]>
git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Library/BaseLib/SafeString.c
e4c0759c704adae6d9e329a1c25f44df8ecf9cab
4 Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php.
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/DebugLib.h>
17 #include <Library/PcdLib.h>
18 #include <Library/BaseLib.h>
20 #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))
22 #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))
24 #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
26 ASSERT (Expression); \
27 if (!(Expression)) { \
33 Returns if 2 memory blocks are overlapped.
35 @param Base1 Base address of 1st memory block.
36 @param Size1 Size of 1st memory block.
37 @param Base2 Base address of 2nd memory block.
38 @param Size2 Size of 2nd memory block.
40 @retval TRUE 2 memory blocks are overlapped.
41 @retval FALSE 2 memory blocks are not overlapped.
44 InternalSafeStringIsOverlap (
51 if ((((UINTN
)Base1
>= (UINTN
)Base2
) && ((UINTN
)Base1
< (UINTN
)Base2
+ Size2
)) ||
52 (((UINTN
)Base2
>= (UINTN
)Base1
) && ((UINTN
)Base2
< (UINTN
)Base1
+ Size1
))) {
59 Returns if 2 Unicode strings are not overlapped.
61 @param Str1 Start address of 1st Unicode string.
62 @param Size1 The number of char in 1st Unicode string,
63 including terminating null char.
64 @param Str2 Start address of 2nd Unicode string.
65 @param Size2 The number of char in 2nd Unicode string,
66 including terminating null char.
68 @retval TRUE 2 Unicode strings are NOT overlapped.
69 @retval FALSE 2 Unicode strings are overlapped.
72 InternalSafeStringNoStrOverlap (
79 return !InternalSafeStringIsOverlap (Str1
, Size1
* sizeof(CHAR16
), Str2
, Size2
* sizeof(CHAR16
));
83 Returns if 2 Ascii strings are not overlapped.
85 @param Str1 Start address of 1st Ascii string.
86 @param Size1 The number of char in 1st Ascii string,
87 including terminating null char.
88 @param Str2 Start address of 2nd Ascii string.
89 @param Size2 The number of char in 2nd Ascii string,
90 including terminating null char.
92 @retval TRUE 2 Ascii strings are NOT overlapped.
93 @retval FALSE 2 Ascii strings are overlapped.
96 InternalSafeStringNoAsciiStrOverlap (
103 return !InternalSafeStringIsOverlap (Str1
, Size1
, Str2
, Size2
);
107 Returns the length of a Null-terminated Unicode string.
109 This function is similar as strlen_s defined in C11.
111 If String is not aligned on a 16-bit boundary, then ASSERT().
113 @param String A pointer to a Null-terminated Unicode string.
114 @param MaxSize The maximum number of Destination Unicode
115 char, including terminating null char.
117 @retval 0 If String is NULL.
118 @retval MaxSize If there is no null character in the first MaxSize characters of String.
119 @return The number of characters that percede the terminating null character.
125 IN CONST CHAR16
*String
,
131 ASSERT (((UINTN
) String
& BIT0
) == 0);
134 // If String is a null pointer, then the StrnLenS function returns zero.
136 if (String
== NULL
) {
141 // Otherwise, the StrnLenS function returns the number of characters that precede the
142 // terminating null character. If there is no null character in the first MaxSize characters of
143 // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
144 // be accessed by StrnLenS.
147 while (String
[Length
] != 0) {
148 if (Length
>= MaxSize
- 1) {
157 Copies the string pointed to by Source (including the terminating null char)
158 to the array pointed to by Destination.
160 This function is similar as strcpy_s defined in C11.
162 If Destination is not aligned on a 16-bit boundary, then ASSERT().
163 If Source is not aligned on a 16-bit boundary, then ASSERT().
164 If an error would be returned, then the function will also ASSERT().
166 If an error is returned, then the Destination is unmodified.
168 @param Destination A pointer to a Null-terminated Unicode string.
169 @param DestMax The maximum number of Destination Unicode
170 char, including terminating null char.
171 @param Source A pointer to a Null-terminated Unicode string.
173 @retval RETURN_SUCCESS String is copied.
174 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
175 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
177 If PcdMaximumUnicodeStringLength is not zero,
178 and DestMax is greater than
179 PcdMaximumUnicodeStringLength.
181 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
186 OUT CHAR16
*Destination
,
188 IN CONST CHAR16
*Source
193 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
194 ASSERT (((UINTN
) Source
& BIT0
) == 0);
197 // 1. Neither Destination nor Source shall be a null pointer.
199 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
200 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
203 // 2. DestMax shall not be greater than RSIZE_MAX.
205 if (RSIZE_MAX
!= 0) {
206 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
210 // 3. DestMax shall not equal zero.
212 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
215 // 4. DestMax shall be greater than StrnLenS(Source, DestMax).
217 SourceLen
= StrnLenS (Source
, DestMax
);
218 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
221 // 5. Copying shall not take place between objects that overlap.
223 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
226 // The StrCpyS function copies the string pointed to by Source (including the terminating
227 // null character) into the array pointed to by Destination.
229 while (*Source
!= 0) {
230 *(Destination
++) = *(Source
++);
234 return RETURN_SUCCESS
;
238 Copies not more than Length successive char from the string pointed to by
239 Source to the array pointed to by Destination. If no null char is copied from
240 Source, then Destination[Length] is always set to null.
242 This function is similar as strncpy_s defined in C11.
244 If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
245 If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
246 If an error would be returned, then the function will also ASSERT().
248 If an error is returned, then the Destination is unmodified.
250 @param Destination A pointer to a Null-terminated Unicode string.
251 @param DestMax The maximum number of Destination Unicode
252 char, including terminating null char.
253 @param Source A pointer to a Null-terminated Unicode string.
254 @param Length The maximum number of Unicode characters to copy.
256 @retval RETURN_SUCCESS String is copied.
257 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
258 MIN(StrLen(Source), Length).
259 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
261 If PcdMaximumUnicodeStringLength is not zero,
262 and DestMax is greater than
263 PcdMaximumUnicodeStringLength.
265 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
270 OUT CHAR16
*Destination
,
272 IN CONST CHAR16
*Source
,
278 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
279 ASSERT (((UINTN
) Source
& BIT0
) == 0);
282 // 1. Neither Destination nor Source shall be a null pointer.
284 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
285 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
288 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX
290 if (RSIZE_MAX
!= 0) {
291 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
292 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
296 // 3. DestMax shall not equal zero.
298 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
301 // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).
303 SourceLen
= StrnLenS (Source
, DestMax
);
304 if (Length
>= DestMax
) {
305 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
309 // 5. Copying shall not take place between objects that overlap.
311 if (SourceLen
> Length
) {
314 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
317 // The StrnCpyS function copies not more than Length successive characters (characters that
318 // follow a null character are not copied) from the array pointed to by Source to the array
319 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
322 while ((*Source
!= 0) && (SourceLen
> 0)) {
323 *(Destination
++) = *(Source
++);
328 return RETURN_SUCCESS
;
332 Appends a copy of the string pointed to by Source (including the terminating
333 null char) to the end of the string pointed to by Destination.
335 This function is similar as strcat_s defined in C11.
337 If Destination is not aligned on a 16-bit boundary, then ASSERT().
338 If Source is not aligned on a 16-bit boundary, then ASSERT().
339 If an error would be returned, then the function will also ASSERT().
341 If an error is returned, then the Destination is unmodified.
343 @param Destination A pointer to a Null-terminated Unicode string.
344 @param DestMax The maximum number of Destination Unicode
345 char, including terminating null char.
346 @param Source A pointer to a Null-terminated Unicode string.
348 @retval RETURN_SUCCESS String is appended.
349 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
351 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
352 greater than StrLen(Source).
353 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
355 If PcdMaximumUnicodeStringLength is not zero,
356 and DestMax is greater than
357 PcdMaximumUnicodeStringLength.
359 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
364 IN OUT CHAR16
*Destination
,
366 IN CONST CHAR16
*Source
373 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
374 ASSERT (((UINTN
) Source
& BIT0
) == 0);
377 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.
379 DestLen
= StrnLenS (Destination
, DestMax
);
380 CopyLen
= DestMax
- DestLen
;
383 // 1. Neither Destination nor Source shall be a null pointer.
385 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
386 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
389 // 2. DestMax shall not be greater than RSIZE_MAX.
391 if (RSIZE_MAX
!= 0) {
392 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
396 // 3. DestMax shall not equal zero.
398 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
401 // 4. CopyLen shall not equal zero.
403 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
406 // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).
408 SourceLen
= StrnLenS (Source
, CopyLen
);
409 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
412 // 6. Copying shall not take place between objects that overlap.
414 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
417 // The StrCatS function appends a copy of the string pointed to by Source (including the
418 // terminating null character) to the end of the string pointed to by Destination. The initial character
419 // from Source overwrites the null character at the end of Destination.
421 Destination
= Destination
+ DestLen
;
422 while (*Source
!= 0) {
423 *(Destination
++) = *(Source
++);
427 return RETURN_SUCCESS
;
431 Appends not more than Length successive char from the string pointed to by
432 Source to the end of the string pointed to by Destination. If no null char is
433 copied from Source, then Destination[StrLen(Destination) + Length] is always
436 This function is similar as strncat_s defined in C11.
438 If Destination is not aligned on a 16-bit boundary, then ASSERT().
439 If Source is not aligned on a 16-bit boundary, then ASSERT().
440 If an error would be returned, then the function will also ASSERT().
442 If an error is returned, then the Destination is unmodified.
444 @param Destination A pointer to a Null-terminated Unicode string.
445 @param DestMax The maximum number of Destination Unicode
446 char, including terminating null char.
447 @param Source A pointer to a Null-terminated Unicode string.
448 @param Length The maximum number of Unicode characters to copy.
450 @retval RETURN_SUCCESS String is appended.
451 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
453 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
454 greater than MIN(StrLen(Source), Length).
455 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
457 If PcdMaximumUnicodeStringLength is not zero,
458 and DestMax is greater than
459 PcdMaximumUnicodeStringLength.
461 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
466 IN OUT CHAR16
*Destination
,
468 IN CONST CHAR16
*Source
,
476 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
477 ASSERT (((UINTN
) Source
& BIT0
) == 0);
480 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.
482 DestLen
= StrnLenS (Destination
, DestMax
);
483 CopyLen
= DestMax
- DestLen
;
486 // 1. Neither Destination nor Source shall be a null pointer.
488 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
489 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
492 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.
494 if (RSIZE_MAX
!= 0) {
495 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
496 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
500 // 3. DestMax shall not equal zero.
502 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
505 // 4. CopyLen shall not equal zero.
507 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
510 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).
512 SourceLen
= StrnLenS (Source
, CopyLen
);
513 if (Length
>= CopyLen
) {
514 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
518 // 6. Copying shall not take place between objects that overlap.
520 if (SourceLen
> Length
) {
523 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
526 // The StrnCatS function appends not more than Length successive characters (characters
527 // that follow a null character are not copied) from the array pointed to by Source to the end of
528 // the string pointed to by Destination. The initial character from Source overwrites the null character at
529 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
532 Destination
= Destination
+ DestLen
;
533 while ((*Source
!= 0) && (SourceLen
> 0)) {
534 *(Destination
++) = *(Source
++);
539 return RETURN_SUCCESS
;
543 Returns the length of a Null-terminated Ascii string.
545 This function is similar as strlen_s defined in C11.
547 @param String A pointer to a Null-terminated Ascii string.
548 @param MaxSize The maximum number of Destination Ascii
549 char, including terminating null char.
551 @retval 0 If String is NULL.
552 @retval MaxSize If there is no null character in the first MaxSize characters of String.
553 @return The number of characters that percede the terminating null character.
559 IN CONST CHAR8
*String
,
566 // If String is a null pointer, then the AsciiStrnLenS function returns zero.
568 if (String
== NULL
) {
573 // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the
574 // terminating null character. If there is no null character in the first MaxSize characters of
575 // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
576 // be accessed by AsciiStrnLenS.
579 while (String
[Length
] != 0) {
580 if (Length
>= MaxSize
- 1) {
589 Copies the string pointed to by Source (including the terminating null char)
590 to the array pointed to by Destination.
592 This function is similar as strcpy_s defined in C11.
594 If an error would be returned, then the function will also ASSERT().
596 If an error is returned, then the Destination is unmodified.
598 @param Destination A pointer to a Null-terminated Ascii string.
599 @param DestMax The maximum number of Destination Ascii
600 char, including terminating null char.
601 @param Source A pointer to a Null-terminated Ascii string.
603 @retval RETURN_SUCCESS String is copied.
604 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
605 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
607 If PcdMaximumAsciiStringLength is not zero,
608 and DestMax is greater than
609 PcdMaximumAsciiStringLength.
611 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
616 OUT CHAR8
*Destination
,
618 IN CONST CHAR8
*Source
624 // 1. Neither Destination nor Source shall be a null pointer.
626 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
627 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
630 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
632 if (ASCII_RSIZE_MAX
!= 0) {
633 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
637 // 3. DestMax shall not equal zero.
639 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
642 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
644 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
645 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
648 // 5. Copying shall not take place between objects that overlap.
650 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
653 // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating
654 // null character) into the array pointed to by Destination.
656 while (*Source
!= 0) {
657 *(Destination
++) = *(Source
++);
661 return RETURN_SUCCESS
;
665 Copies not more than Length successive char from the string pointed to by
666 Source to the array pointed to by Destination. If no null char is copied from
667 Source, then Destination[Length] is always set to null.
669 This function is similar as strncpy_s defined in C11.
671 If an error would be returned, then the function will also ASSERT().
673 If an error is returned, then the Destination is unmodified.
675 @param Destination A pointer to a Null-terminated Ascii string.
676 @param DestMax The maximum number of Destination Ascii
677 char, including terminating null char.
678 @param Source A pointer to a Null-terminated Ascii string.
679 @param Length The maximum number of Ascii characters to copy.
681 @retval RETURN_SUCCESS String is copied.
682 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
683 MIN(StrLen(Source), Length).
684 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
686 If PcdMaximumAsciiStringLength is not zero,
687 and DestMax is greater than
688 PcdMaximumAsciiStringLength.
690 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
695 OUT CHAR8
*Destination
,
697 IN CONST CHAR8
*Source
,
704 // 1. Neither Destination nor Source shall be a null pointer.
706 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
707 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
710 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX
712 if (ASCII_RSIZE_MAX
!= 0) {
713 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
714 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
718 // 3. DestMax shall not equal zero.
720 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
723 // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
725 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
726 if (Length
>= DestMax
) {
727 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
731 // 5. Copying shall not take place between objects that overlap.
733 if (SourceLen
> Length
) {
736 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
739 // The AsciiStrnCpyS function copies not more than Length successive characters (characters that
740 // follow a null character are not copied) from the array pointed to by Source to the array
741 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
744 while ((*Source
!= 0) && (SourceLen
> 0)) {
745 *(Destination
++) = *(Source
++);
750 return RETURN_SUCCESS
;
754 Appends a copy of the string pointed to by Source (including the terminating
755 null char) to the end of the string pointed to by Destination.
757 This function is similar as strcat_s defined in C11.
759 If an error would be returned, then the function will also ASSERT().
761 If an error is returned, then the Destination is unmodified.
763 @param Destination A pointer to a Null-terminated Ascii string.
764 @param DestMax The maximum number of Destination Ascii
765 char, including terminating null char.
766 @param Source A pointer to a Null-terminated Ascii string.
768 @retval RETURN_SUCCESS String is appended.
769 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
771 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
772 greater than StrLen(Source).
773 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
775 If PcdMaximumAsciiStringLength is not zero,
776 and DestMax is greater than
777 PcdMaximumAsciiStringLength.
779 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
784 IN OUT CHAR8
*Destination
,
786 IN CONST CHAR8
*Source
794 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
796 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
797 CopyLen
= DestMax
- DestLen
;
800 // 1. Neither Destination nor Source shall be a null pointer.
802 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
803 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
806 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
808 if (ASCII_RSIZE_MAX
!= 0) {
809 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
813 // 3. DestMax shall not equal zero.
815 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
818 // 4. CopyLen shall not equal zero.
820 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
823 // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
825 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
826 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
829 // 6. Copying shall not take place between objects that overlap.
831 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
834 // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the
835 // terminating null character) to the end of the string pointed to by Destination. The initial character
836 // from Source overwrites the null character at the end of Destination.
838 Destination
= Destination
+ DestLen
;
839 while (*Source
!= 0) {
840 *(Destination
++) = *(Source
++);
844 return RETURN_SUCCESS
;
848 Appends not more than Length successive char from the string pointed to by
849 Source to the end of the string pointed to by Destination. If no null char is
850 copied from Source, then Destination[StrLen(Destination) + Length] is always
853 This function is similar as strncat_s defined in C11.
855 If an error would be returned, then the function will also ASSERT().
857 If an error is returned, then the Destination is unmodified.
859 @param Destination A pointer to a Null-terminated Ascii string.
860 @param DestMax The maximum number of Destination Ascii
861 char, including terminating null char.
862 @param Source A pointer to a Null-terminated Ascii string.
863 @param Length The maximum number of Ascii characters to copy.
865 @retval RETURN_SUCCESS String is appended.
866 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
868 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
869 greater than MIN(StrLen(Source), Length).
870 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
872 If PcdMaximumAsciiStringLength is not zero,
873 and DestMax is greater than
874 PcdMaximumAsciiStringLength.
876 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
881 IN OUT CHAR8
*Destination
,
883 IN CONST CHAR8
*Source
,
892 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
894 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
895 CopyLen
= DestMax
- DestLen
;
898 // 1. Neither Destination nor Source shall be a null pointer.
900 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
901 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
904 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.
906 if (ASCII_RSIZE_MAX
!= 0) {
907 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
908 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
912 // 3. DestMax shall not equal zero.
914 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
917 // 4. CopyLen shall not equal zero.
919 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
922 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
924 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
925 if (Length
>= CopyLen
) {
926 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
930 // 6. Copying shall not take place between objects that overlap.
932 if (SourceLen
> Length
) {
935 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
938 // The AsciiStrnCatS function appends not more than Length successive characters (characters
939 // that follow a null character are not copied) from the array pointed to by Source to the end of
940 // the string pointed to by Destination. The initial character from Source overwrites the null character at
941 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
944 Destination
= Destination
+ DestLen
;
945 while ((*Source
!= 0) && (SourceLen
> 0)) {
946 *(Destination
++) = *(Source
++);
951 return RETURN_SUCCESS
;
955 Convert a Null-terminated Unicode string to a Null-terminated
958 This function is similar to AsciiStrCpyS.
960 This function converts the content of the Unicode string Source
961 to the ASCII string Destination by copying the lower 8 bits of
962 each Unicode character. The function terminates the ASCII string
963 Destination by appending a Null-terminator character at the end.
965 The caller is responsible to make sure Destination points to a buffer with size
966 equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
968 If any Unicode characters in Source contain non-zero value in
969 the upper 8 bits, then ASSERT().
971 If Source is not aligned on a 16-bit boundary, then ASSERT().
972 If an error would be returned, then the function will also ASSERT().
974 If an error is returned, then the Destination is unmodified.
976 @param Source The pointer to a Null-terminated Unicode string.
977 @param Destination The pointer to a Null-terminated ASCII string.
978 @param DestMax The maximum number of Destination Ascii
979 char, including terminating null char.
981 @retval RETURN_SUCCESS String is converted.
982 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
983 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
985 If PcdMaximumAsciiStringLength is not zero,
986 and DestMax is greater than
987 PcdMaximumAsciiStringLength.
988 If PcdMaximumUnicodeStringLength is not zero,
989 and DestMax is greater than
990 PcdMaximumUnicodeStringLength.
992 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
997 UnicodeStrToAsciiStrS (
998 IN CONST CHAR16
*Source
,
999 OUT CHAR8
*Destination
,
1005 ASSERT (((UINTN
) Source
& BIT0
) == 0);
1008 // 1. Neither Destination nor Source shall be a null pointer.
1010 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1011 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1014 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.
1016 if (ASCII_RSIZE_MAX
!= 0) {
1017 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1019 if (RSIZE_MAX
!= 0) {
1020 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1024 // 3. DestMax shall not equal zero.
1026 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1029 // 4. DestMax shall be greater than StrnLenS (Source, DestMax).
1031 SourceLen
= StrnLenS (Source
, DestMax
);
1032 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1035 // 5. Copying shall not take place between objects that overlap.
1037 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
, (VOID
*)Source
, (SourceLen
+ 1) * sizeof(CHAR16
)), RETURN_ACCESS_DENIED
);
1042 while (*Source
!= '\0') {
1044 // If any Unicode characters in Source contain
1045 // non-zero value in the upper 8 bits, then ASSERT().
1047 ASSERT (*Source
< 0x100);
1048 *(Destination
++) = (CHAR8
) *(Source
++);
1050 *Destination
= '\0';
1052 return RETURN_SUCCESS
;
1057 Convert one Null-terminated ASCII string to a Null-terminated
1060 This function is similar to StrCpyS.
1062 This function converts the contents of the ASCII string Source to the Unicode
1063 string Destination. The function terminates the Unicode string Destination by
1064 appending a Null-terminator character at the end.
1066 The caller is responsible to make sure Destination points to a buffer with size
1067 equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
1069 If Destination is not aligned on a 16-bit boundary, then ASSERT().
1070 If an error would be returned, then the function will also ASSERT().
1072 If an error is returned, then the Destination is unmodified.
1074 @param Source The pointer to a Null-terminated ASCII string.
1075 @param Destination The pointer to a Null-terminated Unicode string.
1076 @param DestMax The maximum number of Destination Unicode
1077 char, including terminating null char.
1079 @retval RETURN_SUCCESS String is converted.
1080 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
1081 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
1083 If PcdMaximumUnicodeStringLength is not zero,
1084 and DestMax is greater than
1085 PcdMaximumUnicodeStringLength.
1086 If PcdMaximumAsciiStringLength is not zero,
1087 and DestMax is greater than
1088 PcdMaximumAsciiStringLength.
1090 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
1095 AsciiStrToUnicodeStrS (
1096 IN CONST CHAR8
*Source
,
1097 OUT CHAR16
*Destination
,
1103 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
1106 // 1. Neither Destination nor Source shall be a null pointer.
1108 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1109 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1112 // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.
1114 if (RSIZE_MAX
!= 0) {
1115 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1117 if (ASCII_RSIZE_MAX
!= 0) {
1118 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1122 // 3. DestMax shall not equal zero.
1124 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1127 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
1129 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
1130 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1133 // 5. Copying shall not take place between objects that overlap.
1135 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
* sizeof(CHAR16
), (VOID
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
1140 while (*Source
!= '\0') {
1141 *(Destination
++) = (CHAR16
)*(Source
++);
1143 *Destination
= '\0';
1145 return RETURN_SUCCESS
;