]> git.proxmox.com Git - mirror_edk2.git/commit - MdePkg/Include/Base.h
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 11cf02f) | patch
MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
authorSean Brogan <sean.brogan@microsoft.com>
Mon, 24 Apr 2017 23:37:20 +0000 (16:37 -0700)
committerKinney, Michael D <michael.d.kinney@intel.com>
Thu, 25 Jan 2018 17:42:20 +0000 (09:42 -0800)
commitd7a09cb86a0416c099fa3a9e0fbe2c8f399b28de
treec46f9e44097e63cf3dc2aa141ee98bbda599fc10tree
parent11cf02f6d0a56398023e01b0322fbd05a396b353commit | diff
MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance

https://bugzilla.tianocore.org/show_bug.cgi?id=798

SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.

Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
  size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.

Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
  underflow (in case of subtraction).

Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
  be used. For example file sizes and array indices should always
  be unsigned. Subtracting a larger positive signed number from a
  smaller positive signed number with SafeInt32Sub() will succeed,
  producing a negative number, that then must not be used as an
  array index (but can occasionally be used as a pointer index.)
  Similarly for adding a larger magnitude negative number to a
  smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
  if your integer operations overflowed, not if you are doing the
  right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
  unsigned index.

Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
https://github.com/Microsoft/MS_UEFI/commit/21ef3a321c907b40fa93797619c9f6c686dd92e0
https://github.com/Microsoft/MS_UEFI/commit/ca516b1a61315c2d823f453e12d2135098f53d61
https://github.com/Microsoft/MS_UEFI/commit/33bab4031a417d7d5a7d356c15a14c2e60302b2d

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
15 files changed:
MdePkg/Include/AArch64/ProcessorBind.h diff | blob | blame | history
MdePkg/Include/Arm/ProcessorBind.h diff | blob | blame | history
MdePkg/Include/Base.h diff | blob | blame | history
MdePkg/Include/Ebc/ProcessorBind.h diff | blob | blame | history
MdePkg/Include/Ia32/ProcessorBind.h diff | blob | blame | history
MdePkg/Include/Ipf/ProcessorBind.h diff | blob | blame | history
MdePkg/Include/Library/SafeIntLib.h [new file with mode: 0644] blob
MdePkg/Include/X64/ProcessorBind.h diff | blob | blame | history
MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf [new file with mode: 0644] blob
MdePkg/Library/BaseSafeIntLib/SafeIntLib.c [new file with mode: 0644] blob
MdePkg/Library/BaseSafeIntLib/SafeIntLib32.c [new file with mode: 0644] blob
MdePkg/Library/BaseSafeIntLib/SafeIntLib64.c [new file with mode: 0644] blob
MdePkg/Library/BaseSafeIntLib/SafeIntLibEbc.c [new file with mode: 0644] blob
MdePkg/MdePkg.dec diff | blob | blame | history
MdePkg/MdePkg.dsc diff | blob | blame | history
EFI Development Kit II mirror for PVE