]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Library/BaseLib/SafeString.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg Tcg2ConfigDxe: Typecast to (CHAR8*) as para of AsciiStrSize
[mirror_edk2.git] / MdePkg / Library / BaseLib / SafeString.c
CommitLineData
c058d59f
JY		 1/** @file\r
2 Safe String functions.\r
3\r
3ab41b7a 4 Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>\r
c058d59f
JY		 5 This program and the accompanying materials\r
6 are licensed and made available under the terms and conditions of the BSD License\r
7 which accompanies this distribution. The full text of the license may be found at\r
8 http://opensource.org/licenses/bsd-license.php.\r
9\r
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <Base.h>\r
16#include <Library/DebugLib.h>\r
17#include <Library/PcdLib.h>\r
18#include <Library/BaseLib.h>\r
19\r
20#define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))\r
21\r
22#define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))\r
23\r
24#define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \\r
25 do { \\r
26 ASSERT (Expression); \\r
27 if (!(Expression)) { \\r
28 return Status; \\r
29 } \\r
30 } while (FALSE)\r
31\r
32/**\r
33 Returns if 2 memory blocks are overlapped.\r
34\r
35 @param Base1 Base address of 1st memory block.\r
36 @param Size1 Size of 1st memory block.\r
37 @param Base2 Base address of 2nd memory block.\r
38 @param Size2 Size of 2nd memory block.\r
39\r
40 @retval TRUE 2 memory blocks are overlapped.\r
41 @retval FALSE 2 memory blocks are not overlapped.\r
42**/\r
43BOOLEAN\r
44InternalSafeStringIsOverlap (\r
45 IN VOID *Base1,\r
46 IN UINTN Size1,\r
47 IN VOID *Base2,\r
48 IN UINTN Size2\r
49 )\r
50{\r
51 if ((((UINTN)Base1 >= (UINTN)Base2) && ((UINTN)Base1 < (UINTN)Base2 + Size2)) ||\r
52 (((UINTN)Base2 >= (UINTN)Base1) && ((UINTN)Base2 < (UINTN)Base1 + Size1))) {\r
53 return TRUE;\r
54 }\r
55 return FALSE;\r
56}\r
57\r
58/**\r
59 Returns if 2 Unicode strings are not overlapped.\r
60\r
61 @param Str1 Start address of 1st Unicode string.\r
62 @param Size1 The number of char in 1st Unicode string,\r
63 including terminating null char.\r
64 @param Str2 Start address of 2nd Unicode string.\r
65 @param Size2 The number of char in 2nd Unicode string,\r
66 including terminating null char.\r
67\r
68 @retval TRUE 2 Unicode strings are NOT overlapped.\r
69 @retval FALSE 2 Unicode strings are overlapped.\r
70**/\r
71BOOLEAN\r
72InternalSafeStringNoStrOverlap (\r
73 IN CHAR16 *Str1,\r
74 IN UINTN Size1,\r
75 IN CHAR16 *Str2,\r
76 IN UINTN Size2\r
77 )\r
78{\r
79 return !InternalSafeStringIsOverlap (Str1, Size1 * sizeof(CHAR16), Str2, Size2 * sizeof(CHAR16));\r
80}\r
81\r
82/**\r
83 Returns if 2 Ascii strings are not overlapped.\r
84\r
85 @param Str1 Start address of 1st Ascii string.\r
86 @param Size1 The number of char in 1st Ascii string,\r
87 including terminating null char.\r
88 @param Str2 Start address of 2nd Ascii string.\r
89 @param Size2 The number of char in 2nd Ascii string,\r
90 including terminating null char.\r
91\r
92 @retval TRUE 2 Ascii strings are NOT overlapped.\r
93 @retval FALSE 2 Ascii strings are overlapped.\r
94**/\r
95BOOLEAN\r
96InternalSafeStringNoAsciiStrOverlap (\r
97 IN CHAR8 *Str1,\r
98 IN UINTN Size1,\r
99 IN CHAR8 *Str2,\r
100 IN UINTN Size2\r
101 )\r
102{\r
103 return !InternalSafeStringIsOverlap (Str1, Size1, Str2, Size2);\r
104}\r
105\r
106/**\r
107 Returns the length of a Null-terminated Unicode string.\r
108\r
328f84b1
JY		 109 This function is similar as strlen_s defined in C11.\r
110\r
c058d59f
JY		 111 If String is not aligned on a 16-bit boundary, then ASSERT().\r
112\r
113 @param String A pointer to a Null-terminated Unicode string.\r
114 @param MaxSize The maximum number of Destination Unicode\r
115 char, including terminating null char.\r
116\r
117 @retval 0 If String is NULL.\r
118 @retval MaxSize If there is no null character in the first MaxSize characters of String.\r
119 @return The number of characters that percede the terminating null character.\r
120\r
121**/\r
122UINTN\r
123EFIAPI\r
124StrnLenS (\r
125 IN CONST CHAR16 *String,\r
126 IN UINTN MaxSize\r
127 )\r
128{\r
129 UINTN Length;\r
130\r
131 ASSERT (((UINTN) String & BIT0) == 0);\r
132\r
133 //\r
134 // If String is a null pointer, then the StrnLenS function returns zero.\r
135 //\r
136 if (String == NULL) {\r
137 return 0;\r
138 }\r
139\r
140 //\r
141 // Otherwise, the StrnLenS function returns the number of characters that precede the\r
142 // terminating null character. If there is no null character in the first MaxSize characters of\r
143 // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r
144 // be accessed by StrnLenS.\r
145 //\r
c07c517c
HW		 146 Length = 0;\r
147 while (String[Length] != 0) {\r
148 if (Length >= MaxSize - 1) {\r
149 return MaxSize;\r
150 }\r
151 Length++;\r
c058d59f
JY		 152 }\r
153 return Length;\r
154}\r
155\r
156/**\r
157 Copies the string pointed to by Source (including the terminating null char)\r
158 to the array pointed to by Destination.\r
159\r
328f84b1
JY		 160 This function is similar as strcpy_s defined in C11.\r
161\r
c058d59f
JY		 162 If Destination is not aligned on a 16-bit boundary, then ASSERT().\r
163 If Source is not aligned on a 16-bit boundary, then ASSERT().\r
0e93edbb 164 If an error would be returned, then the function will also ASSERT().\r
c058d59f 165\r
328f84b1
JY		 166 If an error is returned, then the Destination is unmodified.\r
167\r
c058d59f
JY		 168 @param Destination A pointer to a Null-terminated Unicode string.\r
169 @param DestMax The maximum number of Destination Unicode\r
170 char, including terminating null char.\r
171 @param Source A pointer to a Null-terminated Unicode string.\r
172\r
173 @retval RETURN_SUCCESS String is copied.\r
174 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r
175 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
176 If Source is NULL.\r
177 If PcdMaximumUnicodeStringLength is not zero,\r
178 and DestMax is greater than \r
179 PcdMaximumUnicodeStringLength.\r
180 If DestMax is 0.\r
181 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
182**/\r
183RETURN_STATUS\r
184EFIAPI\r
185StrCpyS (\r
186 OUT CHAR16 *Destination,\r
187 IN UINTN DestMax,\r
188 IN CONST CHAR16 *Source\r
189 )\r
190{\r
191 UINTN SourceLen;\r
192 \r
193 ASSERT (((UINTN) Destination & BIT0) == 0);\r
194 ASSERT (((UINTN) Source & BIT0) == 0);\r
195\r
196 //\r
197 // 1. Neither Destination nor Source shall be a null pointer.\r
198 //\r
199 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
200 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
201\r
202 //\r
203 // 2. DestMax shall not be greater than RSIZE_MAX.\r
204 //\r
205 if (RSIZE_MAX != 0) {\r
206 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
207 }\r
208\r
209 //\r
210 // 3. DestMax shall not equal zero.\r
211 //\r
212 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
213\r
214 //\r
215 // 4. DestMax shall be greater than StrnLenS(Source, DestMax).\r
216 //\r
217 SourceLen = StrnLenS (Source, DestMax);\r
218 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
219\r
220 //\r
221 // 5. Copying shall not take place between objects that overlap.\r
222 //\r
223 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
224\r
225 //\r
226 // The StrCpyS function copies the string pointed to by Source (including the terminating\r
227 // null character) into the array pointed to by Destination.\r
228 //\r
229 while (*Source != 0) {\r
230 *(Destination++) = *(Source++);\r
231 }\r
232 *Destination = 0;\r
233\r
234 return RETURN_SUCCESS;\r
235}\r
236\r
237/**\r
238 Copies not more than Length successive char from the string pointed to by\r
239 Source to the array pointed to by Destination. If no null char is copied from\r
240 Source, then Destination[Length] is always set to null.\r
241\r
328f84b1
JY		 242 This function is similar as strncpy_s defined in C11.\r
243\r
c058d59f
JY		 244 If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().\r
245 If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().\r
0e93edbb 246 If an error would be returned, then the function will also ASSERT().\r
c058d59f 247\r
328f84b1
JY		 248 If an error is returned, then the Destination is unmodified.\r
249\r
c058d59f
JY		 250 @param Destination A pointer to a Null-terminated Unicode string.\r
251 @param DestMax The maximum number of Destination Unicode\r
252 char, including terminating null char.\r
253 @param Source A pointer to a Null-terminated Unicode string.\r
254 @param Length The maximum number of Unicode characters to copy.\r
255\r
256 @retval RETURN_SUCCESS String is copied.\r
257 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r
258 MIN(StrLen(Source), Length).\r
259 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
260 If Source is NULL.\r
261 If PcdMaximumUnicodeStringLength is not zero,\r
262 and DestMax is greater than \r
263 PcdMaximumUnicodeStringLength.\r
264 If DestMax is 0.\r
265 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
266**/\r
267RETURN_STATUS\r
268EFIAPI\r
269StrnCpyS (\r
270 OUT CHAR16 *Destination,\r
271 IN UINTN DestMax,\r
272 IN CONST CHAR16 *Source,\r
273 IN UINTN Length\r
274 )\r
275{\r
276 UINTN SourceLen;\r
277\r
278 ASSERT (((UINTN) Destination & BIT0) == 0);\r
279 ASSERT (((UINTN) Source & BIT0) == 0);\r
280\r
281 //\r
282 // 1. Neither Destination nor Source shall be a null pointer.\r
283 //\r
284 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
285 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
286\r
287 //\r
288 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX\r
289 //\r
290 if (RSIZE_MAX != 0) {\r
291 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
292 SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
293 }\r
294\r
295 //\r
296 // 3. DestMax shall not equal zero.\r
297 //\r
298 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
299\r
300 //\r
301 // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).\r
302 //\r
303 SourceLen = StrnLenS (Source, DestMax);\r
304 if (Length >= DestMax) {\r
305 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
306 }\r
307\r
308 //\r
309 // 5. Copying shall not take place between objects that overlap.\r
310 //\r
311 if (SourceLen > Length) {\r
312 SourceLen = Length;\r
313 }\r
314 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
315\r
316 //\r
317 // The StrnCpyS function copies not more than Length successive characters (characters that\r
318 // follow a null character are not copied) from the array pointed to by Source to the array\r
319 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r
320 // character.\r
321 //\r
322 while ((*Source != 0) && (SourceLen > 0)) {\r
323 *(Destination++) = *(Source++);\r
324 SourceLen--;\r
325 }\r
326 *Destination = 0;\r
327\r
328 return RETURN_SUCCESS;\r
329}\r
330\r
331/**\r
332 Appends a copy of the string pointed to by Source (including the terminating\r
333 null char) to the end of the string pointed to by Destination.\r
334\r
328f84b1
JY		 335 This function is similar as strcat_s defined in C11.\r
336\r
c058d59f
JY		 337 If Destination is not aligned on a 16-bit boundary, then ASSERT().\r
338 If Source is not aligned on a 16-bit boundary, then ASSERT().\r
0e93edbb 339 If an error would be returned, then the function will also ASSERT().\r
c058d59f 340\r
328f84b1
JY		 341 If an error is returned, then the Destination is unmodified.\r
342\r
c058d59f
JY		 343 @param Destination A pointer to a Null-terminated Unicode string.\r
344 @param DestMax The maximum number of Destination Unicode\r
345 char, including terminating null char.\r
346 @param Source A pointer to a Null-terminated Unicode string.\r
347\r
348 @retval RETURN_SUCCESS String is appended.\r
349 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r
350 StrLen(Destination).\r
351 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r
352 greater than StrLen(Source).\r
353 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
354 If Source is NULL.\r
355 If PcdMaximumUnicodeStringLength is not zero,\r
356 and DestMax is greater than \r
357 PcdMaximumUnicodeStringLength.\r
358 If DestMax is 0.\r
359 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
360**/\r
361RETURN_STATUS\r
362EFIAPI\r
363StrCatS (\r
364 IN OUT CHAR16 *Destination,\r
365 IN UINTN DestMax,\r
366 IN CONST CHAR16 *Source\r
367 )\r
368{\r
369 UINTN DestLen;\r
370 UINTN CopyLen;\r
371 UINTN SourceLen;\r
372 \r
373 ASSERT (((UINTN) Destination & BIT0) == 0);\r
374 ASSERT (((UINTN) Source & BIT0) == 0);\r
375\r
376 //\r
377 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.\r
378 //\r
379 DestLen = StrnLenS (Destination, DestMax);\r
380 CopyLen = DestMax - DestLen;\r
381\r
382 //\r
383 // 1. Neither Destination nor Source shall be a null pointer.\r
384 //\r
385 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
386 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
387\r
388 //\r
389 // 2. DestMax shall not be greater than RSIZE_MAX.\r
390 //\r
391 if (RSIZE_MAX != 0) {\r
392 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
393 }\r
394\r
395 //\r
396 // 3. DestMax shall not equal zero.\r
397 //\r
398 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
399\r
400 //\r
401 // 4. CopyLen shall not equal zero.\r
402 //\r
403 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r
404\r
405 //\r
406 // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).\r
407 //\r
408 SourceLen = StrnLenS (Source, CopyLen);\r
409 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
410\r
411 //\r
412 // 6. Copying shall not take place between objects that overlap.\r
413 //\r
414 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
415\r
416 //\r
417 // The StrCatS function appends a copy of the string pointed to by Source (including the\r
418 // terminating null character) to the end of the string pointed to by Destination. The initial character\r
419 // from Source overwrites the null character at the end of Destination.\r
420 //\r
421 Destination = Destination + DestLen;\r
422 while (*Source != 0) {\r
423 *(Destination++) = *(Source++);\r
424 }\r
425 *Destination = 0;\r
426\r
427 return RETURN_SUCCESS;\r
428}\r
429\r
430/**\r
431 Appends not more than Length successive char from the string pointed to by\r
432 Source to the end of the string pointed to by Destination. If no null char is\r
433 copied from Source, then Destination[StrLen(Destination) + Length] is always\r
434 set to null.\r
435\r
328f84b1
JY		 436 This function is similar as strncat_s defined in C11.\r
437\r
c058d59f 438 If Destination is not aligned on a 16-bit boundary, then ASSERT().\r
0e93edbb
JY		 439 If Source is not aligned on a 16-bit boundary, then ASSERT().\r
440 If an error would be returned, then the function will also ASSERT().\r
c058d59f 441\r
328f84b1
JY		 442 If an error is returned, then the Destination is unmodified.\r
443\r
c058d59f
JY		 444 @param Destination A pointer to a Null-terminated Unicode string.\r
445 @param DestMax The maximum number of Destination Unicode\r
446 char, including terminating null char.\r
447 @param Source A pointer to a Null-terminated Unicode string.\r
448 @param Length The maximum number of Unicode characters to copy.\r
449\r
450 @retval RETURN_SUCCESS String is appended.\r
451 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r
452 StrLen(Destination).\r
453 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r
454 greater than MIN(StrLen(Source), Length).\r
455 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
456 If Source is NULL.\r
457 If PcdMaximumUnicodeStringLength is not zero,\r
458 and DestMax is greater than \r
459 PcdMaximumUnicodeStringLength.\r
460 If DestMax is 0.\r
461 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
462**/\r
463RETURN_STATUS\r
464EFIAPI\r
465StrnCatS (\r
466 IN OUT CHAR16 *Destination,\r
467 IN UINTN DestMax,\r
468 IN CONST CHAR16 *Source,\r
469 IN UINTN Length\r
470 )\r
471{\r
472 UINTN DestLen;\r
473 UINTN CopyLen;\r
474 UINTN SourceLen;\r
475 \r
476 ASSERT (((UINTN) Destination & BIT0) == 0);\r
477 ASSERT (((UINTN) Source & BIT0) == 0);\r
478\r
479 //\r
480 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.\r
481 //\r
482 DestLen = StrnLenS (Destination, DestMax);\r
483 CopyLen = DestMax - DestLen;\r
484\r
485 //\r
486 // 1. Neither Destination nor Source shall be a null pointer.\r
487 //\r
488 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
489 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
490\r
491 //\r
492 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.\r
493 //\r
494 if (RSIZE_MAX != 0) {\r
495 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
496 SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
497 }\r
498\r
499 //\r
500 // 3. DestMax shall not equal zero.\r
501 //\r
502 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
503\r
504 //\r
505 // 4. CopyLen shall not equal zero.\r
506 //\r
507 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r
508\r
509 //\r
510 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).\r
511 //\r
512 SourceLen = StrnLenS (Source, CopyLen);\r
513 if (Length >= CopyLen) {\r
514 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
515 }\r
516\r
517 //\r
518 // 6. Copying shall not take place between objects that overlap.\r
519 //\r
520 if (SourceLen > Length) {\r
521 SourceLen = Length;\r
522 }\r
523 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
524\r
525 //\r
526 // The StrnCatS function appends not more than Length successive characters (characters\r
527 // that follow a null character are not copied) from the array pointed to by Source to the end of\r
528 // the string pointed to by Destination. The initial character from Source overwrites the null character at\r
529 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r
530 // a null character.\r
531 //\r
532 Destination = Destination + DestLen;\r
533 while ((*Source != 0) && (SourceLen > 0)) {\r
534 *(Destination++) = *(Source++);\r
535 SourceLen--;\r
536 }\r
537 *Destination = 0;\r
538\r
539 return RETURN_SUCCESS;\r
540}\r
541\r
542/**\r
543 Returns the length of a Null-terminated Ascii string.\r
544\r
328f84b1
JY		 545 This function is similar as strlen_s defined in C11.\r
546\r
c058d59f
JY		 547 @param String A pointer to a Null-terminated Ascii string.\r
548 @param MaxSize The maximum number of Destination Ascii\r
549 char, including terminating null char.\r
550\r
551 @retval 0 If String is NULL.\r
552 @retval MaxSize If there is no null character in the first MaxSize characters of String.\r
553 @return The number of characters that percede the terminating null character.\r
554\r
555**/\r
556UINTN\r
557EFIAPI\r
558AsciiStrnLenS (\r
559 IN CONST CHAR8 *String,\r
560 IN UINTN MaxSize\r
561 )\r
562{\r
563 UINTN Length;\r
564\r
565 //\r
566 // If String is a null pointer, then the AsciiStrnLenS function returns zero.\r
567 //\r
568 if (String == NULL) {\r
569 return 0;\r
570 }\r
571\r
572 //\r
573 // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the\r
574 // terminating null character. If there is no null character in the first MaxSize characters of\r
575 // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r
576 // be accessed by AsciiStrnLenS.\r
577 //\r
c07c517c
HW		 578 Length = 0;\r
579 while (String[Length] != 0) {\r
580 if (Length >= MaxSize - 1) {\r
581 return MaxSize;\r
582 }\r
583 Length++;\r
c058d59f
JY		 584 }\r
585 return Length;\r
586}\r
587\r
588/**\r
589 Copies the string pointed to by Source (including the terminating null char)\r
590 to the array pointed to by Destination.\r
591\r
328f84b1
JY		 592 This function is similar as strcpy_s defined in C11.\r
593\r
0e93edbb
JY		 594 If an error would be returned, then the function will also ASSERT().\r
595\r
328f84b1
JY		 596 If an error is returned, then the Destination is unmodified.\r
597\r
c058d59f
JY		 598 @param Destination A pointer to a Null-terminated Ascii string.\r
599 @param DestMax The maximum number of Destination Ascii\r
600 char, including terminating null char.\r
601 @param Source A pointer to a Null-terminated Ascii string.\r
602\r
603 @retval RETURN_SUCCESS String is copied.\r
604 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r
605 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
606 If Source is NULL.\r
607 If PcdMaximumAsciiStringLength is not zero,\r
608 and DestMax is greater than \r
609 PcdMaximumAsciiStringLength.\r
610 If DestMax is 0.\r
611 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
612**/\r
613RETURN_STATUS\r
614EFIAPI\r
615AsciiStrCpyS (\r
616 OUT CHAR8 *Destination,\r
617 IN UINTN DestMax,\r
618 IN CONST CHAR8 *Source\r
619 )\r
620{\r
621 UINTN SourceLen;\r
622 \r
623 //\r
624 // 1. Neither Destination nor Source shall be a null pointer.\r
625 //\r
626 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
627 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
628\r
629 //\r
630 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r
631 //\r
632 if (ASCII_RSIZE_MAX != 0) {\r
633 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
634 }\r
635\r
636 //\r
637 // 3. DestMax shall not equal zero.\r
638 //\r
639 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
640\r
641 //\r
642 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r
643 //\r
644 SourceLen = AsciiStrnLenS (Source, DestMax);\r
645 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
646\r
647 //\r
648 // 5. Copying shall not take place between objects that overlap.\r
649 //\r
650 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
651\r
652 //\r
653 // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating\r
654 // null character) into the array pointed to by Destination.\r
655 //\r
656 while (*Source != 0) {\r
657 *(Destination++) = *(Source++);\r
658 }\r
659 *Destination = 0;\r
660\r
661 return RETURN_SUCCESS;\r
662}\r
663\r
664/**\r
665 Copies not more than Length successive char from the string pointed to by\r
666 Source to the array pointed to by Destination. If no null char is copied from\r
667 Source, then Destination[Length] is always set to null.\r
668\r
328f84b1
JY		 669 This function is similar as strncpy_s defined in C11.\r
670\r
0e93edbb
JY		 671 If an error would be returned, then the function will also ASSERT().\r
672\r
328f84b1
JY		 673 If an error is returned, then the Destination is unmodified.\r
674\r
c058d59f
JY		 675 @param Destination A pointer to a Null-terminated Ascii string.\r
676 @param DestMax The maximum number of Destination Ascii\r
677 char, including terminating null char.\r
678 @param Source A pointer to a Null-terminated Ascii string.\r
679 @param Length The maximum number of Ascii characters to copy.\r
680\r
681 @retval RETURN_SUCCESS String is copied.\r
682 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r
683 MIN(StrLen(Source), Length).\r
684 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
685 If Source is NULL.\r
686 If PcdMaximumAsciiStringLength is not zero,\r
687 and DestMax is greater than \r
688 PcdMaximumAsciiStringLength.\r
689 If DestMax is 0.\r
690 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
691**/\r
692RETURN_STATUS\r
693EFIAPI\r
694AsciiStrnCpyS (\r
695 OUT CHAR8 *Destination,\r
696 IN UINTN DestMax,\r
697 IN CONST CHAR8 *Source,\r
698 IN UINTN Length\r
699 )\r
700{\r
701 UINTN SourceLen;\r
702\r
703 //\r
704 // 1. Neither Destination nor Source shall be a null pointer.\r
705 //\r
706 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
707 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
708\r
709 //\r
710 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX\r
711 //\r
712 if (ASCII_RSIZE_MAX != 0) {\r
713 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
714 SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
715 }\r
716\r
717 //\r
718 // 3. DestMax shall not equal zero.\r
719 //\r
720 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
721\r
722 //\r
723 // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r
724 //\r
725 SourceLen = AsciiStrnLenS (Source, DestMax);\r
726 if (Length >= DestMax) {\r
727 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
728 }\r
729\r
730 //\r
731 // 5. Copying shall not take place between objects that overlap.\r
732 //\r
733 if (SourceLen > Length) {\r
734 SourceLen = Length;\r
735 }\r
736 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
737\r
738 //\r
739 // The AsciiStrnCpyS function copies not more than Length successive characters (characters that\r
740 // follow a null character are not copied) from the array pointed to by Source to the array\r
741 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r
742 // character.\r
743 //\r
744 while ((*Source != 0) && (SourceLen > 0)) {\r
745 *(Destination++) = *(Source++);\r
746 SourceLen--;\r
747 }\r
748 *Destination = 0;\r
749\r
750 return RETURN_SUCCESS;\r
751}\r
752\r
753/**\r
754 Appends a copy of the string pointed to by Source (including the terminating\r
755 null char) to the end of the string pointed to by Destination.\r
756\r
328f84b1
JY		 757 This function is similar as strcat_s defined in C11.\r
758\r
0e93edbb
JY		 759 If an error would be returned, then the function will also ASSERT().\r
760\r
328f84b1
JY		 761 If an error is returned, then the Destination is unmodified.\r
762\r
c058d59f
JY		 763 @param Destination A pointer to a Null-terminated Ascii string.\r
764 @param DestMax The maximum number of Destination Ascii\r
765 char, including terminating null char.\r
766 @param Source A pointer to a Null-terminated Ascii string.\r
767\r
768 @retval RETURN_SUCCESS String is appended.\r
769 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r
770 StrLen(Destination).\r
771 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r
772 greater than StrLen(Source).\r
773 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
774 If Source is NULL.\r
775 If PcdMaximumAsciiStringLength is not zero,\r
776 and DestMax is greater than \r
777 PcdMaximumAsciiStringLength.\r
778 If DestMax is 0.\r
779 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
780**/\r
781RETURN_STATUS\r
782EFIAPI\r
783AsciiStrCatS (\r
784 IN OUT CHAR8 *Destination,\r
785 IN UINTN DestMax,\r
786 IN CONST CHAR8 *Source\r
787 )\r
788{\r
789 UINTN DestLen;\r
790 UINTN CopyLen;\r
791 UINTN SourceLen;\r
792 \r
793 //\r
794 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.\r
795 //\r
796 DestLen = AsciiStrnLenS (Destination, DestMax);\r
797 CopyLen = DestMax - DestLen;\r
798\r
799 //\r
800 // 1. Neither Destination nor Source shall be a null pointer.\r
801 //\r
802 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
803 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
804\r
805 //\r
806 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r
807 //\r
808 if (ASCII_RSIZE_MAX != 0) {\r
809 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
810 }\r
811\r
812 //\r
813 // 3. DestMax shall not equal zero.\r
814 //\r
815 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
816\r
817 //\r
818 // 4. CopyLen shall not equal zero.\r
819 //\r
820 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r
821\r
822 //\r
823 // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r
824 //\r
825 SourceLen = AsciiStrnLenS (Source, CopyLen);\r
826 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
827\r
828 //\r
829 // 6. Copying shall not take place between objects that overlap.\r
830 //\r
831 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
832\r
833 //\r
834 // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the\r
835 // terminating null character) to the end of the string pointed to by Destination. The initial character\r
836 // from Source overwrites the null character at the end of Destination.\r
837 //\r
838 Destination = Destination + DestLen;\r
839 while (*Source != 0) {\r
840 *(Destination++) = *(Source++);\r
841 }\r
842 *Destination = 0;\r
843\r
844 return RETURN_SUCCESS;\r
845}\r
846\r
847/**\r
848 Appends not more than Length successive char from the string pointed to by\r
849 Source to the end of the string pointed to by Destination. If no null char is\r
850 copied from Source, then Destination[StrLen(Destination) + Length] is always\r
851 set to null.\r
852\r
328f84b1
JY		 853 This function is similar as strncat_s defined in C11.\r
854\r
0e93edbb
JY		 855 If an error would be returned, then the function will also ASSERT().\r
856\r
328f84b1
JY		 857 If an error is returned, then the Destination is unmodified.\r
858\r
c058d59f
JY		 859 @param Destination A pointer to a Null-terminated Ascii string.\r
860 @param DestMax The maximum number of Destination Ascii\r
861 char, including terminating null char.\r
862 @param Source A pointer to a Null-terminated Ascii string.\r
863 @param Length The maximum number of Ascii characters to copy.\r
864\r
865 @retval RETURN_SUCCESS String is appended.\r
866 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r
867 StrLen(Destination).\r
868 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r
869 greater than MIN(StrLen(Source), Length).\r
870 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
871 If Source is NULL.\r
872 If PcdMaximumAsciiStringLength is not zero,\r
873 and DestMax is greater than \r
874 PcdMaximumAsciiStringLength.\r
875 If DestMax is 0.\r
876 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
877**/\r
878RETURN_STATUS\r
879EFIAPI\r
880AsciiStrnCatS (\r
881 IN OUT CHAR8 *Destination,\r
882 IN UINTN DestMax,\r
883 IN CONST CHAR8 *Source,\r
884 IN UINTN Length\r
885 )\r
886{\r
887 UINTN DestLen;\r
888 UINTN CopyLen;\r
889 UINTN SourceLen;\r
890 \r
891 //\r
892 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.\r
893 //\r
894 DestLen = AsciiStrnLenS (Destination, DestMax);\r
895 CopyLen = DestMax - DestLen;\r
896\r
897 //\r
898 // 1. Neither Destination nor Source shall be a null pointer.\r
899 //\r
900 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
901 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
902\r
903 //\r
904 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.\r
905 //\r
906 if (ASCII_RSIZE_MAX != 0) {\r
907 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
908 SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
909 }\r
910\r
911 //\r
912 // 3. DestMax shall not equal zero.\r
913 //\r
914 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
915\r
916 //\r
917 // 4. CopyLen shall not equal zero.\r
918 //\r
919 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r
920\r
921 //\r
922 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r
923 //\r
924 SourceLen = AsciiStrnLenS (Source, CopyLen);\r
925 if (Length >= CopyLen) {\r
926 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
927 }\r
928\r
929 //\r
930 // 6. Copying shall not take place between objects that overlap.\r
931 //\r
932 if (SourceLen > Length) {\r
933 SourceLen = Length;\r
934 }\r
935 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
936\r
937 //\r
938 // The AsciiStrnCatS function appends not more than Length successive characters (characters\r
939 // that follow a null character are not copied) from the array pointed to by Source to the end of\r
940 // the string pointed to by Destination. The initial character from Source overwrites the null character at\r
941 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r
942 // a null character.\r
943 //\r
944 Destination = Destination + DestLen;\r
945 while ((*Source != 0) && (SourceLen > 0)) {\r
946 *(Destination++) = *(Source++);\r
947 SourceLen--;\r
948 }\r
949 *Destination = 0;\r
950\r
951 return RETURN_SUCCESS;\r
952}\r
3ab41b7a
JY		 953\r
954/**\r
955 Convert a Null-terminated Unicode string to a Null-terminated\r
956 ASCII string.\r
957\r
958 This function is similar to AsciiStrCpyS.\r
959\r
960 This function converts the content of the Unicode string Source\r
961 to the ASCII string Destination by copying the lower 8 bits of\r
962 each Unicode character. The function terminates the ASCII string\r
963 Destination by appending a Null-terminator character at the end.\r
964\r
965 The caller is responsible to make sure Destination points to a buffer with size\r
966 equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.\r
967\r
968 If any Unicode characters in Source contain non-zero value in\r
969 the upper 8 bits, then ASSERT().\r
970\r
971 If Source is not aligned on a 16-bit boundary, then ASSERT().\r
972 If an error would be returned, then the function will also ASSERT().\r
973\r
974 If an error is returned, then the Destination is unmodified.\r
975\r
976 @param Source The pointer to a Null-terminated Unicode string.\r
977 @param Destination The pointer to a Null-terminated ASCII string.\r
978 @param DestMax The maximum number of Destination Ascii\r
979 char, including terminating null char.\r
980\r
981 @retval RETURN_SUCCESS String is converted.\r
982 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r
983 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
984 If Source is NULL.\r
985 If PcdMaximumAsciiStringLength is not zero,\r
986 and DestMax is greater than\r
987 PcdMaximumAsciiStringLength.\r
988 If PcdMaximumUnicodeStringLength is not zero,\r
989 and DestMax is greater than\r
990 PcdMaximumUnicodeStringLength.\r
991 If DestMax is 0.\r
992 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
993\r
994**/\r
995RETURN_STATUS\r
996EFIAPI\r
997UnicodeStrToAsciiStrS (\r
998 IN CONST CHAR16 *Source,\r
999 OUT CHAR8 *Destination,\r
1000 IN UINTN DestMax\r
1001 )\r
1002{\r
1003 UINTN SourceLen;\r
1004\r
1005 ASSERT (((UINTN) Source & BIT0) == 0);\r
1006\r
1007 //\r
1008 // 1. Neither Destination nor Source shall be a null pointer.\r
1009 //\r
1010 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
1011 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
1012\r
1013 //\r
1014 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.\r
1015 //\r
1016 if (ASCII_RSIZE_MAX != 0) {\r
1017 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
1018 }\r
1019 if (RSIZE_MAX != 0) {\r
1020 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
1021 }\r
1022\r
1023 //\r
1024 // 3. DestMax shall not equal zero.\r
1025 //\r
1026 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
1027\r
1028 //\r
1029 // 4. DestMax shall be greater than StrnLenS (Source, DestMax).\r
1030 //\r
1031 SourceLen = StrnLenS (Source, DestMax);\r
1032 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
1033\r
1034 //\r
1035 // 5. Copying shall not take place between objects that overlap.\r
1036 //\r
1037 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)), RETURN_ACCESS_DENIED);\r
1038\r
1039 //\r
1040 // convert string\r
1041 //\r
1042 while (*Source != '\0') {\r
1043 //\r
1044 // If any Unicode characters in Source contain\r
1045 // non-zero value in the upper 8 bits, then ASSERT().\r
1046 //\r
1047 ASSERT (*Source < 0x100);\r
1048 *(Destination++) = (CHAR8) *(Source++);\r
1049 }\r
1050 *Destination = '\0';\r
1051\r
1052 return RETURN_SUCCESS;\r
1053}\r
1054\r
1055\r
1056/**\r
1057 Convert one Null-terminated ASCII string to a Null-terminated\r
1058 Unicode string.\r
1059\r
1060 This function is similar to StrCpyS.\r
1061\r
1062 This function converts the contents of the ASCII string Source to the Unicode\r
1063 string Destination. The function terminates the Unicode string Destination by\r
1064 appending a Null-terminator character at the end.\r
1065\r
1066 The caller is responsible to make sure Destination points to a buffer with size\r
1067 equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.\r
1068\r
1069 If Destination is not aligned on a 16-bit boundary, then ASSERT().\r
1070 If an error would be returned, then the function will also ASSERT().\r
1071\r
1072 If an error is returned, then the Destination is unmodified.\r
1073\r
1074 @param Source The pointer to a Null-terminated ASCII string.\r
1075 @param Destination The pointer to a Null-terminated Unicode string.\r
1076 @param DestMax The maximum number of Destination Unicode\r
1077 char, including terminating null char.\r
1078\r
1079 @retval RETURN_SUCCESS String is converted.\r
1080 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r
1081 @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r
1082 If Source is NULL.\r
1083 If PcdMaximumUnicodeStringLength is not zero,\r
1084 and DestMax is greater than\r
1085 PcdMaximumUnicodeStringLength.\r
1086 If PcdMaximumAsciiStringLength is not zero,\r
1087 and DestMax is greater than\r
1088 PcdMaximumAsciiStringLength.\r
1089 If DestMax is 0.\r
1090 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r
1091\r
1092**/\r
1093RETURN_STATUS\r
1094EFIAPI\r
1095AsciiStrToUnicodeStrS (\r
1096 IN CONST CHAR8 *Source,\r
1097 OUT CHAR16 *Destination,\r
1098 IN UINTN DestMax\r
1099 )\r
1100{\r
1101 UINTN SourceLen;\r
1102\r
1103 ASSERT (((UINTN) Destination & BIT0) == 0);\r
1104\r
1105 //\r
1106 // 1. Neither Destination nor Source shall be a null pointer.\r
1107 //\r
1108 SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r
1109 SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r
1110\r
1111 //\r
1112 // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.\r
1113 //\r
1114 if (RSIZE_MAX != 0) {\r
1115 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
1116 }\r
1117 if (ASCII_RSIZE_MAX != 0) {\r
1118 SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r
1119 }\r
1120\r
1121 //\r
1122 // 3. DestMax shall not equal zero.\r
1123 //\r
1124 SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r
1125\r
1126 //\r
1127 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r
1128 //\r
1129 SourceLen = AsciiStrnLenS (Source, DestMax);\r
1130 SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r
1131\r
1132 //\r
1133 // 5. Copying shall not take place between objects that overlap.\r
1134 //\r
1135 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r
1136\r
1137 //\r
1138 // Convert string\r
1139 //\r
1140 while (*Source != '\0') {\r
1141 *(Destination++) = (CHAR16)*(Source++);\r
1142 }\r
1143 *Destination = '\0';\r
1144\r
1145 return RETURN_SUCCESS;\r
1146}\r
EFI Development Kit II mirror for PVE