]>
git.proxmox.com Git - mirror_edk2.git/blob - MdePkg/Library/BaseLib/SafeString.c
4 Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php.
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Library/DebugLib.h>
17 #include <Library/PcdLib.h>
18 #include <Library/BaseLib.h>
20 #define RSIZE_MAX (PcdGet32 (PcdMaximumUnicodeStringLength))
22 #define ASCII_RSIZE_MAX (PcdGet32 (PcdMaximumAsciiStringLength))
24 #define SAFE_STRING_CONSTRAINT_CHECK(Expression, Status) \
26 ASSERT (Expression); \
27 if (!(Expression)) { \
33 Returns if 2 memory blocks are overlapped.
35 @param Base1 Base address of 1st memory block.
36 @param Size1 Size of 1st memory block.
37 @param Base2 Base address of 2nd memory block.
38 @param Size2 Size of 2nd memory block.
40 @retval TRUE 2 memory blocks are overlapped.
41 @retval FALSE 2 memory blocks are not overlapped.
44 InternalSafeStringIsOverlap (
51 if ((((UINTN
)Base1
>= (UINTN
)Base2
) && ((UINTN
)Base1
< (UINTN
)Base2
+ Size2
)) ||
52 (((UINTN
)Base2
>= (UINTN
)Base1
) && ((UINTN
)Base2
< (UINTN
)Base1
+ Size1
))) {
59 Returns if 2 Unicode strings are not overlapped.
61 @param Str1 Start address of 1st Unicode string.
62 @param Size1 The number of char in 1st Unicode string,
63 including terminating null char.
64 @param Str2 Start address of 2nd Unicode string.
65 @param Size2 The number of char in 2nd Unicode string,
66 including terminating null char.
68 @retval TRUE 2 Unicode strings are NOT overlapped.
69 @retval FALSE 2 Unicode strings are overlapped.
72 InternalSafeStringNoStrOverlap (
79 return !InternalSafeStringIsOverlap (Str1
, Size1
* sizeof(CHAR16
), Str2
, Size2
* sizeof(CHAR16
));
83 Returns if 2 Ascii strings are not overlapped.
85 @param Str1 Start address of 1st Ascii string.
86 @param Size1 The number of char in 1st Ascii string,
87 including terminating null char.
88 @param Str2 Start address of 2nd Ascii string.
89 @param Size2 The number of char in 2nd Ascii string,
90 including terminating null char.
92 @retval TRUE 2 Ascii strings are NOT overlapped.
93 @retval FALSE 2 Ascii strings are overlapped.
96 InternalSafeStringNoAsciiStrOverlap (
103 return !InternalSafeStringIsOverlap (Str1
, Size1
, Str2
, Size2
);
107 Returns the length of a Null-terminated Unicode string.
109 This function is similar as strlen_s defined in C11.
111 If String is not aligned on a 16-bit boundary, then ASSERT().
113 @param String A pointer to a Null-terminated Unicode string.
114 @param MaxSize The maximum number of Destination Unicode
115 char, including terminating null char.
117 @retval 0 If String is NULL.
118 @retval MaxSize If there is no null character in the first MaxSize characters of String.
119 @return The number of characters that percede the terminating null character.
125 IN CONST CHAR16
*String
,
131 ASSERT (((UINTN
) String
& BIT0
) == 0);
134 // If String is a null pointer, then the StrnLenS function returns zero.
136 if (String
== NULL
) {
141 // Otherwise, the StrnLenS function returns the number of characters that precede the
142 // terminating null character. If there is no null character in the first MaxSize characters of
143 // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
144 // be accessed by StrnLenS.
147 while (String
[Length
] != 0) {
148 if (Length
>= MaxSize
- 1) {
157 Returns the size of a Null-terminated Unicode string in bytes, including the
160 This function returns the size of the Null-terminated Unicode string
161 specified by String in bytes, including the Null terminator.
163 If String is not aligned on a 16-bit boundary, then ASSERT().
165 @param String A pointer to a Null-terminated Unicode string.
166 @param MaxSize The maximum number of Destination Unicode
167 char, including the Null terminator.
169 @retval 0 If String is NULL.
170 @retval (sizeof (CHAR16) * (MaxSize + 1))
171 If there is no Null terminator in the first MaxSize characters of
173 @return The size of the Null-terminated Unicode string in bytes, including
180 IN CONST CHAR16
*String
,
185 // If String is a null pointer, then the StrnSizeS function returns zero.
187 if (String
== NULL
) {
192 // Otherwise, the StrnSizeS function returns the size of the Null-terminated
193 // Unicode string in bytes, including the Null terminator. If there is no
194 // Null terminator in the first MaxSize characters of String, then StrnSizeS
195 // returns (sizeof (CHAR16) * (MaxSize + 1)) to keep a consistent map with
196 // the StrnLenS function.
198 return (StrnLenS (String
, MaxSize
) + 1) * sizeof (*String
);
202 Copies the string pointed to by Source (including the terminating null char)
203 to the array pointed to by Destination.
205 This function is similar as strcpy_s defined in C11.
207 If Destination is not aligned on a 16-bit boundary, then ASSERT().
208 If Source is not aligned on a 16-bit boundary, then ASSERT().
209 If an error would be returned, then the function will also ASSERT().
211 If an error is returned, then the Destination is unmodified.
213 @param Destination A pointer to a Null-terminated Unicode string.
214 @param DestMax The maximum number of Destination Unicode
215 char, including terminating null char.
216 @param Source A pointer to a Null-terminated Unicode string.
218 @retval RETURN_SUCCESS String is copied.
219 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
220 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
222 If PcdMaximumUnicodeStringLength is not zero,
223 and DestMax is greater than
224 PcdMaximumUnicodeStringLength.
226 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
231 OUT CHAR16
*Destination
,
233 IN CONST CHAR16
*Source
238 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
239 ASSERT (((UINTN
) Source
& BIT0
) == 0);
242 // 1. Neither Destination nor Source shall be a null pointer.
244 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
245 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
248 // 2. DestMax shall not be greater than RSIZE_MAX.
250 if (RSIZE_MAX
!= 0) {
251 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
255 // 3. DestMax shall not equal zero.
257 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
260 // 4. DestMax shall be greater than StrnLenS(Source, DestMax).
262 SourceLen
= StrnLenS (Source
, DestMax
);
263 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
266 // 5. Copying shall not take place between objects that overlap.
268 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
271 // The StrCpyS function copies the string pointed to by Source (including the terminating
272 // null character) into the array pointed to by Destination.
274 while (*Source
!= 0) {
275 *(Destination
++) = *(Source
++);
279 return RETURN_SUCCESS
;
283 Copies not more than Length successive char from the string pointed to by
284 Source to the array pointed to by Destination. If no null char is copied from
285 Source, then Destination[Length] is always set to null.
287 This function is similar as strncpy_s defined in C11.
289 If Length > 0 and Destination is not aligned on a 16-bit boundary, then ASSERT().
290 If Length > 0 and Source is not aligned on a 16-bit boundary, then ASSERT().
291 If an error would be returned, then the function will also ASSERT().
293 If an error is returned, then the Destination is unmodified.
295 @param Destination A pointer to a Null-terminated Unicode string.
296 @param DestMax The maximum number of Destination Unicode
297 char, including terminating null char.
298 @param Source A pointer to a Null-terminated Unicode string.
299 @param Length The maximum number of Unicode characters to copy.
301 @retval RETURN_SUCCESS String is copied.
302 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
303 MIN(StrLen(Source), Length).
304 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
306 If PcdMaximumUnicodeStringLength is not zero,
307 and DestMax is greater than
308 PcdMaximumUnicodeStringLength.
310 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
315 OUT CHAR16
*Destination
,
317 IN CONST CHAR16
*Source
,
323 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
324 ASSERT (((UINTN
) Source
& BIT0
) == 0);
327 // 1. Neither Destination nor Source shall be a null pointer.
329 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
330 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
333 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX
335 if (RSIZE_MAX
!= 0) {
336 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
337 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
341 // 3. DestMax shall not equal zero.
343 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
346 // 4. If Length is not less than DestMax, then DestMax shall be greater than StrnLenS(Source, DestMax).
348 SourceLen
= StrnLenS (Source
, DestMax
);
349 if (Length
>= DestMax
) {
350 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
354 // 5. Copying shall not take place between objects that overlap.
356 if (SourceLen
> Length
) {
359 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
362 // The StrnCpyS function copies not more than Length successive characters (characters that
363 // follow a null character are not copied) from the array pointed to by Source to the array
364 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
367 while ((*Source
!= 0) && (SourceLen
> 0)) {
368 *(Destination
++) = *(Source
++);
373 return RETURN_SUCCESS
;
377 Appends a copy of the string pointed to by Source (including the terminating
378 null char) to the end of the string pointed to by Destination.
380 This function is similar as strcat_s defined in C11.
382 If Destination is not aligned on a 16-bit boundary, then ASSERT().
383 If Source is not aligned on a 16-bit boundary, then ASSERT().
384 If an error would be returned, then the function will also ASSERT().
386 If an error is returned, then the Destination is unmodified.
388 @param Destination A pointer to a Null-terminated Unicode string.
389 @param DestMax The maximum number of Destination Unicode
390 char, including terminating null char.
391 @param Source A pointer to a Null-terminated Unicode string.
393 @retval RETURN_SUCCESS String is appended.
394 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
396 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
397 greater than StrLen(Source).
398 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
400 If PcdMaximumUnicodeStringLength is not zero,
401 and DestMax is greater than
402 PcdMaximumUnicodeStringLength.
404 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
409 IN OUT CHAR16
*Destination
,
411 IN CONST CHAR16
*Source
418 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
419 ASSERT (((UINTN
) Source
& BIT0
) == 0);
422 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrCatS.
424 DestLen
= StrnLenS (Destination
, DestMax
);
425 CopyLen
= DestMax
- DestLen
;
428 // 1. Neither Destination nor Source shall be a null pointer.
430 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
431 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
434 // 2. DestMax shall not be greater than RSIZE_MAX.
436 if (RSIZE_MAX
!= 0) {
437 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
441 // 3. DestMax shall not equal zero.
443 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
446 // 4. CopyLen shall not equal zero.
448 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
451 // 5. CopyLen shall be greater than StrnLenS(Source, CopyLen).
453 SourceLen
= StrnLenS (Source
, CopyLen
);
454 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
457 // 6. Copying shall not take place between objects that overlap.
459 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
462 // The StrCatS function appends a copy of the string pointed to by Source (including the
463 // terminating null character) to the end of the string pointed to by Destination. The initial character
464 // from Source overwrites the null character at the end of Destination.
466 Destination
= Destination
+ DestLen
;
467 while (*Source
!= 0) {
468 *(Destination
++) = *(Source
++);
472 return RETURN_SUCCESS
;
476 Appends not more than Length successive char from the string pointed to by
477 Source to the end of the string pointed to by Destination. If no null char is
478 copied from Source, then Destination[StrLen(Destination) + Length] is always
481 This function is similar as strncat_s defined in C11.
483 If Destination is not aligned on a 16-bit boundary, then ASSERT().
484 If Source is not aligned on a 16-bit boundary, then ASSERT().
485 If an error would be returned, then the function will also ASSERT().
487 If an error is returned, then the Destination is unmodified.
489 @param Destination A pointer to a Null-terminated Unicode string.
490 @param DestMax The maximum number of Destination Unicode
491 char, including terminating null char.
492 @param Source A pointer to a Null-terminated Unicode string.
493 @param Length The maximum number of Unicode characters to copy.
495 @retval RETURN_SUCCESS String is appended.
496 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
498 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
499 greater than MIN(StrLen(Source), Length).
500 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
502 If PcdMaximumUnicodeStringLength is not zero,
503 and DestMax is greater than
504 PcdMaximumUnicodeStringLength.
506 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
511 IN OUT CHAR16
*Destination
,
513 IN CONST CHAR16
*Source
,
521 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
522 ASSERT (((UINTN
) Source
& BIT0
) == 0);
525 // Let CopyLen denote the value DestMax - StrnLenS(Destination, DestMax) upon entry to StrnCatS.
527 DestLen
= StrnLenS (Destination
, DestMax
);
528 CopyLen
= DestMax
- DestLen
;
531 // 1. Neither Destination nor Source shall be a null pointer.
533 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
534 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
537 // 2. Neither DestMax nor Length shall be greater than RSIZE_MAX.
539 if (RSIZE_MAX
!= 0) {
540 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
541 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
545 // 3. DestMax shall not equal zero.
547 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
550 // 4. CopyLen shall not equal zero.
552 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
555 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than StrnLenS(Source, CopyLen).
557 SourceLen
= StrnLenS (Source
, CopyLen
);
558 if (Length
>= CopyLen
) {
559 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
563 // 6. Copying shall not take place between objects that overlap.
565 if (SourceLen
> Length
) {
568 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoStrOverlap (Destination
, DestMax
, (CHAR16
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
571 // The StrnCatS function appends not more than Length successive characters (characters
572 // that follow a null character are not copied) from the array pointed to by Source to the end of
573 // the string pointed to by Destination. The initial character from Source overwrites the null character at
574 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
577 Destination
= Destination
+ DestLen
;
578 while ((*Source
!= 0) && (SourceLen
> 0)) {
579 *(Destination
++) = *(Source
++);
584 return RETURN_SUCCESS
;
588 Returns the length of a Null-terminated Ascii string.
590 This function is similar as strlen_s defined in C11.
592 @param String A pointer to a Null-terminated Ascii string.
593 @param MaxSize The maximum number of Destination Ascii
594 char, including terminating null char.
596 @retval 0 If String is NULL.
597 @retval MaxSize If there is no null character in the first MaxSize characters of String.
598 @return The number of characters that percede the terminating null character.
604 IN CONST CHAR8
*String
,
611 // If String is a null pointer, then the AsciiStrnLenS function returns zero.
613 if (String
== NULL
) {
618 // Otherwise, the AsciiStrnLenS function returns the number of characters that precede the
619 // terminating null character. If there is no null character in the first MaxSize characters of
620 // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
621 // be accessed by AsciiStrnLenS.
624 while (String
[Length
] != 0) {
625 if (Length
>= MaxSize
- 1) {
634 Returns the size of a Null-terminated Ascii string in bytes, including the
637 This function returns the size of the Null-terminated Ascii string specified
638 by String in bytes, including the Null terminator.
640 @param String A pointer to a Null-terminated Ascii string.
641 @param MaxSize The maximum number of Destination Ascii
642 char, including the Null terminator.
644 @retval 0 If String is NULL.
645 @retval (sizeof (CHAR8) * (MaxSize + 1))
646 If there is no Null terminator in the first MaxSize characters of
648 @return The size of the Null-terminated Ascii string in bytes, including the
655 IN CONST CHAR8
*String
,
660 // If String is a null pointer, then the AsciiStrnSizeS function returns
663 if (String
== NULL
) {
668 // Otherwise, the AsciiStrnSizeS function returns the size of the
669 // Null-terminated Ascii string in bytes, including the Null terminator. If
670 // there is no Null terminator in the first MaxSize characters of String,
671 // then AsciiStrnSizeS returns (sizeof (CHAR8) * (MaxSize + 1)) to keep a
672 // consistent map with the AsciiStrnLenS function.
674 return (AsciiStrnLenS (String
, MaxSize
) + 1) * sizeof (*String
);
678 Copies the string pointed to by Source (including the terminating null char)
679 to the array pointed to by Destination.
681 This function is similar as strcpy_s defined in C11.
683 If an error would be returned, then the function will also ASSERT().
685 If an error is returned, then the Destination is unmodified.
687 @param Destination A pointer to a Null-terminated Ascii string.
688 @param DestMax The maximum number of Destination Ascii
689 char, including terminating null char.
690 @param Source A pointer to a Null-terminated Ascii string.
692 @retval RETURN_SUCCESS String is copied.
693 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
694 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
696 If PcdMaximumAsciiStringLength is not zero,
697 and DestMax is greater than
698 PcdMaximumAsciiStringLength.
700 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
705 OUT CHAR8
*Destination
,
707 IN CONST CHAR8
*Source
713 // 1. Neither Destination nor Source shall be a null pointer.
715 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
716 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
719 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
721 if (ASCII_RSIZE_MAX
!= 0) {
722 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
726 // 3. DestMax shall not equal zero.
728 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
731 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
733 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
734 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
737 // 5. Copying shall not take place between objects that overlap.
739 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
742 // The AsciiStrCpyS function copies the string pointed to by Source (including the terminating
743 // null character) into the array pointed to by Destination.
745 while (*Source
!= 0) {
746 *(Destination
++) = *(Source
++);
750 return RETURN_SUCCESS
;
754 Copies not more than Length successive char from the string pointed to by
755 Source to the array pointed to by Destination. If no null char is copied from
756 Source, then Destination[Length] is always set to null.
758 This function is similar as strncpy_s defined in C11.
760 If an error would be returned, then the function will also ASSERT().
762 If an error is returned, then the Destination is unmodified.
764 @param Destination A pointer to a Null-terminated Ascii string.
765 @param DestMax The maximum number of Destination Ascii
766 char, including terminating null char.
767 @param Source A pointer to a Null-terminated Ascii string.
768 @param Length The maximum number of Ascii characters to copy.
770 @retval RETURN_SUCCESS String is copied.
771 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
772 MIN(StrLen(Source), Length).
773 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
775 If PcdMaximumAsciiStringLength is not zero,
776 and DestMax is greater than
777 PcdMaximumAsciiStringLength.
779 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
784 OUT CHAR8
*Destination
,
786 IN CONST CHAR8
*Source
,
793 // 1. Neither Destination nor Source shall be a null pointer.
795 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
796 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
799 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX
801 if (ASCII_RSIZE_MAX
!= 0) {
802 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
803 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
807 // 3. DestMax shall not equal zero.
809 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
812 // 4. If Length is not less than DestMax, then DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
814 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
815 if (Length
>= DestMax
) {
816 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
820 // 5. Copying shall not take place between objects that overlap.
822 if (SourceLen
> Length
) {
825 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
828 // The AsciiStrnCpyS function copies not more than Length successive characters (characters that
829 // follow a null character are not copied) from the array pointed to by Source to the array
830 // pointed to by Destination. If no null character was copied from Source, then Destination[Length] is set to a null
833 while ((*Source
!= 0) && (SourceLen
> 0)) {
834 *(Destination
++) = *(Source
++);
839 return RETURN_SUCCESS
;
843 Appends a copy of the string pointed to by Source (including the terminating
844 null char) to the end of the string pointed to by Destination.
846 This function is similar as strcat_s defined in C11.
848 If an error would be returned, then the function will also ASSERT().
850 If an error is returned, then the Destination is unmodified.
852 @param Destination A pointer to a Null-terminated Ascii string.
853 @param DestMax The maximum number of Destination Ascii
854 char, including terminating null char.
855 @param Source A pointer to a Null-terminated Ascii string.
857 @retval RETURN_SUCCESS String is appended.
858 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
860 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
861 greater than StrLen(Source).
862 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
864 If PcdMaximumAsciiStringLength is not zero,
865 and DestMax is greater than
866 PcdMaximumAsciiStringLength.
868 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
873 IN OUT CHAR8
*Destination
,
875 IN CONST CHAR8
*Source
883 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
885 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
886 CopyLen
= DestMax
- DestLen
;
889 // 1. Neither Destination nor Source shall be a null pointer.
891 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
892 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
895 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX.
897 if (ASCII_RSIZE_MAX
!= 0) {
898 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
902 // 3. DestMax shall not equal zero.
904 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
907 // 4. CopyLen shall not equal zero.
909 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
912 // 5. CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
914 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
915 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
918 // 6. Copying shall not take place between objects that overlap.
920 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
923 // The AsciiStrCatS function appends a copy of the string pointed to by Source (including the
924 // terminating null character) to the end of the string pointed to by Destination. The initial character
925 // from Source overwrites the null character at the end of Destination.
927 Destination
= Destination
+ DestLen
;
928 while (*Source
!= 0) {
929 *(Destination
++) = *(Source
++);
933 return RETURN_SUCCESS
;
937 Appends not more than Length successive char from the string pointed to by
938 Source to the end of the string pointed to by Destination. If no null char is
939 copied from Source, then Destination[StrLen(Destination) + Length] is always
942 This function is similar as strncat_s defined in C11.
944 If an error would be returned, then the function will also ASSERT().
946 If an error is returned, then the Destination is unmodified.
948 @param Destination A pointer to a Null-terminated Ascii string.
949 @param DestMax The maximum number of Destination Ascii
950 char, including terminating null char.
951 @param Source A pointer to a Null-terminated Ascii string.
952 @param Length The maximum number of Ascii characters to copy.
954 @retval RETURN_SUCCESS String is appended.
955 @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
957 @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
958 greater than MIN(StrLen(Source), Length).
959 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
961 If PcdMaximumAsciiStringLength is not zero,
962 and DestMax is greater than
963 PcdMaximumAsciiStringLength.
965 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
970 IN OUT CHAR8
*Destination
,
972 IN CONST CHAR8
*Source
,
981 // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
983 DestLen
= AsciiStrnLenS (Destination
, DestMax
);
984 CopyLen
= DestMax
- DestLen
;
987 // 1. Neither Destination nor Source shall be a null pointer.
989 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
990 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
993 // 2. Neither DestMax nor Length shall be greater than ASCII_RSIZE_MAX.
995 if (ASCII_RSIZE_MAX
!= 0) {
996 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
997 SAFE_STRING_CONSTRAINT_CHECK ((Length
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1001 // 3. DestMax shall not equal zero.
1003 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1006 // 4. CopyLen shall not equal zero.
1008 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
!= 0), RETURN_BAD_BUFFER_SIZE
);
1011 // 5. If Length is not less than CopyLen, then CopyLen shall be greater than AsciiStrnLenS(Source, CopyLen).
1013 SourceLen
= AsciiStrnLenS (Source
, CopyLen
);
1014 if (Length
>= CopyLen
) {
1015 SAFE_STRING_CONSTRAINT_CHECK ((CopyLen
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1019 // 6. Copying shall not take place between objects that overlap.
1021 if (SourceLen
> Length
) {
1024 SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap (Destination
, DestMax
, (CHAR8
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
1027 // The AsciiStrnCatS function appends not more than Length successive characters (characters
1028 // that follow a null character are not copied) from the array pointed to by Source to the end of
1029 // the string pointed to by Destination. The initial character from Source overwrites the null character at
1030 // the end of Destination. If no null character was copied from Source, then Destination[DestMax-CopyLen+Length] is set to
1031 // a null character.
1033 Destination
= Destination
+ DestLen
;
1034 while ((*Source
!= 0) && (SourceLen
> 0)) {
1035 *(Destination
++) = *(Source
++);
1040 return RETURN_SUCCESS
;
1044 Convert a Null-terminated Unicode string to a Null-terminated
1047 This function is similar to AsciiStrCpyS.
1049 This function converts the content of the Unicode string Source
1050 to the ASCII string Destination by copying the lower 8 bits of
1051 each Unicode character. The function terminates the ASCII string
1052 Destination by appending a Null-terminator character at the end.
1054 The caller is responsible to make sure Destination points to a buffer with size
1055 equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
1057 If any Unicode characters in Source contain non-zero value in
1058 the upper 8 bits, then ASSERT().
1060 If Source is not aligned on a 16-bit boundary, then ASSERT().
1061 If an error would be returned, then the function will also ASSERT().
1063 If an error is returned, then the Destination is unmodified.
1065 @param Source The pointer to a Null-terminated Unicode string.
1066 @param Destination The pointer to a Null-terminated ASCII string.
1067 @param DestMax The maximum number of Destination Ascii
1068 char, including terminating null char.
1070 @retval RETURN_SUCCESS String is converted.
1071 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
1072 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
1074 If PcdMaximumAsciiStringLength is not zero,
1075 and DestMax is greater than
1076 PcdMaximumAsciiStringLength.
1077 If PcdMaximumUnicodeStringLength is not zero,
1078 and DestMax is greater than
1079 PcdMaximumUnicodeStringLength.
1081 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
1086 UnicodeStrToAsciiStrS (
1087 IN CONST CHAR16
*Source
,
1088 OUT CHAR8
*Destination
,
1094 ASSERT (((UINTN
) Source
& BIT0
) == 0);
1097 // 1. Neither Destination nor Source shall be a null pointer.
1099 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1100 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1103 // 2. DestMax shall not be greater than ASCII_RSIZE_MAX or RSIZE_MAX.
1105 if (ASCII_RSIZE_MAX
!= 0) {
1106 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1108 if (RSIZE_MAX
!= 0) {
1109 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1113 // 3. DestMax shall not equal zero.
1115 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1118 // 4. DestMax shall be greater than StrnLenS (Source, DestMax).
1120 SourceLen
= StrnLenS (Source
, DestMax
);
1121 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1124 // 5. Copying shall not take place between objects that overlap.
1126 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
, (VOID
*)Source
, (SourceLen
+ 1) * sizeof(CHAR16
)), RETURN_ACCESS_DENIED
);
1131 while (*Source
!= '\0') {
1133 // If any Unicode characters in Source contain
1134 // non-zero value in the upper 8 bits, then ASSERT().
1136 ASSERT (*Source
< 0x100);
1137 *(Destination
++) = (CHAR8
) *(Source
++);
1139 *Destination
= '\0';
1141 return RETURN_SUCCESS
;
1146 Convert one Null-terminated ASCII string to a Null-terminated
1149 This function is similar to StrCpyS.
1151 This function converts the contents of the ASCII string Source to the Unicode
1152 string Destination. The function terminates the Unicode string Destination by
1153 appending a Null-terminator character at the end.
1155 The caller is responsible to make sure Destination points to a buffer with size
1156 equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in bytes.
1158 If Destination is not aligned on a 16-bit boundary, then ASSERT().
1159 If an error would be returned, then the function will also ASSERT().
1161 If an error is returned, then the Destination is unmodified.
1163 @param Source The pointer to a Null-terminated ASCII string.
1164 @param Destination The pointer to a Null-terminated Unicode string.
1165 @param DestMax The maximum number of Destination Unicode
1166 char, including terminating null char.
1168 @retval RETURN_SUCCESS String is converted.
1169 @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than StrLen(Source).
1170 @retval RETURN_INVALID_PARAMETER If Destination is NULL.
1172 If PcdMaximumUnicodeStringLength is not zero,
1173 and DestMax is greater than
1174 PcdMaximumUnicodeStringLength.
1175 If PcdMaximumAsciiStringLength is not zero,
1176 and DestMax is greater than
1177 PcdMaximumAsciiStringLength.
1179 @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
1184 AsciiStrToUnicodeStrS (
1185 IN CONST CHAR8
*Source
,
1186 OUT CHAR16
*Destination
,
1192 ASSERT (((UINTN
) Destination
& BIT0
) == 0);
1195 // 1. Neither Destination nor Source shall be a null pointer.
1197 SAFE_STRING_CONSTRAINT_CHECK ((Destination
!= NULL
), RETURN_INVALID_PARAMETER
);
1198 SAFE_STRING_CONSTRAINT_CHECK ((Source
!= NULL
), RETURN_INVALID_PARAMETER
);
1201 // 2. DestMax shall not be greater than RSIZE_MAX or ASCII_RSIZE_MAX.
1203 if (RSIZE_MAX
!= 0) {
1204 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1206 if (ASCII_RSIZE_MAX
!= 0) {
1207 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
<= ASCII_RSIZE_MAX
), RETURN_INVALID_PARAMETER
);
1211 // 3. DestMax shall not equal zero.
1213 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
!= 0), RETURN_INVALID_PARAMETER
);
1216 // 4. DestMax shall be greater than AsciiStrnLenS(Source, DestMax).
1218 SourceLen
= AsciiStrnLenS (Source
, DestMax
);
1219 SAFE_STRING_CONSTRAINT_CHECK ((DestMax
> SourceLen
), RETURN_BUFFER_TOO_SMALL
);
1222 // 5. Copying shall not take place between objects that overlap.
1224 SAFE_STRING_CONSTRAINT_CHECK (!InternalSafeStringIsOverlap (Destination
, DestMax
* sizeof(CHAR16
), (VOID
*)Source
, SourceLen
+ 1), RETURN_ACCESS_DENIED
);
1229 while (*Source
!= '\0') {
1230 *(Destination
++) = (CHAR16
)*(Source
++);
1232 *Destination
= '\0';
1234 return RETURN_SUCCESS
;