0.\r | |
181 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
182 | **/\r | |
183 | RETURN_STATUS\r | |
184 | EFIAPI\r | |
185 | StrCpyS (\r | |
186 | OUT CHAR16 *Destination,\r | |
187 | IN UINTN DestMax,\r | |
188 | IN CONST CHAR16 *Source\r | |
189 | )\r | |
190 | {\r | |
191 | UINTN SourceLen;\r | |
192 | \r | |
193 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
194 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
195 | \r | |
196 | //\r | |
197 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
198 | //\r | |
199 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
200 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
201 | \r | |
202 | //\r | |
203 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
204 | //\r | |
205 | if (RSIZE_MAX != 0) {\r | |
206 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
207 | }\r | |
208 | \r | |
209 | //\r | |
210 | // 3. DestMax shall not equal zero.\r | |
211 | //\r | |
212 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
213 | \r | |
214 | //\r | |
215 | // 4. DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
216 | //\r | |
217 | SourceLen = StrnLenS (Source, DestMax);\r | |
218 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
219 | \r | |
220 | //\r | |
221 | // 5. Copying shall not take place between objects that overlap.\r | |
222 | //\r | |
223 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
224 | \r | |
225 | //\r | |
226 | // The StrCpyS function copies the string pointed to by Source (including the terminating\r | |
227 | // null character) into the array pointed to by Destination.\r | |
228 | //\r | |
229 | while (*Source != 0) {\r | |
230 | *(Destination++) = *(Source++);\r | |
231 | }\r | |
232 | *Destination = 0;\r | |
233 | \r | |
234 | return RETURN_SUCCESS;\r | |
235 | }\r | |
236 | \r | |
237 | /**\r | |
238 | Copies not more than Length successive char from the string pointed to by\r | |
239 | Source to the array pointed to by Destination. If no null char is copied from\r | |
240 | Source, then Destination[Length] is always set to null.\r | |
241 | \r | |
328f84b1 JY |
242 | This function is similar as strncpy_s defined in C11.\r |
243 | \r | |
c058d59f JY |
244 | If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
245 | If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 246 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 247 | \r |
328f84b1 JY |
248 | If an error is returned, then the Destination is unmodified.\r |
249 | \r | |
c058d59f JY |
250 | @param Destination A pointer to a Null-terminated Unicode string.\r |
251 | @param DestMax The maximum number of Destination Unicode\r | |
252 | char, including terminating null char.\r | |
253 | @param Source A pointer to a Null-terminated Unicode string.\r | |
254 | @param Length The maximum number of Unicode characters to copy.\r | |
255 | \r | |
256 | @retval RETURN_SUCCESS String is copied.\r | |
257 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
258 | MIN(StrLen(Source), Length).\r | |
259 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
260 | If Source is NULL.\r | |
261 | If PcdMaximumUnicodeStringLength is not zero,\r | |
262 | and DestMax is greater than \r | |
263 | PcdMaximumUnicodeStringLength.\r | |
264 | If DestMax is 0.\r | |
265 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
266 | **/\r | |
267 | RETURN_STATUS\r | |
268 | EFIAPI\r | |
269 | StrnCpyS (\r | |
270 | OUT CHAR16 *Destination,\r | |
271 | IN UINTN DestMax,\r | |
272 | IN CONST CHAR16 *Source,\r | |
273 | IN UINTN Length\r | |
274 | )\r | |
275 | {\r | |
276 | UINTN SourceLen;\r | |
277 | \r | |
278 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
279 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
280 | \r | |
281 | //\r | |
282 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
283 | //\r | |
284 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
285 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
286 | \r | |
287 | //\r | |
288 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX\r | |
289 | //\r | |
290 | if (RSIZE_MAX != 0) {\r | |
291 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
292 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
293 | }\r | |
294 | \r | |
295 | //\r | |
296 | // 3. DestMax shall not equal zero.\r | |
297 | //\r | |
298 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
299 | \r | |
300 | //\r | |
301 | // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
302 | //\r | |
303 | SourceLen = StrnLenS (Source, DestMax);\r | |
304 | if (Length >= DestMax) {\r | |
305 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
306 | }\r | |
307 | \r | |
308 | //\r | |
309 | // 5. Copying shall not take place between objects that overlap.\r | |
310 | //\r | |
311 | if (SourceLen > Length) {\r | |
312 | SourceLen = Length;\r | |
313 | }\r | |
314 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
315 | \r | |
316 | //\r | |
317 | // The StrnCpyS function copies not more than Length successive characters (characters that\r | |
318 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
319 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
320 | // character.\r | |
321 | //\r | |
322 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
323 | *(Destination++) = *(Source++);\r | |
324 | SourceLen--;\r | |
325 | }\r | |
326 | *Destination = 0;\r | |
327 | \r | |
328 | return RETURN_SUCCESS;\r | |
329 | }\r | |
330 | \r | |
331 | /**\r | |
332 | Appends a copy of the string pointed to by Source (including the terminating\r | |
333 | null char) to the end of the string pointed to by Destination.\r | |
334 | \r | |
328f84b1 JY |
335 | This function is similar as strcat_s defined in C11.\r |
336 | \r | |
c058d59f JY |
337 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
338 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 339 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 340 | \r |
328f84b1 JY |
341 | If an error is returned, then the Destination is unmodified.\r |
342 | \r | |
c058d59f JY |
343 | @param Destination A pointer to a Null-terminated Unicode string.\r |
344 | @param DestMax The maximum number of Destination Unicode\r | |
345 | char, including terminating null char.\r | |
346 | @param Source A pointer to a Null-terminated Unicode string.\r | |
347 | \r | |
348 | @retval RETURN_SUCCESS String is appended.\r | |
349 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
350 | StrLen(Destination).\r | |
351 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
352 | greater than StrLen(Source).\r | |
353 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
354 | If Source is NULL.\r | |
355 | If PcdMaximumUnicodeStringLength is not zero,\r | |
356 | and DestMax is greater than \r | |
357 | PcdMaximumUnicodeStringLength.\r | |
358 | If DestMax is 0.\r | |
359 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
360 | **/\r | |
361 | RETURN_STATUS\r | |
362 | EFIAPI\r | |
363 | StrCatS (\r | |
364 | IN OUT CHAR16 *Destination,\r | |
365 | IN UINTN DestMax,\r | |
366 | IN CONST CHAR16 *Source\r | |
367 | )\r | |
368 | {\r | |
369 | UINTN DestLen;\r | |
370 | UINTN CopyLen;\r | |
371 | UINTN SourceLen;\r | |
372 | \r | |
373 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
374 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
375 | \r | |
376 | //\r | |
377 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.\r | |
378 | //\r | |
379 | DestLen = StrnLenS (Destination, DestMax);\r | |
380 | CopyLen = DestMax - DestLen;\r | |
381 | \r | |
382 | //\r | |
383 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
384 | //\r | |
385 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
386 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
387 | \r | |
388 | //\r | |
389 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
390 | //\r | |
391 | if (RSIZE_MAX != 0) {\r | |
392 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
393 | }\r | |
394 | \r | |
395 | //\r | |
396 | // 3. DestMax shall not equal zero.\r | |
397 | //\r | |
398 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
399 | \r | |
400 | //\r | |
401 | // 4. CopyLen shall not equal zero.\r | |
402 | //\r | |
403 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
404 | \r | |
405 | //\r | |
406 | // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
407 | //\r | |
408 | SourceLen = StrnLenS (Source, CopyLen);\r | |
409 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
410 | \r | |
411 | //\r | |
412 | // 6. Copying shall not take place between objects that overlap.\r | |
413 | //\r | |
414 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
415 | \r | |
416 | //\r | |
417 | // The StrCatS function appends a copy of the string pointed to by Source (including the\r | |
418 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
419 | // from Source overwrites the null character at the end of Destination.\r | |
420 | //\r | |
421 | Destination = Destination + DestLen;\r | |
422 | while (*Source != 0) {\r | |
423 | *(Destination++) = *(Source++);\r | |
424 | }\r | |
425 | *Destination = 0;\r | |
426 | \r | |
427 | return RETURN_SUCCESS;\r | |
428 | }\r | |
429 | \r | |
430 | /**\r | |
431 | Appends not more than Length successive char from the string pointed to by\r | |
432 | Source to the end of the string pointed to by Destination. If no null char is\r | |
433 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
434 | set to null.\r | |
435 | \r | |
328f84b1 JY |
436 | This function is similar as strncat_s defined in C11.\r |
437 | \r | |
c058d59f | 438 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
0e93edbb JY |
439 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r |
440 | If an error would be returned, then the function will also ASSERT().\r | |
c058d59f | 441 | \r |
328f84b1 JY |
442 | If an error is returned, then the Destination is unmodified.\r |
443 | \r | |
c058d59f JY |
444 | @param Destination A pointer to a Null-terminated Unicode string.\r |
445 | @param DestMax The maximum number of Destination Unicode\r | |
446 | char, including terminating null char.\r | |
447 | @param Source A pointer to a Null-terminated Unicode string.\r | |
448 | @param Length The maximum number of Unicode characters to copy.\r | |
449 | \r | |
450 | @retval RETURN_SUCCESS String is appended.\r | |
451 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
452 | StrLen(Destination).\r | |
453 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
454 | greater than MIN(StrLen(Source), Length).\r | |
455 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
456 | If Source is NULL.\r | |
457 | If PcdMaximumUnicodeStringLength is not zero,\r | |
458 | and DestMax is greater than \r | |
459 | PcdMaximumUnicodeStringLength.\r | |
460 | If DestMax is 0.\r | |
461 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
462 | **/\r | |
463 | RETURN_STATUS\r | |
464 | EFIAPI\r | |
465 | StrnCatS (\r | |
466 | IN OUT CHAR16 *Destination,\r | |
467 | IN UINTN DestMax,\r | |
468 | IN CONST CHAR16 *Source,\r | |
469 | IN UINTN Length\r | |
470 | )\r | |
471 | {\r | |
472 | UINTN DestLen;\r | |
473 | UINTN CopyLen;\r | |
474 | UINTN SourceLen;\r | |
475 | \r | |
476 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
477 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
478 | \r | |
479 | //\r | |
480 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.\r | |
481 | //\r | |
482 | DestLen = StrnLenS (Destination, DestMax);\r | |
483 | CopyLen = DestMax - DestLen;\r | |
484 | \r | |
485 | //\r | |
486 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
487 | //\r | |
488 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
489 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
490 | \r | |
491 | //\r | |
492 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.\r | |
493 | //\r | |
494 | if (RSIZE_MAX != 0) {\r | |
495 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
496 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
497 | }\r | |
498 | \r | |
499 | //\r | |
500 | // 3. DestMax shall not equal zero.\r | |
501 | //\r | |
502 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
503 | \r | |
504 | //\r | |
505 | // 4. CopyLen shall not equal zero.\r | |
506 | //\r | |
507 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
508 | \r | |
509 | //\r | |
510 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
511 | //\r | |
512 | SourceLen = StrnLenS (Source, CopyLen);\r | |
513 | if (Length >= CopyLen) {\r | |
514 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
515 | }\r | |
516 | \r | |
517 | //\r | |
518 | // 6. Copying shall not take place between objects that overlap.\r | |
519 | //\r | |
520 | if (SourceLen > Length) {\r | |
521 | SourceLen = Length;\r | |
522 | }\r | |
523 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
524 | \r | |
525 | //\r | |
526 | // The StrnCatS function appends not more than Length successive characters (characters\r | |
527 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
528 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
529 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
530 | // a null character.\r | |
531 | //\r | |
532 | Destination = Destination + DestLen;\r | |
533 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
534 | *(Destination++) = *(Source++);\r | |
535 | SourceLen--;\r | |
536 | }\r | |
537 | *Destination = 0;\r | |
538 | \r | |
539 | return RETURN_SUCCESS;\r | |
540 | }\r | |
541 | \r | |
542 | /**\r | |
543 | Returns the length of a Null-terminated Ascii string.\r | |
544 | \r | |
328f84b1 JY |
545 | This function is similar as strlen_s defined in C11.\r |
546 | \r | |
c058d59f JY |
547 | @param String A pointer to a Null-terminated Ascii string.\r |
548 | @param MaxSize The maximum number of Destination Ascii\r | |
549 | char, including terminating null char.\r | |
550 | \r | |
551 | @retval 0 If String is NULL.\r | |
552 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
553 | @return The number of characters that percede the terminating null character.\r | |
554 | \r | |
555 | **/\r | |
556 | UINTN\r | |
557 | EFIAPI\r | |
558 | AsciiStrnLenS (\r | |
559 | IN CONST CHAR8 *String,\r | |
560 | IN UINTN MaxSize\r | |
561 | )\r | |
562 | {\r | |
563 | UINTN Length;\r | |
564 | \r | |
565 | //\r | |
566 | // If String is a null pointer, then the AsciiStrnLenS function returns zero.\r | |
567 | //\r | |
568 | if (String == NULL) {\r | |
569 | return 0;\r | |
570 | }\r | |
571 | \r | |
572 | //\r | |
573 | // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the\r | |
574 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
575 | // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
576 | // be accessed by AsciiStrnLenS.\r | |
577 | //\r | |
c07c517c HW |
578 | Length = 0;\r |
579 | while (String[Length] != 0) {\r | |
580 | if (Length >= MaxSize - 1) {\r | |
581 | return MaxSize;\r | |
582 | }\r | |
583 | Length++;\r | |
c058d59f JY |
584 | }\r |
585 | return Length;\r | |
586 | }\r | |
587 | \r | |
588 | /**\r | |
589 | Copies the string pointed to by Source (including the terminating null char)\r | |
590 | to the array pointed to by Destination.\r | |
591 | \r | |
328f84b1 JY |
592 | This function is similar as strcpy_s defined in C11.\r |
593 | \r | |
0e93edbb JY |
594 | If an error would be returned, then the function will also ASSERT().\r |
595 | \r | |
328f84b1 JY |
596 | If an error is returned, then the Destination is unmodified.\r |
597 | \r | |
c058d59f JY |
598 | @param Destination A pointer to a Null-terminated Ascii string.\r |
599 | @param DestMax The maximum number of Destination Ascii\r | |
600 | char, including terminating null char.\r | |
601 | @param Source A pointer to a Null-terminated Ascii string.\r | |
602 | \r | |
603 | @retval RETURN_SUCCESS String is copied.\r | |
604 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
605 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
606 | If Source is NULL.\r | |
607 | If PcdMaximumAsciiStringLength is not zero,\r | |
608 | and DestMax is greater than \r | |
609 | PcdMaximumAsciiStringLength.\r | |
610 | If DestMax is 0.\r | |
611 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
612 | **/\r | |
613 | RETURN_STATUS\r | |
614 | EFIAPI\r | |
615 | AsciiStrCpyS (\r | |
616 | OUT CHAR8 *Destination,\r | |
617 | IN UINTN DestMax,\r | |
618 | IN CONST CHAR8 *Source\r | |
619 | )\r | |
620 | {\r | |
621 | UINTN SourceLen;\r | |
622 | \r | |
623 | //\r | |
624 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
625 | //\r | |
626 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
627 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
628 | \r | |
629 | //\r | |
630 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
631 | //\r | |
632 | if (ASCII_RSIZE_MAX != 0) {\r | |
633 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
634 | }\r | |
635 | \r | |
636 | //\r | |
637 | // 3. DestMax shall not equal zero.\r | |
638 | //\r | |
639 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
640 | \r | |
641 | //\r | |
642 | // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
643 | //\r | |
644 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
645 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
646 | \r | |
647 | //\r | |
648 | // 5. Copying shall not take place between objects that overlap.\r | |
649 | //\r | |
650 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
651 | \r | |
652 | //\r | |
653 | // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating\r | |
654 | // null character) into the array pointed to by Destination.\r | |
655 | //\r | |
656 | while (*Source != 0) {\r | |
657 | *(Destination++) = *(Source++);\r | |
658 | }\r | |
659 | *Destination = 0;\r | |
660 | \r | |
661 | return RETURN_SUCCESS;\r | |
662 | }\r | |
663 | \r | |
664 | /**\r | |
665 | Copies not more than Length successive char from the string pointed to by\r | |
666 | Source to the array pointed to by Destination. If no null char is copied from\r | |
667 | Source, then Destination[Length] is always set to null.\r | |
668 | \r | |
328f84b1 JY |
669 | This function is similar as strncpy_s defined in C11.\r |
670 | \r | |
0e93edbb JY |
671 | If an error would be returned, then the function will also ASSERT().\r |
672 | \r | |
328f84b1 JY |
673 | If an error is returned, then the Destination is unmodified.\r |
674 | \r | |
c058d59f JY |
675 | @param Destination A pointer to a Null-terminated Ascii string.\r |
676 | @param DestMax The maximum number of Destination Ascii\r | |
677 | char, including terminating null char.\r | |
678 | @param Source A pointer to a Null-terminated Ascii string.\r | |
679 | @param Length The maximum number of Ascii characters to copy.\r | |
680 | \r | |
681 | @retval RETURN_SUCCESS String is copied.\r | |
682 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
683 | MIN(StrLen(Source), Length).\r | |
684 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
685 | If Source is NULL.\r | |
686 | If PcdMaximumAsciiStringLength is not zero,\r | |
687 | and DestMax is greater than \r | |
688 | PcdMaximumAsciiStringLength.\r | |
689 | If DestMax is 0.\r | |
690 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
691 | **/\r | |
692 | RETURN_STATUS\r | |
693 | EFIAPI\r | |
694 | AsciiStrnCpyS (\r | |
695 | OUT CHAR8 *Destination,\r | |
696 | IN UINTN DestMax,\r | |
697 | IN CONST CHAR8 *Source,\r | |
698 | IN UINTN Length\r | |
699 | )\r | |
700 | {\r | |
701 | UINTN SourceLen;\r | |
702 | \r | |
703 | //\r | |
704 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
705 | //\r | |
706 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
707 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
708 | \r | |
709 | //\r | |
710 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX\r | |
711 | //\r | |
712 | if (ASCII_RSIZE_MAX != 0) {\r | |
713 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
714 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
715 | }\r | |
716 | \r | |
717 | //\r | |
718 | // 3. DestMax shall not equal zero.\r | |
719 | //\r | |
720 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
721 | \r | |
722 | //\r | |
723 | // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
724 | //\r | |
725 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
726 | if (Length >= DestMax) {\r | |
727 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
728 | }\r | |
729 | \r | |
730 | //\r | |
731 | // 5. Copying shall not take place between objects that overlap.\r | |
732 | //\r | |
733 | if (SourceLen > Length) {\r | |
734 | SourceLen = Length;\r | |
735 | }\r | |
736 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
737 | \r | |
738 | //\r | |
739 | // The AsciiStrnCpyS function copies not more than Length successive characters (characters that\r | |
740 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
741 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
742 | // character.\r | |
743 | //\r | |
744 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
745 | *(Destination++) = *(Source++);\r | |
746 | SourceLen--;\r | |
747 | }\r | |
748 | *Destination = 0;\r | |
749 | \r | |
750 | return RETURN_SUCCESS;\r | |
751 | }\r | |
752 | \r | |
753 | /**\r | |
754 | Appends a copy of the string pointed to by Source (including the terminating\r | |
755 | null char) to the end of the string pointed to by Destination.\r | |
756 | \r | |
328f84b1 JY |
757 | This function is similar as strcat_s defined in C11.\r |
758 | \r | |
0e93edbb JY |
759 | If an error would be returned, then the function will also ASSERT().\r |
760 | \r | |
328f84b1 JY |
761 | If an error is returned, then the Destination is unmodified.\r |
762 | \r | |
c058d59f JY |
763 | @param Destination A pointer to a Null-terminated Ascii string.\r |
764 | @param DestMax The maximum number of Destination Ascii\r | |
765 | char, including terminating null char.\r | |
766 | @param Source A pointer to a Null-terminated Ascii string.\r | |
767 | \r | |
768 | @retval RETURN_SUCCESS String is appended.\r | |
769 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
770 | StrLen(Destination).\r | |
771 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
772 | greater than StrLen(Source).\r | |
773 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
774 | If Source is NULL.\r | |
775 | If PcdMaximumAsciiStringLength is not zero,\r | |
776 | and DestMax is greater than \r | |
777 | PcdMaximumAsciiStringLength.\r | |
778 | If DestMax is 0.\r | |
779 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
780 | **/\r | |
781 | RETURN_STATUS\r | |
782 | EFIAPI\r | |
783 | AsciiStrCatS (\r | |
784 | IN OUT CHAR8 *Destination,\r | |
785 | IN UINTN DestMax,\r | |
786 | IN CONST CHAR8 *Source\r | |
787 | )\r | |
788 | {\r | |
789 | UINTN DestLen;\r | |
790 | UINTN CopyLen;\r | |
791 | UINTN SourceLen;\r | |
792 | \r | |
793 | //\r | |
794 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.\r | |
795 | //\r | |
796 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
797 | CopyLen = DestMax - DestLen;\r | |
798 | \r | |
799 | //\r | |
800 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
801 | //\r | |
802 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
803 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
804 | \r | |
805 | //\r | |
806 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
807 | //\r | |
808 | if (ASCII_RSIZE_MAX != 0) {\r | |
809 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
810 | }\r | |
811 | \r | |
812 | //\r | |
813 | // 3. DestMax shall not equal zero.\r | |
814 | //\r | |
815 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
816 | \r | |
817 | //\r | |
818 | // 4. CopyLen shall not equal zero.\r | |
819 | //\r | |
820 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
821 | \r | |
822 | //\r | |
823 | // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
824 | //\r | |
825 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
826 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
827 | \r | |
828 | //\r | |
829 | // 6. Copying shall not take place between objects that overlap.\r | |
830 | //\r | |
831 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
832 | \r | |
833 | //\r | |
834 | // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the\r | |
835 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
836 | // from Source overwrites the null character at the end of Destination.\r | |
837 | //\r | |
838 | Destination = Destination + DestLen;\r | |
839 | while (*Source != 0) {\r | |
840 | *(Destination++) = *(Source++);\r | |
841 | }\r | |
842 | *Destination = 0;\r | |
843 | \r | |
844 | return RETURN_SUCCESS;\r | |
845 | }\r | |
846 | \r | |
847 | /**\r | |
848 | Appends not more than Length successive char from the string pointed to by\r | |
849 | Source to the end of the string pointed to by Destination. If no null char is\r | |
850 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
851 | set to null.\r | |
852 | \r | |
328f84b1 JY |
853 | This function is similar as strncat_s defined in C11.\r |
854 | \r | |
0e93edbb JY |
855 | If an error would be returned, then the function will also ASSERT().\r |
856 | \r | |
328f84b1 JY |
857 | If an error is returned, then the Destination is unmodified.\r |
858 | \r | |
c058d59f JY |
859 | @param Destination A pointer to a Null-terminated Ascii string.\r |
860 | @param DestMax The maximum number of Destination Ascii\r | |
861 | char, including terminating null char.\r | |
862 | @param Source A pointer to a Null-terminated Ascii string.\r | |
863 | @param Length The maximum number of Ascii characters to copy.\r | |
864 | \r | |
865 | @retval RETURN_SUCCESS String is appended.\r | |
866 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
867 | StrLen(Destination).\r | |
868 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
869 | greater than MIN(StrLen(Source), Length).\r | |
870 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
871 | If Source is NULL.\r | |
872 | If PcdMaximumAsciiStringLength is not zero,\r | |
873 | and DestMax is greater than \r | |
874 | PcdMaximumAsciiStringLength.\r | |
875 | If DestMax is 0.\r | |
876 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
877 | **/\r | |
878 | RETURN_STATUS\r | |
879 | EFIAPI\r | |
880 | AsciiStrnCatS (\r | |
881 | IN OUT CHAR8 *Destination,\r | |
882 | IN UINTN DestMax,\r | |
883 | IN CONST CHAR8 *Source,\r | |
884 | IN UINTN Length\r | |
885 | )\r | |
886 | {\r | |
887 | UINTN DestLen;\r | |
888 | UINTN CopyLen;\r | |
889 | UINTN SourceLen;\r | |
890 | \r | |
891 | //\r | |
892 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.\r | |
893 | //\r | |
894 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
895 | CopyLen = DestMax - DestLen;\r | |
896 | \r | |
897 | //\r | |
898 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
899 | //\r | |
900 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
901 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
902 | \r | |
903 | //\r | |
904 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.\r | |
905 | //\r | |
906 | if (ASCII_RSIZE_MAX != 0) {\r | |
907 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
908 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
909 | }\r | |
910 | \r | |
911 | //\r | |
912 | // 3. DestMax shall not equal zero.\r | |
913 | //\r | |
914 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
915 | \r | |
916 | //\r | |
917 | // 4. CopyLen shall not equal zero.\r | |
918 | //\r | |
919 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
920 | \r | |
921 | //\r | |
922 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
923 | //\r | |
924 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
925 | if (Length >= CopyLen) {\r | |
926 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
927 | }\r | |
928 | \r | |
929 | //\r | |
930 | // 6. Copying shall not take place between objects that overlap.\r | |
931 | //\r | |
932 | if (SourceLen > Length) {\r | |
933 | SourceLen = Length;\r | |
934 | }\r | |
935 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
936 | \r | |
937 | //\r | |
938 | // The AsciiStrnCatS function appends not more than Length successive characters (characters\r | |
939 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
940 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
941 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
942 | // a null character.\r | |
943 | //\r | |
944 | Destination = Destination + DestLen;\r | |
945 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
946 | *(Destination++) = *(Source++);\r | |
947 | SourceLen--;\r | |
948 | }\r | |
949 | *Destination = 0;\r | |
950 | \r | |
951 | return RETURN_SUCCESS;\r | |
952 | }\r | |
3ab41b7a JY |
953 | \r |
954 | /**\r | |
955 | Convert a Null-terminated Unicode string to a Null-terminated\r | |
956 | ASCII string.\r | |
957 | \r | |
958 | This function is similar to AsciiStrCpyS.\r | |
959 | \r | |
960 | This function converts the content of the Unicode string Source\r | |
961 | to the ASCII string Destination by copying the lower 8 bits of\r | |
962 | each Unicode character. The function terminates the ASCII string\r | |
963 | Destination by appending a Null-terminator character at the end.\r | |
964 | \r | |
965 | The caller is responsible to make sure Destination points to a buffer with size\r | |
966 | equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.\r | |
967 | \r | |
968 | If any Unicode characters in Source contain non-zero value in\r | |
969 | the upper 8 bits, then ASSERT().\r | |
970 | \r | |
971 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
972 | If an error would be returned, then the function will also ASSERT().\r | |
973 | \r | |
974 | If an error is returned, then the Destination is unmodified.\r | |
975 | \r | |
976 | @param Source The pointer to a Null-terminated Unicode string.\r | |
977 | @param Destination The pointer to a Null-terminated ASCII string.\r | |
978 | @param DestMax The maximum number of Destination Ascii\r | |
979 | char, including terminating null char.\r | |
980 | \r | |
981 | @retval RETURN_SUCCESS String is converted.\r | |
982 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
983 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
984 | If Source is NULL.\r | |
985 | If PcdMaximumAsciiStringLength is not zero,\r | |
986 | and DestMax is greater than\r | |
987 | PcdMaximumAsciiStringLength.\r | |
988 | If PcdMaximumUnicodeStringLength is not zero,\r | |
989 | and DestMax is greater than\r | |
990 | PcdMaximumUnicodeStringLength.\r | |
991 | If DestMax is 0.\r | |
992 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
993 | \r | |
994 | **/\r | |
995 | RETURN_STATUS\r | |
996 | EFIAPI\r | |
997 | UnicodeStrToAsciiStrS (\r | |
998 | IN CONST CHAR16 *Source,\r | |
999 | OUT CHAR8 *Destination,\r | |
1000 | IN UINTN DestMax\r | |
1001 | )\r | |
1002 | {\r | |
1003 | UINTN SourceLen;\r | |
1004 | \r | |
1005 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
1006 | \r | |
1007 | //\r | |
1008 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
1009 | //\r | |
1010 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
1011 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
1012 | \r | |
1013 | //\r | |
1014 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.\r | |
1015 | //\r | |
1016 | if (ASCII_RSIZE_MAX != 0) {\r | |
1017 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1018 | }\r | |
1019 | if (RSIZE_MAX != 0) {\r | |
1020 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1021 | }\r | |
1022 | \r | |
1023 | //\r | |
1024 | // 3. DestMax shall not equal zero.\r | |
1025 | //\r | |
1026 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
1027 | \r | |
1028 | //\r | |
1029 | // 4. DestMax shall be greater than StrnLenS (Source, DestMax).\r | |
1030 | //\r | |
1031 | SourceLen = StrnLenS (Source, DestMax);\r | |
1032 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
1033 | \r | |
1034 | //\r | |
1035 | // 5. Copying shall not take place between objects that overlap.\r | |
1036 | //\r | |
1037 | SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)), RETURN_ACCESS_DENIED);\r | |
1038 | \r | |
1039 | //\r | |
1040 | // convert string\r | |
1041 | //\r | |
1042 | while (*Source != '\0') {\r | |
1043 | //\r | |
1044 | // If any Unicode characters in Source contain\r | |
1045 | // non-zero value in the upper 8 bits, then ASSERT().\r | |
1046 | //\r | |
1047 | ASSERT (*Source < 0x100);\r | |
1048 | *(Destination++) = (CHAR8) *(Source++);\r | |
1049 | }\r | |
1050 | *Destination = '\0';\r | |
1051 | \r | |
1052 | return RETURN_SUCCESS;\r | |
1053 | }\r | |
1054 | \r | |
1055 | \r | |
1056 | /**\r | |
1057 | Convert one Null-terminated ASCII string to a Null-terminated\r | |
1058 | Unicode string.\r | |
1059 | \r | |
1060 | This function is similar to StrCpyS.\r | |
1061 | \r | |
1062 | This function converts the contents of the ASCII string Source to the Unicode\r | |
1063 | string Destination. The function terminates the Unicode string Destination by\r | |
1064 | appending a Null-terminator character at the end.\r | |
1065 | \r | |
1066 | The caller is responsible to make sure Destination points to a buffer with size\r | |
1067 | equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.\r | |
1068 | \r | |
1069 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
1070 | If an error would be returned, then the function will also ASSERT().\r | |
1071 | \r | |
1072 | If an error is returned, then the Destination is unmodified.\r | |
1073 | \r | |
1074 | @param Source The pointer to a Null-terminated ASCII string.\r | |
1075 | @param Destination The pointer to a Null-terminated Unicode string.\r | |
1076 | @param DestMax The maximum number of Destination Unicode\r | |
1077 | char, including terminating null char.\r | |
1078 | \r | |
1079 | @retval RETURN_SUCCESS String is converted.\r | |
1080 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
1081 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
1082 | If Source is NULL.\r | |
1083 | If PcdMaximumUnicodeStringLength is not zero,\r | |
1084 | and DestMax is greater than\r | |
1085 | PcdMaximumUnicodeStringLength.\r | |
1086 | If PcdMaximumAsciiStringLength is not zero,\r | |
1087 | and DestMax is greater than\r | |
1088 | PcdMaximumAsciiStringLength.\r | |
1089 | If DestMax is 0.\r | |
1090 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
1091 | \r | |
1092 | **/\r | |
1093 | RETURN_STATUS\r | |
1094 | EFIAPI\r | |
1095 | AsciiStrToUnicodeStrS (\r | |
1096 | IN CONST CHAR8 *Source,\r | |
1097 | OUT CHAR16 *Destination,\r | |
1098 | IN UINTN DestMax\r | |
1099 | )\r | |
1100 | {\r | |
1101 | UINTN SourceLen;\r | |
1102 | \r | |
1103 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
1104 | \r | |
1105 | //\r | |
1106 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
1107 | //\r | |
1108 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
1109 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
1110 | \r | |
1111 | //\r | |
1112 | // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.\r | |
1113 | //\r | |
1114 | if (RSIZE_MAX != 0) {\r | |
1115 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1116 | }\r | |
1117 | if (ASCII_RSIZE_MAX != 0) {\r | |
1118 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1119 | }\r | |
1120 | \r | |
1121 | //\r | |
1122 | // 3. DestMax shall not equal zero.\r | |
1123 | //\r | |
1124 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
1125 | \r | |
1126 | //\r | |
1127 | // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
1128 | //\r | |
1129 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
1130 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
1131 | \r | |
1132 | //\r | |
1133 | // 5. Copying shall not take place between objects that overlap.\r | |
1134 | //\r | |
1135 | SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
1136 | \r | |
1137 | //\r | |
1138 | // Convert string\r | |
1139 | //\r | |
1140 | while (*Source != '\0') {\r | |
1141 | *(Destination++) = (CHAR16)*(Source++);\r | |
1142 | }\r | |
1143 | *Destination = '\0';\r | |
1144 | \r | |
1145 | return RETURN_SUCCESS;\r | |
1146 | }\r |