ShellPkg/Shell: clean up bogus member types in SPLIT_LIST

The "SPLIT_LIST.SplitStdOut" and "SPLIT_LIST.SplitStdIn" members currently
have type (SHELL_FILE_HANDLE *). This is wrong; SHELL_FILE_HANDLE is
already a pointer, there's no need to store a pointer to a pointer.

The error is obvious if we check where and how these members are used:

- In the RunSplitCommand() function, these members are used (populated)
  extensively; this function has to be updated in sync.

  ConvertEfiFileProtocolToShellHandle() already returns the temporary
  memory file created with CreateFileInterfaceMem() as SHELL_FILE_HANDLE,
  not as (SHELL_FILE_HANDLE *).

- In particular, the ConvertShellHandleToEfiFileProtocol() calls need to
  be dropped as well in RunSplitCommand(), since
  EFI_SHELL_PROTOCOL.SetFilePosition() and EFI_SHELL_PROTOCOL.CloseFile()
  take SHELL_FILE_HANDLE parameters, not (EFI_FILE_PROTOCOL *).

  Given that ConvertShellHandleToEfiFileProtocol() only performs a
  type-cast (it does not adjust any pointer values), *and*
  SHELL_FILE_HANDLE -- taken by EFI_SHELL_PROTOCOL member functions -- is
  actually a typedef to (VOID *) -- see more on this later --, this
  conversion error hasn't been caught by compilers.

- In the ProcessNewSplitCommandLine() function, RunSplitCommand() is
  called either initially (passing in NULL / NULL; no update needed), or
  recursively (passing in Split->SplitStdIn / Split->SplitStdOut; again no
  update is necessary beyond the RunSplitCommand() modification above).

- In the UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
  functions, said structure members are compared and assigned to
  "EFI_SHELL_PARAMETERS_PROTOCOL.StdIn" and
  "EFI_SHELL_PARAMETERS_PROTOCOL.StdOut", both of which have type
  SHELL_FILE_HANDLE, *not* (SHELL_FILE_HANDLE *).

  The compiler hasn't caught this error because of the fatally flawed type
  definition of SHELL_FILE_HANDLE, namely

    typedef VOID *SHELL_FILE_HANDLE;

  Pointer-to-void silently converts to and from most other pointer types;
  among them, pointer-to-pointer-to-void. That is also why no update is
  necessary for UpdateStdInStdOutStdErr() and RestoreStdInStdOutStdErr()
  in this fix.

(

Generally speaking, using (VOID *) typedefs for opaque handles is a tragic
mistake in all of the UEFI-related specifications; this practice defeats
any type checking that compilers might help programmers with. The right
way to define an opaque handle is as follows:

  //
  // Introduce the incomplete structure type, and the derived pointer
  // type, in both the specification and the public edk2 headers. Note
  // that the derived pointer type itself is a complete type, and it can
  // be used freely by client code.
  //
  typedef struct SHELL_FILE *SHELL_FILE_HANDLE;

  //
  // Complete the structure type in the edk2 internal C source files.
  //
  struct SHELL_FILE {
    //
    // list fields
    //
  };

This way the structure size and members remain hidden from client code,
but the C compiler can nonetheless catch any invalid conversions between
incompatible XXX_HANDLE types.

)

Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Marvin Häuser <Marvin.Haeuser@outlook.com>
Cc: Qiu Shumin <shumin.qiu@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

diff --git a/ShellPkg/Application/Shell/Shell.c b/ShellPkg/Application/Shell/Shell.c
index 4383298aab726e50b9b0b6cb1b5b0ef5f9792d60..fa958170a1db52ec2190d3c17ceff0eb5b7d5187 100644 (file)
--- a/ShellPkg/Application/Shell/Shell.c
+++ b/ShellPkg/Application/Shell/Shell.c
@@ -1714,8 +1714,8 @@ ShellConvertVariables (
 EFI_STATUS\r
 RunSplitCommand(\r
   IN CONST CHAR16             *CmdLine,\r
-  IN       SHELL_FILE_HANDLE  *StdIn,\r
-  IN       SHELL_FILE_HANDLE  *StdOut\r
+  IN       SHELL_FILE_HANDLE  StdIn,\r
+  IN       SHELL_FILE_HANDLE  StdOut\r
   )\r
 {\r
   EFI_STATUS        Status;\r
@@ -1724,7 +1724,7 @@ RunSplitCommand(
   UINTN             Size1;\r
   UINTN             Size2;\r
   SPLIT_LIST        *Split;\r
-  SHELL_FILE_HANDLE *TempFileHandle;\r
+  SHELL_FILE_HANDLE TempFileHandle;\r
   BOOLEAN           Unicode;\r
 \r
   ASSERT(StdOut == NULL);\r
@@ -1790,7 +1790,7 @@ RunSplitCommand(
     Split->SplitStdOut  = Split->SplitStdIn;\r
   }\r
   Split->SplitStdIn   = TempFileHandle;\r
-  ShellInfoObject.NewEfiShellProtocol->SetFilePosition(ConvertShellHandleToEfiFileProtocol(Split->SplitStdIn), 0);\r
+  ShellInfoObject.NewEfiShellProtocol->SetFilePosition (Split->SplitStdIn, 0);\r
 \r
   if (!EFI_ERROR(Status)) {\r
     Status = RunCommand(NextCommandLine);\r
@@ -1806,10 +1806,10 @@ RunSplitCommand(
   // Note that the original StdIn is now the StdOut...\r
   //\r
   if (Split->SplitStdOut != NULL) {\r
-    ShellInfoObject.NewEfiShellProtocol->CloseFile(ConvertShellHandleToEfiFileProtocol(Split->SplitStdOut));\r
+    ShellInfoObject.NewEfiShellProtocol->CloseFile (Split->SplitStdOut);\r
   }\r
   if (Split->SplitStdIn != NULL) {\r
-    ShellInfoObject.NewEfiShellProtocol->CloseFile(ConvertShellHandleToEfiFileProtocol(Split->SplitStdIn));\r
+    ShellInfoObject.NewEfiShellProtocol->CloseFile (Split->SplitStdIn);\r
     FreePool (Split->SplitStdIn);\r
   }\r
 \r

diff --git a/ShellPkg/Application/Shell/Shell.h b/ShellPkg/Application/Shell/Shell.h
index 25ac114da71d3f398d5e4b6feb3438eb00cfab93..ff0849446817a5ccb681fc48044e205d22c7a38f 100644 (file)
--- a/ShellPkg/Application/Shell/Shell.h
+++ b/ShellPkg/Application/Shell/Shell.h
@@ -63,8 +63,8 @@ extern CONST CHAR16 mNoNestingFalse[];
 \r
 typedef struct {\r
   LIST_ENTRY        Link;           ///< Standard linked list handler.\r
-  SHELL_FILE_HANDLE *SplitStdOut;   ///< ConsoleOut for use in the split.\r
-  SHELL_FILE_HANDLE *SplitStdIn;    ///< ConsoleIn for use in the split.\r
+  SHELL_FILE_HANDLE SplitStdOut;    ///< ConsoleOut for use in the split.\r
+  SHELL_FILE_HANDLE SplitStdIn;     ///< ConsoleIn for use in the split.\r
 } SPLIT_LIST;\r
 \r
 typedef struct {\r