]>
Commit | Line | Data |
---|---|---|
c058d59f JY |
1 | /** @file\r |
2 | Safe String functions.\r | |
3 | \r | |
b590e43a | 4 | Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>\r |
c058d59f JY |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php.\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <Base.h>\r | |
16 | #include <Library/DebugLib.h>\r | |
17 | #include <Library/PcdLib.h>\r | |
18 | #include <Library/BaseLib.h>\r | |
19 | \r | |
20 | #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))\r | |
21 | \r | |
22 | #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))\r | |
23 | \r | |
24 | #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \\r | |
25 | do { \\r | |
26 | ASSERT (Expression); \\r | |
27 | if (!(Expression)) { \\r | |
28 | return Status; \\r | |
29 | } \\r | |
30 | } while (FALSE)\r | |
31 | \r | |
32 | /**\r | |
33 | Returns if 2 memory blocks are overlapped.\r | |
34 | \r | |
35 | @param Base1 Base address of 1st memory block.\r | |
36 | @param Size1 Size of 1st memory block.\r | |
37 | @param Base2 Base address of 2nd memory block.\r | |
38 | @param Size2 Size of 2nd memory block.\r | |
39 | \r | |
40 | @retval TRUE 2 memory blocks are overlapped.\r | |
41 | @retval FALSE 2 memory blocks are not overlapped.\r | |
42 | **/\r | |
43 | BOOLEAN\r | |
44 | InternalSafeStringIsOverlap (\r | |
45 | IN VOID *Base1,\r | |
46 | IN UINTN Size1,\r | |
47 | IN VOID *Base2,\r | |
48 | IN UINTN Size2\r | |
49 | )\r | |
50 | {\r | |
51 | if ((((UINTN)Base1 >= (UINTN)Base2) && ((UINTN)Base1 < (UINTN)Base2 + Size2)) ||\r | |
52 | (((UINTN)Base2 >= (UINTN)Base1) && ((UINTN)Base2 < (UINTN)Base1 + Size1))) {\r | |
53 | return TRUE;\r | |
54 | }\r | |
55 | return FALSE;\r | |
56 | }\r | |
57 | \r | |
58 | /**\r | |
59 | Returns if 2 Unicode strings are not overlapped.\r | |
60 | \r | |
61 | @param Str1 Start address of 1st Unicode string.\r | |
62 | @param Size1 The number of char in 1st Unicode string,\r | |
63 | including terminating null char.\r | |
64 | @param Str2 Start address of 2nd Unicode string.\r | |
65 | @param Size2 The number of char in 2nd Unicode string,\r | |
66 | including terminating null char.\r | |
67 | \r | |
68 | @retval TRUE 2 Unicode strings are NOT overlapped.\r | |
69 | @retval FALSE 2 Unicode strings are overlapped.\r | |
70 | **/\r | |
71 | BOOLEAN\r | |
72 | InternalSafeStringNoStrOverlap (\r | |
73 | IN CHAR16 *Str1,\r | |
74 | IN UINTN Size1,\r | |
75 | IN CHAR16 *Str2,\r | |
76 | IN UINTN Size2\r | |
77 | )\r | |
78 | {\r | |
79 | return !InternalSafeStringIsOverlap (Str1, Size1 * sizeof(CHAR16), Str2, Size2 * sizeof(CHAR16));\r | |
80 | }\r | |
81 | \r | |
82 | /**\r | |
83 | Returns if 2 Ascii strings are not overlapped.\r | |
84 | \r | |
85 | @param Str1 Start address of 1st Ascii string.\r | |
86 | @param Size1 The number of char in 1st Ascii string,\r | |
87 | including terminating null char.\r | |
88 | @param Str2 Start address of 2nd Ascii string.\r | |
89 | @param Size2 The number of char in 2nd Ascii string,\r | |
90 | including terminating null char.\r | |
91 | \r | |
92 | @retval TRUE 2 Ascii strings are NOT overlapped.\r | |
93 | @retval FALSE 2 Ascii strings are overlapped.\r | |
94 | **/\r | |
95 | BOOLEAN\r | |
96 | InternalSafeStringNoAsciiStrOverlap (\r | |
97 | IN CHAR8 *Str1,\r | |
98 | IN UINTN Size1,\r | |
99 | IN CHAR8 *Str2,\r | |
100 | IN UINTN Size2\r | |
101 | )\r | |
102 | {\r | |
103 | return !InternalSafeStringIsOverlap (Str1, Size1, Str2, Size2);\r | |
104 | }\r | |
105 | \r | |
106 | /**\r | |
107 | Returns the length of a Null-terminated Unicode string.\r | |
108 | \r | |
328f84b1 JY |
109 | This function is similar as strlen_s defined in C11.\r |
110 | \r | |
c058d59f JY |
111 | If String is not aligned on a 16-bit boundary, then ASSERT().\r |
112 | \r | |
113 | @param String A pointer to a Null-terminated Unicode string.\r | |
114 | @param MaxSize The maximum number of Destination Unicode\r | |
115 | char, including terminating null char.\r | |
116 | \r | |
117 | @retval 0 If String is NULL.\r | |
118 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
119 | @return The number of characters that percede the terminating null character.\r | |
120 | \r | |
121 | **/\r | |
122 | UINTN\r | |
123 | EFIAPI\r | |
124 | StrnLenS (\r | |
125 | IN CONST CHAR16 *String,\r | |
126 | IN UINTN MaxSize\r | |
127 | )\r | |
128 | {\r | |
129 | UINTN Length;\r | |
130 | \r | |
131 | ASSERT (((UINTN) String & BIT0) == 0);\r | |
132 | \r | |
133 | //\r | |
134 | // If String is a null pointer, then the StrnLenS function returns zero.\r | |
135 | //\r | |
136 | if (String == NULL) {\r | |
137 | return 0;\r | |
138 | }\r | |
139 | \r | |
140 | //\r | |
141 | // Otherwise, the StrnLenS function returns the number of characters that precede the\r | |
142 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
143 | // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
144 | // be accessed by StrnLenS.\r | |
145 | //\r | |
c07c517c HW |
146 | Length = 0;\r |
147 | while (String[Length] != 0) {\r | |
148 | if (Length >= MaxSize - 1) {\r | |
149 | return MaxSize;\r | |
150 | }\r | |
151 | Length++;\r | |
c058d59f JY |
152 | }\r |
153 | return Length;\r | |
154 | }\r | |
155 | \r | |
b590e43a HW |
156 | /**\r |
157 | Returns the size of a Null-terminated Unicode string in bytes, including the\r | |
158 | Null terminator.\r | |
159 | \r | |
160 | This function returns the size of the Null-terminated Unicode string\r | |
161 | specified by String in bytes, including the Null terminator.\r | |
162 | \r | |
163 | If String is not aligned on a 16-bit boundary, then ASSERT().\r | |
164 | \r | |
165 | @param String A pointer to a Null-terminated Unicode string.\r | |
166 | @param MaxSize The maximum number of Destination Unicode\r | |
167 | char, including the Null terminator.\r | |
168 | \r | |
169 | @retval 0 If String is NULL.\r | |
170 | @retval (sizeof (CHAR16) * (MaxSize + 1))\r | |
171 | If there is no Null terminator in the first MaxSize characters of\r | |
172 | String.\r | |
173 | @return The size of the Null-terminated Unicode string in bytes, including\r | |
174 | the Null terminator.\r | |
175 | \r | |
176 | **/\r | |
177 | UINTN\r | |
178 | EFIAPI\r | |
179 | StrnSizeS (\r | |
180 | IN CONST CHAR16 *String,\r | |
181 | IN UINTN MaxSize\r | |
182 | )\r | |
183 | {\r | |
184 | //\r | |
185 | // If String is a null pointer, then the StrnSizeS function returns zero.\r | |
186 | //\r | |
187 | if (String == NULL) {\r | |
188 | return 0;\r | |
189 | }\r | |
190 | \r | |
191 | //\r | |
192 | // Otherwise, the StrnSizeS function returns the size of the Null-terminated\r | |
193 | // Unicode string in bytes, including the Null terminator. If there is no\r | |
194 | // Null terminator in the first MaxSize characters of String, then StrnSizeS\r | |
195 | // returns (sizeof (CHAR16) * (MaxSize + 1)) to keep a consistent map with\r | |
196 | // the StrnLenS function.\r | |
197 | //\r | |
198 | return (StrnLenS (String, MaxSize) + 1) * sizeof (*String);\r | |
199 | }\r | |
200 | \r | |
c058d59f JY |
201 | /**\r |
202 | Copies the string pointed to by Source (including the terminating null char)\r | |
203 | to the array pointed to by Destination.\r | |
204 | \r | |
328f84b1 JY |
205 | This function is similar as strcpy_s defined in C11.\r |
206 | \r | |
c058d59f JY |
207 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
208 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 209 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 210 | \r |
328f84b1 JY |
211 | If an error is returned, then the Destination is unmodified.\r |
212 | \r | |
c058d59f JY |
213 | @param Destination A pointer to a Null-terminated Unicode string.\r |
214 | @param DestMax The maximum number of Destination Unicode\r | |
215 | char, including terminating null char.\r | |
216 | @param Source A pointer to a Null-terminated Unicode string.\r | |
217 | \r | |
218 | @retval RETURN_SUCCESS String is copied.\r | |
219 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
220 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
221 | If Source is NULL.\r | |
222 | If PcdMaximumUnicodeStringLength is not zero,\r | |
223 | and DestMax is greater than \r | |
224 | PcdMaximumUnicodeStringLength.\r | |
225 | If DestMax is 0.\r | |
226 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
227 | **/\r | |
228 | RETURN_STATUS\r | |
229 | EFIAPI\r | |
230 | StrCpyS (\r | |
231 | OUT CHAR16 *Destination,\r | |
232 | IN UINTN DestMax,\r | |
233 | IN CONST CHAR16 *Source\r | |
234 | )\r | |
235 | {\r | |
236 | UINTN SourceLen;\r | |
237 | \r | |
238 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
239 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
240 | \r | |
241 | //\r | |
242 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
243 | //\r | |
244 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
245 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
246 | \r | |
247 | //\r | |
248 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
249 | //\r | |
250 | if (RSIZE_MAX != 0) {\r | |
251 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
252 | }\r | |
253 | \r | |
254 | //\r | |
255 | // 3. DestMax shall not equal zero.\r | |
256 | //\r | |
257 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
258 | \r | |
259 | //\r | |
260 | // 4. DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
261 | //\r | |
262 | SourceLen = StrnLenS (Source, DestMax);\r | |
263 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
264 | \r | |
265 | //\r | |
266 | // 5. Copying shall not take place between objects that overlap.\r | |
267 | //\r | |
268 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
269 | \r | |
270 | //\r | |
271 | // The StrCpyS function copies the string pointed to by Source (including the terminating\r | |
272 | // null character) into the array pointed to by Destination.\r | |
273 | //\r | |
274 | while (*Source != 0) {\r | |
275 | *(Destination++) = *(Source++);\r | |
276 | }\r | |
277 | *Destination = 0;\r | |
278 | \r | |
279 | return RETURN_SUCCESS;\r | |
280 | }\r | |
281 | \r | |
282 | /**\r | |
283 | Copies not more than Length successive char from the string pointed to by\r | |
284 | Source to the array pointed to by Destination. If no null char is copied from\r | |
285 | Source, then Destination[Length] is always set to null.\r | |
286 | \r | |
328f84b1 JY |
287 | This function is similar as strncpy_s defined in C11.\r |
288 | \r | |
c058d59f JY |
289 | If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
290 | If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 291 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 292 | \r |
328f84b1 JY |
293 | If an error is returned, then the Destination is unmodified.\r |
294 | \r | |
c058d59f JY |
295 | @param Destination A pointer to a Null-terminated Unicode string.\r |
296 | @param DestMax The maximum number of Destination Unicode\r | |
297 | char, including terminating null char.\r | |
298 | @param Source A pointer to a Null-terminated Unicode string.\r | |
299 | @param Length The maximum number of Unicode characters to copy.\r | |
300 | \r | |
301 | @retval RETURN_SUCCESS String is copied.\r | |
302 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
303 | MIN(StrLen(Source), Length).\r | |
304 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
305 | If Source is NULL.\r | |
306 | If PcdMaximumUnicodeStringLength is not zero,\r | |
307 | and DestMax is greater than \r | |
308 | PcdMaximumUnicodeStringLength.\r | |
309 | If DestMax is 0.\r | |
310 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
311 | **/\r | |
312 | RETURN_STATUS\r | |
313 | EFIAPI\r | |
314 | StrnCpyS (\r | |
315 | OUT CHAR16 *Destination,\r | |
316 | IN UINTN DestMax,\r | |
317 | IN CONST CHAR16 *Source,\r | |
318 | IN UINTN Length\r | |
319 | )\r | |
320 | {\r | |
321 | UINTN SourceLen;\r | |
322 | \r | |
323 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
324 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
325 | \r | |
326 | //\r | |
327 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
328 | //\r | |
329 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
330 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
331 | \r | |
332 | //\r | |
333 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX\r | |
334 | //\r | |
335 | if (RSIZE_MAX != 0) {\r | |
336 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
337 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
338 | }\r | |
339 | \r | |
340 | //\r | |
341 | // 3. DestMax shall not equal zero.\r | |
342 | //\r | |
343 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
344 | \r | |
345 | //\r | |
346 | // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).\r | |
347 | //\r | |
348 | SourceLen = StrnLenS (Source, DestMax);\r | |
349 | if (Length >= DestMax) {\r | |
350 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
351 | }\r | |
352 | \r | |
353 | //\r | |
354 | // 5. Copying shall not take place between objects that overlap.\r | |
355 | //\r | |
356 | if (SourceLen > Length) {\r | |
357 | SourceLen = Length;\r | |
358 | }\r | |
359 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
360 | \r | |
361 | //\r | |
362 | // The StrnCpyS function copies not more than Length successive characters (characters that\r | |
363 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
364 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
365 | // character.\r | |
366 | //\r | |
367 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
368 | *(Destination++) = *(Source++);\r | |
369 | SourceLen--;\r | |
370 | }\r | |
371 | *Destination = 0;\r | |
372 | \r | |
373 | return RETURN_SUCCESS;\r | |
374 | }\r | |
375 | \r | |
376 | /**\r | |
377 | Appends a copy of the string pointed to by Source (including the terminating\r | |
378 | null char) to the end of the string pointed to by Destination.\r | |
379 | \r | |
328f84b1 JY |
380 | This function is similar as strcat_s defined in C11.\r |
381 | \r | |
c058d59f JY |
382 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
383 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
0e93edbb | 384 | If an error would be returned, then the function will also ASSERT().\r |
c058d59f | 385 | \r |
328f84b1 JY |
386 | If an error is returned, then the Destination is unmodified.\r |
387 | \r | |
c058d59f JY |
388 | @param Destination A pointer to a Null-terminated Unicode string.\r |
389 | @param DestMax The maximum number of Destination Unicode\r | |
390 | char, including terminating null char.\r | |
391 | @param Source A pointer to a Null-terminated Unicode string.\r | |
392 | \r | |
393 | @retval RETURN_SUCCESS String is appended.\r | |
394 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
395 | StrLen(Destination).\r | |
396 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
397 | greater than StrLen(Source).\r | |
398 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
399 | If Source is NULL.\r | |
400 | If PcdMaximumUnicodeStringLength is not zero,\r | |
401 | and DestMax is greater than \r | |
402 | PcdMaximumUnicodeStringLength.\r | |
403 | If DestMax is 0.\r | |
404 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
405 | **/\r | |
406 | RETURN_STATUS\r | |
407 | EFIAPI\r | |
408 | StrCatS (\r | |
409 | IN OUT CHAR16 *Destination,\r | |
410 | IN UINTN DestMax,\r | |
411 | IN CONST CHAR16 *Source\r | |
412 | )\r | |
413 | {\r | |
414 | UINTN DestLen;\r | |
415 | UINTN CopyLen;\r | |
416 | UINTN SourceLen;\r | |
417 | \r | |
418 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
419 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
420 | \r | |
421 | //\r | |
422 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.\r | |
423 | //\r | |
424 | DestLen = StrnLenS (Destination, DestMax);\r | |
425 | CopyLen = DestMax - DestLen;\r | |
426 | \r | |
427 | //\r | |
428 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
429 | //\r | |
430 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
431 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
432 | \r | |
433 | //\r | |
434 | // 2. DestMax shall not be greater than RSIZE_MAX.\r | |
435 | //\r | |
436 | if (RSIZE_MAX != 0) {\r | |
437 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
438 | }\r | |
439 | \r | |
440 | //\r | |
441 | // 3. DestMax shall not equal zero.\r | |
442 | //\r | |
443 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
444 | \r | |
445 | //\r | |
446 | // 4. CopyLen shall not equal zero.\r | |
447 | //\r | |
448 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
449 | \r | |
450 | //\r | |
451 | // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
452 | //\r | |
453 | SourceLen = StrnLenS (Source, CopyLen);\r | |
454 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
455 | \r | |
456 | //\r | |
457 | // 6. Copying shall not take place between objects that overlap.\r | |
458 | //\r | |
459 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
460 | \r | |
461 | //\r | |
462 | // The StrCatS function appends a copy of the string pointed to by Source (including the\r | |
463 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
464 | // from Source overwrites the null character at the end of Destination.\r | |
465 | //\r | |
466 | Destination = Destination + DestLen;\r | |
467 | while (*Source != 0) {\r | |
468 | *(Destination++) = *(Source++);\r | |
469 | }\r | |
470 | *Destination = 0;\r | |
471 | \r | |
472 | return RETURN_SUCCESS;\r | |
473 | }\r | |
474 | \r | |
475 | /**\r | |
476 | Appends not more than Length successive char from the string pointed to by\r | |
477 | Source to the end of the string pointed to by Destination. If no null char is\r | |
478 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
479 | set to null.\r | |
480 | \r | |
328f84b1 JY |
481 | This function is similar as strncat_s defined in C11.\r |
482 | \r | |
c058d59f | 483 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r |
0e93edbb JY |
484 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r |
485 | If an error would be returned, then the function will also ASSERT().\r | |
c058d59f | 486 | \r |
328f84b1 JY |
487 | If an error is returned, then the Destination is unmodified.\r |
488 | \r | |
c058d59f JY |
489 | @param Destination A pointer to a Null-terminated Unicode string.\r |
490 | @param DestMax The maximum number of Destination Unicode\r | |
491 | char, including terminating null char.\r | |
492 | @param Source A pointer to a Null-terminated Unicode string.\r | |
493 | @param Length The maximum number of Unicode characters to copy.\r | |
494 | \r | |
495 | @retval RETURN_SUCCESS String is appended.\r | |
496 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
497 | StrLen(Destination).\r | |
498 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
499 | greater than MIN(StrLen(Source), Length).\r | |
500 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
501 | If Source is NULL.\r | |
502 | If PcdMaximumUnicodeStringLength is not zero,\r | |
503 | and DestMax is greater than \r | |
504 | PcdMaximumUnicodeStringLength.\r | |
505 | If DestMax is 0.\r | |
506 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
507 | **/\r | |
508 | RETURN_STATUS\r | |
509 | EFIAPI\r | |
510 | StrnCatS (\r | |
511 | IN OUT CHAR16 *Destination,\r | |
512 | IN UINTN DestMax,\r | |
513 | IN CONST CHAR16 *Source,\r | |
514 | IN UINTN Length\r | |
515 | )\r | |
516 | {\r | |
517 | UINTN DestLen;\r | |
518 | UINTN CopyLen;\r | |
519 | UINTN SourceLen;\r | |
520 | \r | |
521 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
522 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
523 | \r | |
524 | //\r | |
525 | // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.\r | |
526 | //\r | |
527 | DestLen = StrnLenS (Destination, DestMax);\r | |
528 | CopyLen = DestMax - DestLen;\r | |
529 | \r | |
530 | //\r | |
531 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
532 | //\r | |
533 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
534 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
535 | \r | |
536 | //\r | |
537 | // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.\r | |
538 | //\r | |
539 | if (RSIZE_MAX != 0) {\r | |
540 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
541 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
542 | }\r | |
543 | \r | |
544 | //\r | |
545 | // 3. DestMax shall not equal zero.\r | |
546 | //\r | |
547 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
548 | \r | |
549 | //\r | |
550 | // 4. CopyLen shall not equal zero.\r | |
551 | //\r | |
552 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
553 | \r | |
554 | //\r | |
555 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).\r | |
556 | //\r | |
557 | SourceLen = StrnLenS (Source, CopyLen);\r | |
558 | if (Length >= CopyLen) {\r | |
559 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
560 | }\r | |
561 | \r | |
562 | //\r | |
563 | // 6. Copying shall not take place between objects that overlap.\r | |
564 | //\r | |
565 | if (SourceLen > Length) {\r | |
566 | SourceLen = Length;\r | |
567 | }\r | |
568 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination, DestMax, (CHAR16 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
569 | \r | |
570 | //\r | |
571 | // The StrnCatS function appends not more than Length successive characters (characters\r | |
572 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
573 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
574 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
575 | // a null character.\r | |
576 | //\r | |
577 | Destination = Destination + DestLen;\r | |
578 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
579 | *(Destination++) = *(Source++);\r | |
580 | SourceLen--;\r | |
581 | }\r | |
582 | *Destination = 0;\r | |
583 | \r | |
584 | return RETURN_SUCCESS;\r | |
585 | }\r | |
586 | \r | |
587 | /**\r | |
588 | Returns the length of a Null-terminated Ascii string.\r | |
589 | \r | |
328f84b1 JY |
590 | This function is similar as strlen_s defined in C11.\r |
591 | \r | |
c058d59f JY |
592 | @param String A pointer to a Null-terminated Ascii string.\r |
593 | @param MaxSize The maximum number of Destination Ascii\r | |
594 | char, including terminating null char.\r | |
595 | \r | |
596 | @retval 0 If String is NULL.\r | |
597 | @retval MaxSize If there is no null character in the first MaxSize characters of String.\r | |
598 | @return The number of characters that percede the terminating null character.\r | |
599 | \r | |
600 | **/\r | |
601 | UINTN\r | |
602 | EFIAPI\r | |
603 | AsciiStrnLenS (\r | |
604 | IN CONST CHAR8 *String,\r | |
605 | IN UINTN MaxSize\r | |
606 | )\r | |
607 | {\r | |
608 | UINTN Length;\r | |
609 | \r | |
610 | //\r | |
611 | // If String is a null pointer, then the AsciiStrnLenS function returns zero.\r | |
612 | //\r | |
613 | if (String == NULL) {\r | |
614 | return 0;\r | |
615 | }\r | |
616 | \r | |
617 | //\r | |
618 | // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the\r | |
619 | // terminating null character. If there is no null character in the first MaxSize characters of\r | |
620 | // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall\r | |
621 | // be accessed by AsciiStrnLenS.\r | |
622 | //\r | |
c07c517c HW |
623 | Length = 0;\r |
624 | while (String[Length] != 0) {\r | |
625 | if (Length >= MaxSize - 1) {\r | |
626 | return MaxSize;\r | |
627 | }\r | |
628 | Length++;\r | |
c058d59f JY |
629 | }\r |
630 | return Length;\r | |
631 | }\r | |
632 | \r | |
b590e43a HW |
633 | /**\r |
634 | Returns the size of a Null-terminated Ascii string in bytes, including the\r | |
635 | Null terminator.\r | |
636 | \r | |
637 | This function returns the size of the Null-terminated Ascii string specified\r | |
638 | by String in bytes, including the Null terminator.\r | |
639 | \r | |
640 | @param String A pointer to a Null-terminated Ascii string.\r | |
641 | @param MaxSize The maximum number of Destination Ascii\r | |
642 | char, including the Null terminator.\r | |
643 | \r | |
644 | @retval 0 If String is NULL.\r | |
645 | @retval (sizeof (CHAR8) * (MaxSize + 1))\r | |
646 | If there is no Null terminator in the first MaxSize characters of\r | |
647 | String.\r | |
648 | @return The size of the Null-terminated Ascii string in bytes, including the\r | |
649 | Null terminator.\r | |
650 | \r | |
651 | **/\r | |
652 | UINTN\r | |
653 | EFIAPI\r | |
654 | AsciiStrnSizeS (\r | |
655 | IN CONST CHAR8 *String,\r | |
656 | IN UINTN MaxSize\r | |
657 | )\r | |
658 | {\r | |
659 | //\r | |
660 | // If String is a null pointer, then the AsciiStrnSizeS function returns\r | |
661 | // zero.\r | |
662 | //\r | |
663 | if (String == NULL) {\r | |
664 | return 0;\r | |
665 | }\r | |
666 | \r | |
667 | //\r | |
668 | // Otherwise, the AsciiStrnSizeS function returns the size of the\r | |
669 | // Null-terminated Ascii string in bytes, including the Null terminator. If\r | |
670 | // there is no Null terminator in the first MaxSize characters of String,\r | |
671 | // then AsciiStrnSizeS returns (sizeof (CHAR8) * (MaxSize + 1)) to keep a\r | |
672 | // consistent map with the AsciiStrnLenS function.\r | |
673 | //\r | |
674 | return (AsciiStrnLenS (String, MaxSize) + 1) * sizeof (*String);\r | |
675 | }\r | |
676 | \r | |
c058d59f JY |
677 | /**\r |
678 | Copies the string pointed to by Source (including the terminating null char)\r | |
679 | to the array pointed to by Destination.\r | |
680 | \r | |
328f84b1 JY |
681 | This function is similar as strcpy_s defined in C11.\r |
682 | \r | |
0e93edbb JY |
683 | If an error would be returned, then the function will also ASSERT().\r |
684 | \r | |
328f84b1 JY |
685 | If an error is returned, then the Destination is unmodified.\r |
686 | \r | |
c058d59f JY |
687 | @param Destination A pointer to a Null-terminated Ascii string.\r |
688 | @param DestMax The maximum number of Destination Ascii\r | |
689 | char, including terminating null char.\r | |
690 | @param Source A pointer to a Null-terminated Ascii string.\r | |
691 | \r | |
692 | @retval RETURN_SUCCESS String is copied.\r | |
693 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
694 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
695 | If Source is NULL.\r | |
696 | If PcdMaximumAsciiStringLength is not zero,\r | |
697 | and DestMax is greater than \r | |
698 | PcdMaximumAsciiStringLength.\r | |
699 | If DestMax is 0.\r | |
700 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
701 | **/\r | |
702 | RETURN_STATUS\r | |
703 | EFIAPI\r | |
704 | AsciiStrCpyS (\r | |
705 | OUT CHAR8 *Destination,\r | |
706 | IN UINTN DestMax,\r | |
707 | IN CONST CHAR8 *Source\r | |
708 | )\r | |
709 | {\r | |
710 | UINTN SourceLen;\r | |
711 | \r | |
712 | //\r | |
713 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
714 | //\r | |
715 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
716 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
717 | \r | |
718 | //\r | |
719 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
720 | //\r | |
721 | if (ASCII_RSIZE_MAX != 0) {\r | |
722 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
723 | }\r | |
724 | \r | |
725 | //\r | |
726 | // 3. DestMax shall not equal zero.\r | |
727 | //\r | |
728 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
729 | \r | |
730 | //\r | |
731 | // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
732 | //\r | |
733 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
734 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
735 | \r | |
736 | //\r | |
737 | // 5. Copying shall not take place between objects that overlap.\r | |
738 | //\r | |
739 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
740 | \r | |
741 | //\r | |
742 | // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating\r | |
743 | // null character) into the array pointed to by Destination.\r | |
744 | //\r | |
745 | while (*Source != 0) {\r | |
746 | *(Destination++) = *(Source++);\r | |
747 | }\r | |
748 | *Destination = 0;\r | |
749 | \r | |
750 | return RETURN_SUCCESS;\r | |
751 | }\r | |
752 | \r | |
753 | /**\r | |
754 | Copies not more than Length successive char from the string pointed to by\r | |
755 | Source to the array pointed to by Destination. If no null char is copied from\r | |
756 | Source, then Destination[Length] is always set to null.\r | |
757 | \r | |
328f84b1 JY |
758 | This function is similar as strncpy_s defined in C11.\r |
759 | \r | |
0e93edbb JY |
760 | If an error would be returned, then the function will also ASSERT().\r |
761 | \r | |
328f84b1 JY |
762 | If an error is returned, then the Destination is unmodified.\r |
763 | \r | |
c058d59f JY |
764 | @param Destination A pointer to a Null-terminated Ascii string.\r |
765 | @param DestMax The maximum number of Destination Ascii\r | |
766 | char, including terminating null char.\r | |
767 | @param Source A pointer to a Null-terminated Ascii string.\r | |
768 | @param Length The maximum number of Ascii characters to copy.\r | |
769 | \r | |
770 | @retval RETURN_SUCCESS String is copied.\r | |
771 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than \r | |
772 | MIN(StrLen(Source), Length).\r | |
773 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
774 | If Source is NULL.\r | |
775 | If PcdMaximumAsciiStringLength is not zero,\r | |
776 | and DestMax is greater than \r | |
777 | PcdMaximumAsciiStringLength.\r | |
778 | If DestMax is 0.\r | |
779 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
780 | **/\r | |
781 | RETURN_STATUS\r | |
782 | EFIAPI\r | |
783 | AsciiStrnCpyS (\r | |
784 | OUT CHAR8 *Destination,\r | |
785 | IN UINTN DestMax,\r | |
786 | IN CONST CHAR8 *Source,\r | |
787 | IN UINTN Length\r | |
788 | )\r | |
789 | {\r | |
790 | UINTN SourceLen;\r | |
791 | \r | |
792 | //\r | |
793 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
794 | //\r | |
795 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
796 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
797 | \r | |
798 | //\r | |
799 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX\r | |
800 | //\r | |
801 | if (ASCII_RSIZE_MAX != 0) {\r | |
802 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
803 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
804 | }\r | |
805 | \r | |
806 | //\r | |
807 | // 3. DestMax shall not equal zero.\r | |
808 | //\r | |
809 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
810 | \r | |
811 | //\r | |
812 | // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
813 | //\r | |
814 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
815 | if (Length >= DestMax) {\r | |
816 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
817 | }\r | |
818 | \r | |
819 | //\r | |
820 | // 5. Copying shall not take place between objects that overlap.\r | |
821 | //\r | |
822 | if (SourceLen > Length) {\r | |
823 | SourceLen = Length;\r | |
824 | }\r | |
825 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
826 | \r | |
827 | //\r | |
828 | // The AsciiStrnCpyS function copies not more than Length successive characters (characters that\r | |
829 | // follow a null character are not copied) from the array pointed to by Source to the array\r | |
830 | // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null\r | |
831 | // character.\r | |
832 | //\r | |
833 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
834 | *(Destination++) = *(Source++);\r | |
835 | SourceLen--;\r | |
836 | }\r | |
837 | *Destination = 0;\r | |
838 | \r | |
839 | return RETURN_SUCCESS;\r | |
840 | }\r | |
841 | \r | |
842 | /**\r | |
843 | Appends a copy of the string pointed to by Source (including the terminating\r | |
844 | null char) to the end of the string pointed to by Destination.\r | |
845 | \r | |
328f84b1 JY |
846 | This function is similar as strcat_s defined in C11.\r |
847 | \r | |
0e93edbb JY |
848 | If an error would be returned, then the function will also ASSERT().\r |
849 | \r | |
328f84b1 JY |
850 | If an error is returned, then the Destination is unmodified.\r |
851 | \r | |
c058d59f JY |
852 | @param Destination A pointer to a Null-terminated Ascii string.\r |
853 | @param DestMax The maximum number of Destination Ascii\r | |
854 | char, including terminating null char.\r | |
855 | @param Source A pointer to a Null-terminated Ascii string.\r | |
856 | \r | |
857 | @retval RETURN_SUCCESS String is appended.\r | |
858 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than \r | |
859 | StrLen(Destination).\r | |
860 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
861 | greater than StrLen(Source).\r | |
862 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
863 | If Source is NULL.\r | |
864 | If PcdMaximumAsciiStringLength is not zero,\r | |
865 | and DestMax is greater than \r | |
866 | PcdMaximumAsciiStringLength.\r | |
867 | If DestMax is 0.\r | |
868 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
869 | **/\r | |
870 | RETURN_STATUS\r | |
871 | EFIAPI\r | |
872 | AsciiStrCatS (\r | |
873 | IN OUT CHAR8 *Destination,\r | |
874 | IN UINTN DestMax,\r | |
875 | IN CONST CHAR8 *Source\r | |
876 | )\r | |
877 | {\r | |
878 | UINTN DestLen;\r | |
879 | UINTN CopyLen;\r | |
880 | UINTN SourceLen;\r | |
881 | \r | |
882 | //\r | |
883 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.\r | |
884 | //\r | |
885 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
886 | CopyLen = DestMax - DestLen;\r | |
887 | \r | |
888 | //\r | |
889 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
890 | //\r | |
891 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
892 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
893 | \r | |
894 | //\r | |
895 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.\r | |
896 | //\r | |
897 | if (ASCII_RSIZE_MAX != 0) {\r | |
898 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
899 | }\r | |
900 | \r | |
901 | //\r | |
902 | // 3. DestMax shall not equal zero.\r | |
903 | //\r | |
904 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
905 | \r | |
906 | //\r | |
907 | // 4. CopyLen shall not equal zero.\r | |
908 | //\r | |
909 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
910 | \r | |
911 | //\r | |
912 | // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
913 | //\r | |
914 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
915 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
916 | \r | |
917 | //\r | |
918 | // 6. Copying shall not take place between objects that overlap.\r | |
919 | //\r | |
920 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
921 | \r | |
922 | //\r | |
923 | // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the\r | |
924 | // terminating null character) to the end of the string pointed to by Destination. The initial character\r | |
925 | // from Source overwrites the null character at the end of Destination.\r | |
926 | //\r | |
927 | Destination = Destination + DestLen;\r | |
928 | while (*Source != 0) {\r | |
929 | *(Destination++) = *(Source++);\r | |
930 | }\r | |
931 | *Destination = 0;\r | |
932 | \r | |
933 | return RETURN_SUCCESS;\r | |
934 | }\r | |
935 | \r | |
936 | /**\r | |
937 | Appends not more than Length successive char from the string pointed to by\r | |
938 | Source to the end of the string pointed to by Destination. If no null char is\r | |
939 | copied from Source, then Destination[StrLen(Destination) + Length] is always\r | |
940 | set to null.\r | |
941 | \r | |
328f84b1 JY |
942 | This function is similar as strncat_s defined in C11.\r |
943 | \r | |
0e93edbb JY |
944 | If an error would be returned, then the function will also ASSERT().\r |
945 | \r | |
328f84b1 JY |
946 | If an error is returned, then the Destination is unmodified.\r |
947 | \r | |
c058d59f JY |
948 | @param Destination A pointer to a Null-terminated Ascii string.\r |
949 | @param DestMax The maximum number of Destination Ascii\r | |
950 | char, including terminating null char.\r | |
951 | @param Source A pointer to a Null-terminated Ascii string.\r | |
952 | @param Length The maximum number of Ascii characters to copy.\r | |
953 | \r | |
954 | @retval RETURN_SUCCESS String is appended.\r | |
955 | @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than\r | |
956 | StrLen(Destination).\r | |
957 | @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT\r | |
958 | greater than MIN(StrLen(Source), Length).\r | |
959 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
960 | If Source is NULL.\r | |
961 | If PcdMaximumAsciiStringLength is not zero,\r | |
962 | and DestMax is greater than \r | |
963 | PcdMaximumAsciiStringLength.\r | |
964 | If DestMax is 0.\r | |
965 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
966 | **/\r | |
967 | RETURN_STATUS\r | |
968 | EFIAPI\r | |
969 | AsciiStrnCatS (\r | |
970 | IN OUT CHAR8 *Destination,\r | |
971 | IN UINTN DestMax,\r | |
972 | IN CONST CHAR8 *Source,\r | |
973 | IN UINTN Length\r | |
974 | )\r | |
975 | {\r | |
976 | UINTN DestLen;\r | |
977 | UINTN CopyLen;\r | |
978 | UINTN SourceLen;\r | |
979 | \r | |
980 | //\r | |
981 | // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.\r | |
982 | //\r | |
983 | DestLen = AsciiStrnLenS (Destination, DestMax);\r | |
984 | CopyLen = DestMax - DestLen;\r | |
985 | \r | |
986 | //\r | |
987 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
988 | //\r | |
989 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
990 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
991 | \r | |
992 | //\r | |
993 | // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.\r | |
994 | //\r | |
995 | if (ASCII_RSIZE_MAX != 0) {\r | |
996 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
997 | SAFE_STRING_CONSTRAINT_CHECK ((Length <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
998 | }\r | |
999 | \r | |
1000 | //\r | |
1001 | // 3. DestMax shall not equal zero.\r | |
1002 | //\r | |
1003 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
1004 | \r | |
1005 | //\r | |
1006 | // 4. CopyLen shall not equal zero.\r | |
1007 | //\r | |
1008 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen != 0), RETURN_BAD_BUFFER_SIZE);\r | |
1009 | \r | |
1010 | //\r | |
1011 | // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).\r | |
1012 | //\r | |
1013 | SourceLen = AsciiStrnLenS (Source, CopyLen);\r | |
1014 | if (Length >= CopyLen) {\r | |
1015 | SAFE_STRING_CONSTRAINT_CHECK ((CopyLen > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
1016 | }\r | |
1017 | \r | |
1018 | //\r | |
1019 | // 6. Copying shall not take place between objects that overlap.\r | |
1020 | //\r | |
1021 | if (SourceLen > Length) {\r | |
1022 | SourceLen = Length;\r | |
1023 | }\r | |
1024 | SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination, DestMax, (CHAR8 *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
1025 | \r | |
1026 | //\r | |
1027 | // The AsciiStrnCatS function appends not more than Length successive characters (characters\r | |
1028 | // that follow a null character are not copied) from the array pointed to by Source to the end of\r | |
1029 | // the string pointed to by Destination. The initial character from Source overwrites the null character at\r | |
1030 | // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to\r | |
1031 | // a null character.\r | |
1032 | //\r | |
1033 | Destination = Destination + DestLen;\r | |
1034 | while ((*Source != 0) && (SourceLen > 0)) {\r | |
1035 | *(Destination++) = *(Source++);\r | |
1036 | SourceLen--;\r | |
1037 | }\r | |
1038 | *Destination = 0;\r | |
1039 | \r | |
1040 | return RETURN_SUCCESS;\r | |
1041 | }\r | |
3ab41b7a JY |
1042 | \r |
1043 | /**\r | |
1044 | Convert a Null-terminated Unicode string to a Null-terminated\r | |
1045 | ASCII string.\r | |
1046 | \r | |
1047 | This function is similar to AsciiStrCpyS.\r | |
1048 | \r | |
1049 | This function converts the content of the Unicode string Source\r | |
1050 | to the ASCII string Destination by copying the lower 8 bits of\r | |
1051 | each Unicode character. The function terminates the ASCII string\r | |
1052 | Destination by appending a Null-terminator character at the end.\r | |
1053 | \r | |
1054 | The caller is responsible to make sure Destination points to a buffer with size\r | |
1055 | equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.\r | |
1056 | \r | |
1057 | If any Unicode characters in Source contain non-zero value in\r | |
1058 | the upper 8 bits, then ASSERT().\r | |
1059 | \r | |
1060 | If Source is not aligned on a 16-bit boundary, then ASSERT().\r | |
1061 | If an error would be returned, then the function will also ASSERT().\r | |
1062 | \r | |
1063 | If an error is returned, then the Destination is unmodified.\r | |
1064 | \r | |
1065 | @param Source The pointer to a Null-terminated Unicode string.\r | |
1066 | @param Destination The pointer to a Null-terminated ASCII string.\r | |
1067 | @param DestMax The maximum number of Destination Ascii\r | |
1068 | char, including terminating null char.\r | |
1069 | \r | |
1070 | @retval RETURN_SUCCESS String is converted.\r | |
1071 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
1072 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
1073 | If Source is NULL.\r | |
1074 | If PcdMaximumAsciiStringLength is not zero,\r | |
1075 | and DestMax is greater than\r | |
1076 | PcdMaximumAsciiStringLength.\r | |
1077 | If PcdMaximumUnicodeStringLength is not zero,\r | |
1078 | and DestMax is greater than\r | |
1079 | PcdMaximumUnicodeStringLength.\r | |
1080 | If DestMax is 0.\r | |
1081 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
1082 | \r | |
1083 | **/\r | |
1084 | RETURN_STATUS\r | |
1085 | EFIAPI\r | |
1086 | UnicodeStrToAsciiStrS (\r | |
1087 | IN CONST CHAR16 *Source,\r | |
1088 | OUT CHAR8 *Destination,\r | |
1089 | IN UINTN DestMax\r | |
1090 | )\r | |
1091 | {\r | |
1092 | UINTN SourceLen;\r | |
1093 | \r | |
1094 | ASSERT (((UINTN) Source & BIT0) == 0);\r | |
1095 | \r | |
1096 | //\r | |
1097 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
1098 | //\r | |
1099 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
1100 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
1101 | \r | |
1102 | //\r | |
1103 | // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.\r | |
1104 | //\r | |
1105 | if (ASCII_RSIZE_MAX != 0) {\r | |
1106 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1107 | }\r | |
1108 | if (RSIZE_MAX != 0) {\r | |
1109 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1110 | }\r | |
1111 | \r | |
1112 | //\r | |
1113 | // 3. DestMax shall not equal zero.\r | |
1114 | //\r | |
1115 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
1116 | \r | |
1117 | //\r | |
1118 | // 4. DestMax shall be greater than StrnLenS (Source, DestMax).\r | |
1119 | //\r | |
1120 | SourceLen = StrnLenS (Source, DestMax);\r | |
1121 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
1122 | \r | |
1123 | //\r | |
1124 | // 5. Copying shall not take place between objects that overlap.\r | |
1125 | //\r | |
1126 | SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax, (VOID *)Source, (SourceLen + 1) * sizeof(CHAR16)), RETURN_ACCESS_DENIED);\r | |
1127 | \r | |
1128 | //\r | |
1129 | // convert string\r | |
1130 | //\r | |
1131 | while (*Source != '\0') {\r | |
1132 | //\r | |
1133 | // If any Unicode characters in Source contain\r | |
1134 | // non-zero value in the upper 8 bits, then ASSERT().\r | |
1135 | //\r | |
1136 | ASSERT (*Source < 0x100);\r | |
1137 | *(Destination++) = (CHAR8) *(Source++);\r | |
1138 | }\r | |
1139 | *Destination = '\0';\r | |
1140 | \r | |
1141 | return RETURN_SUCCESS;\r | |
1142 | }\r | |
1143 | \r | |
1144 | \r | |
1145 | /**\r | |
1146 | Convert one Null-terminated ASCII string to a Null-terminated\r | |
1147 | Unicode string.\r | |
1148 | \r | |
1149 | This function is similar to StrCpyS.\r | |
1150 | \r | |
1151 | This function converts the contents of the ASCII string Source to the Unicode\r | |
1152 | string Destination. The function terminates the Unicode string Destination by\r | |
1153 | appending a Null-terminator character at the end.\r | |
1154 | \r | |
1155 | The caller is responsible to make sure Destination points to a buffer with size\r | |
1156 | equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.\r | |
1157 | \r | |
1158 | If Destination is not aligned on a 16-bit boundary, then ASSERT().\r | |
1159 | If an error would be returned, then the function will also ASSERT().\r | |
1160 | \r | |
1161 | If an error is returned, then the Destination is unmodified.\r | |
1162 | \r | |
1163 | @param Source The pointer to a Null-terminated ASCII string.\r | |
1164 | @param Destination The pointer to a Null-terminated Unicode string.\r | |
1165 | @param DestMax The maximum number of Destination Unicode\r | |
1166 | char, including terminating null char.\r | |
1167 | \r | |
1168 | @retval RETURN_SUCCESS String is converted.\r | |
1169 | @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).\r | |
1170 | @retval RETURN_INVALID_PARAMETER If Destination is NULL.\r | |
1171 | If Source is NULL.\r | |
1172 | If PcdMaximumUnicodeStringLength is not zero,\r | |
1173 | and DestMax is greater than\r | |
1174 | PcdMaximumUnicodeStringLength.\r | |
1175 | If PcdMaximumAsciiStringLength is not zero,\r | |
1176 | and DestMax is greater than\r | |
1177 | PcdMaximumAsciiStringLength.\r | |
1178 | If DestMax is 0.\r | |
1179 | @retval RETURN_ACCESS_DENIED If Source and Destination overlap.\r | |
1180 | \r | |
1181 | **/\r | |
1182 | RETURN_STATUS\r | |
1183 | EFIAPI\r | |
1184 | AsciiStrToUnicodeStrS (\r | |
1185 | IN CONST CHAR8 *Source,\r | |
1186 | OUT CHAR16 *Destination,\r | |
1187 | IN UINTN DestMax\r | |
1188 | )\r | |
1189 | {\r | |
1190 | UINTN SourceLen;\r | |
1191 | \r | |
1192 | ASSERT (((UINTN) Destination & BIT0) == 0);\r | |
1193 | \r | |
1194 | //\r | |
1195 | // 1. Neither Destination nor Source shall be a null pointer.\r | |
1196 | //\r | |
1197 | SAFE_STRING_CONSTRAINT_CHECK ((Destination != NULL), RETURN_INVALID_PARAMETER);\r | |
1198 | SAFE_STRING_CONSTRAINT_CHECK ((Source != NULL), RETURN_INVALID_PARAMETER);\r | |
1199 | \r | |
1200 | //\r | |
1201 | // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.\r | |
1202 | //\r | |
1203 | if (RSIZE_MAX != 0) {\r | |
1204 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1205 | }\r | |
1206 | if (ASCII_RSIZE_MAX != 0) {\r | |
1207 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER);\r | |
1208 | }\r | |
1209 | \r | |
1210 | //\r | |
1211 | // 3. DestMax shall not equal zero.\r | |
1212 | //\r | |
1213 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax != 0), RETURN_INVALID_PARAMETER);\r | |
1214 | \r | |
1215 | //\r | |
1216 | // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).\r | |
1217 | //\r | |
1218 | SourceLen = AsciiStrnLenS (Source, DestMax);\r | |
1219 | SAFE_STRING_CONSTRAINT_CHECK ((DestMax > SourceLen), RETURN_BUFFER_TOO_SMALL);\r | |
1220 | \r | |
1221 | //\r | |
1222 | // 5. Copying shall not take place between objects that overlap.\r | |
1223 | //\r | |
1224 | SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination, DestMax * sizeof(CHAR16), (VOID *)Source, SourceLen + 1), RETURN_ACCESS_DENIED);\r | |
1225 | \r | |
1226 | //\r | |
1227 | // Convert string\r | |
1228 | //\r | |
1229 | while (*Source != '\0') {\r | |
1230 | *(Destination++) = (CHAR16)*(Source++);\r | |
1231 | }\r | |
1232 | *Destination = '\0';\r | |
1233 | \r | |
1234 | return RETURN_SUCCESS;\r | |
1235 | }\r |