https://bugzilla.tianocore.org/show_bug.cgi?id=567
In function BasePrintLibSPrintMarker(), when processing ASCII format
strings, if the format string walker pointer 'Format' is pointing at the
end of the format string (i.e. '\0'), the following expression:
*(Format + 1)
will read an undefined value.
Though this value won't affect the functionality, since it will be masked
by variable 'FormatMask':
(*(Format + 1) << 8)) & FormatMask
(FormatMask is 0xff for ASCII format string)
This commit adds additional logic to avoid reading undefined content.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
//\r
// Get the first character from the format string\r
//\r
//\r
// Get the first character from the format string\r
//\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
\r
//\r
// Loop until the end of the format string is reached or the output buffer is full\r
\r
//\r
// Loop until the end of the format string is reached or the output buffer is full\r
//\r
for (Done = FALSE; !Done; ) {\r
Format += BytesPerFormatCharacter;\r
//\r
for (Done = FALSE; !Done; ) {\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
switch (FormatCharacter) {\r
case '.': \r
Flags |= PRECISION; \r
switch (FormatCharacter) {\r
case '.': \r
Flags |= PRECISION; \r
for (Count = 0; ((FormatCharacter >= '0') && (FormatCharacter <= '9')); ){\r
Count = (Count * 10) + FormatCharacter - '0';\r
Format += BytesPerFormatCharacter;\r
for (Count = 0; ((FormatCharacter >= '0') && (FormatCharacter <= '9')); ){\r
Count = (Count * 10) + FormatCharacter - '0';\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
}\r
Format -= BytesPerFormatCharacter;\r
if ((Flags & PRECISION) == 0) {\r
}\r
Format -= BytesPerFormatCharacter;\r
if ((Flags & PRECISION) == 0) {\r
\r
case '\r':\r
Format += BytesPerFormatCharacter;\r
\r
case '\r':\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
if (FormatCharacter == '\n') {\r
//\r
// Translate '\r\n' to '\r\n'\r
if (FormatCharacter == '\n') {\r
//\r
// Translate '\r\n' to '\r\n'\r
//\r
ArgumentString = "\r\n";\r
Format += BytesPerFormatCharacter;\r
//\r
ArgumentString = "\r\n";\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
if (FormatCharacter != '\r') {\r
Format -= BytesPerFormatCharacter;\r
}\r
if (FormatCharacter != '\r') {\r
Format -= BytesPerFormatCharacter;\r
}\r
\r
case '\r':\r
Format += BytesPerFormatCharacter;\r
\r
case '\r':\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
if (FormatCharacter == '\n') {\r
//\r
// Translate '\r\n' to '\r\n'\r
if (FormatCharacter == '\n') {\r
//\r
// Translate '\r\n' to '\r\n'\r
//\r
ArgumentString = "\r\n";\r
Format += BytesPerFormatCharacter;\r
//\r
ArgumentString = "\r\n";\r
Format += BytesPerFormatCharacter;\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
if (FormatCharacter != '\r') {\r
Format -= BytesPerFormatCharacter;\r
}\r
if (FormatCharacter != '\r') {\r
Format -= BytesPerFormatCharacter;\r
}\r
//\r
// Get the next character from the format string\r
//\r
//\r
// Get the next character from the format string\r
//\r
- FormatCharacter = ((*Format & 0xff) | (*(Format + 1) << 8)) & FormatMask;\r
+ FormatCharacter = ((*Format & 0xff) | ((BytesPerFormatCharacter == 1) ? 0 : (*(Format + 1) << 8))) & FormatMask;\r
}\r
\r
if ((Flags & COUNT_ONLY_NO_PRINT) != 0) {\r
}\r
\r
if ((Flags & COUNT_ONLY_NO_PRINT) != 0) {\r
projects / mirror_edk2.git / commitdiff