From: Hao Wu Date: Fri, 23 Dec 2016 06:34:26 +0000 (+0800) Subject: MdePkg/BasePrintLib: Add safe print functions [A|U]ValueToStringS X-Git-Tag: edk2-stable201903~4621 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=51f0ceb;hp=0b6642e60eee7456a6075fdb1a011ad4a1d3f31d MdePkg/BasePrintLib: Add safe print functions [A|U]ValueToStringS Add the following 2 APIs: UnicodeValueToStringS AsciiValueToStringS These safe version APIs are used to enhance their counterpart (APIs without trailing 'S' in function names). They perform checks to the input parameters and will return relative status to reflect the check result. Return RETURN_INVALID_PARAMETER when: 1). The input Buffer is NULL. 2). The input BufferSize is greater than (PcdMaximumUnicodeStringLength * sizeof (CHAR16) + 1) for UnicodeValueToStringS or greater than PcdMaximumAsciiStringLength for AsciiValueToStringS. 3). The input Flags is not set properly. 4). The input Width is not smaller than MAXIMUM_VALUE_CHARACTERS. Return RETURN_BUFFER_TOO_SMALL when: 1). The input BufferSize cannot hold the converted value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Reviewed-by: Liming Gao --- diff --git a/MdePkg/Include/Library/PrintLib.h b/MdePkg/Include/Library/PrintLib.h index 5f663239b7..8c11dab696 100644 --- a/MdePkg/Include/Library/PrintLib.h +++ b/MdePkg/Include/Library/PrintLib.h @@ -541,6 +541,67 @@ UnicodeValueToString ( IN UINTN Width ); +/** + Converts a decimal value to a Null-terminated Unicode string. + + Converts the decimal number specified by Value to a Null-terminated Unicode + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Unicode string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Unicode characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumUnicodeStringLength is not + zero, and BufferSize is greater than + (PcdMaximumUnicodeStringLength * + sizeof (CHAR16) + 1). + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +UnicodeValueToStringS ( + IN OUT CHAR16 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ); + /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated ASCII format string and a VA_LIST argument list. @@ -870,6 +931,66 @@ AsciiValueToString ( IN UINTN Width ); +/** + Converts a decimal value to a Null-terminated Ascii string. + + Converts the decimal number specified by Value to a Null-terminated Ascii + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Ascii string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Ascii characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumAsciiStringLength is not + zero, and BufferSize is greater than + PcdMaximumAsciiStringLength. + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +AsciiValueToStringS ( + IN OUT CHAR8 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ); + /** Returns the number of characters that would be produced by if the formatted output were produced not including the Null-terminator. diff --git a/MdePkg/Library/BasePrintLib/PrintLib.c b/MdePkg/Library/BasePrintLib/PrintLib.c index bf8c7bfe12..221b52e23c 100644 --- a/MdePkg/Library/BasePrintLib/PrintLib.c +++ b/MdePkg/Library/BasePrintLib/PrintLib.c @@ -403,6 +403,71 @@ UnicodeValueToString ( return BasePrintLibConvertValueToString ((CHAR8 *)Buffer, Flags, Value, Width, 2); } +/** + Converts a decimal value to a Null-terminated Unicode string. + + Converts the decimal number specified by Value to a Null-terminated Unicode + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Unicode string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Unicode characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumUnicodeStringLength is not + zero, and BufferSize is greater than + (PcdMaximumUnicodeStringLength * + sizeof (CHAR16) + 1). + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +UnicodeValueToStringS ( + IN OUT CHAR16 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + ASSERT_UNICODE_BUFFER(Buffer); + return BasePrintLibConvertValueToStringS ((CHAR8 *)Buffer, BufferSize, Flags, Value, Width, 2); +} + /** Produces a Null-terminated ASCII string in an output buffer based on a Null-terminated ASCII format string and a VA_LIST argument list. @@ -768,6 +833,69 @@ AsciiValueToString ( return BasePrintLibConvertValueToString (Buffer, Flags, Value, Width, 1); } +/** + Converts a decimal value to a Null-terminated Ascii string. + + Converts the decimal number specified by Value to a Null-terminated Ascii + string specified by Buffer containing at most Width characters. No padding of + spaces is ever performed. If Width is 0 then a width of + MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more than + Width characters, then only the first Width characters are placed in Buffer. + Additional conversion parameters are specified in Flags. + + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If RADIX_HEX is set in Flags, then the output buffer will be formatted in + hexadecimal format. + If Value is < 0 and RADIX_HEX is not set in Flags, then the fist character in + Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, then + Buffer is padded with '0' characters so the combination of the optional '-' + sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If Buffer is not aligned on a 16-bit boundary, then ASSERT(). + If an error would be returned, then the function will also ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated Ascii string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of Ascii characters to place in + Buffer, not including the Null-terminator. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If PcdMaximumAsciiStringLength is not + zero, and BufferSize is greater than + PcdMaximumAsciiStringLength. + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +EFIAPI +AsciiValueToStringS ( + IN OUT CHAR8 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width + ) +{ + return BasePrintLibConvertValueToStringS (Buffer, BufferSize, Flags, Value, Width, 1); +} + /** Returns the number of characters that would be produced by if the formatted output were produced not including the Null-terminator. diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.c b/MdePkg/Library/BasePrintLib/PrintLibInternal.c index 155fe6a461..9b15a07ac0 100644 --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.c +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.c @@ -291,6 +291,210 @@ BasePrintLibConvertValueToString ( return ((Buffer - OriginalBuffer) / Increment); } +/** + Internal function that converts a decimal value to a Null-terminated string. + + Converts the decimal number specified by Value to a Null-terminated string + specified by Buffer containing at most Width characters. If Width is 0 then a + width of MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more + than Width characters, then only the first Width characters are placed in + Buffer. Additional conversion parameters are specified in Flags. + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If Value is < 0, then the fist character in Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, + then Buffer is padded with '0' characters so the combination of the optional + '-' sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If an error would be returned, the function will ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of characters to place in Buffer, + not including the Null-terminator. + @param Increment The character increment in Buffer. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If Increment is 1 and + PcdMaximumAsciiStringLength is not zero, + BufferSize is greater than + PcdMaximumAsciiStringLength. + If Increment is not 1 and + PcdMaximumUnicodeStringLength is not zero, + BufferSize is greater than + (PcdMaximumUnicodeStringLength * + sizeof (CHAR16) + 1). + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +BasePrintLibConvertValueToStringS ( + IN OUT CHAR8 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width, + IN UINTN Increment + ) +{ + CHAR8 *EndBuffer; + CHAR8 ValueBuffer[MAXIMUM_VALUE_CHARACTERS]; + CHAR8 *ValueBufferPtr; + UINTN Count; + UINTN Digits; + UINTN Index; + UINTN Radix; + + // + // 1. Buffer shall not be a null pointer. + // + SAFE_PRINT_CONSTRAINT_CHECK ((Buffer != NULL), RETURN_INVALID_PARAMETER); + + // + // 2. BufferSize shall not be greater than (RSIZE_MAX * sizeof (CHAR16)) for + // Unicode output string or shall not be greater than ASCII_RSIZE_MAX for + // Ascii output string. + // + if (Increment == 1) { + // + // Ascii output string + // + if (ASCII_RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= ASCII_RSIZE_MAX), RETURN_INVALID_PARAMETER); + } + } else { + // + // Unicode output string + // + if (RSIZE_MAX != 0) { + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize <= RSIZE_MAX * sizeof (CHAR16) + 1), RETURN_INVALID_PARAMETER); + } + } + + // + // 3. Flags shall be set properly. + // + SAFE_PRINT_CONSTRAINT_CHECK (((Flags & ~(LEFT_JUSTIFY | COMMA_TYPE | PREFIX_ZERO | RADIX_HEX)) == 0), RETURN_INVALID_PARAMETER); + SAFE_PRINT_CONSTRAINT_CHECK ((((Flags & COMMA_TYPE) == 0) || ((Flags & RADIX_HEX) == 0)), RETURN_INVALID_PARAMETER); + + // + // 4. Width shall be smaller than MAXIMUM_VALUE_CHARACTERS. + // + SAFE_PRINT_CONSTRAINT_CHECK ((Width < MAXIMUM_VALUE_CHARACTERS), RETURN_INVALID_PARAMETER); + + // + // Width is 0 or COMMA_TYPE is set, PREFIX_ZERO is ignored. + // + if (Width == 0 || (Flags & COMMA_TYPE) != 0) { + Flags &= ~((UINTN) PREFIX_ZERO); + } + // + // If Width is 0 then a width of MAXIMUM_VALUE_CHARACTERS is assumed. + // + if (Width == 0) { + Width = MAXIMUM_VALUE_CHARACTERS - 1; + } + + // + // Count the characters of the output string. + // + Count = 0; + Radix = ((Flags & RADIX_HEX) == 0)? 10 : 16; + + if ((Flags & PREFIX_ZERO) != 0) { + Count = Width; + } else { + if ((Value < 0) && ((Flags & RADIX_HEX) == 0)) { + Count++; // minus sign + ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, -Value, Radix); + } else { + ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, Value, Radix); + } + Digits = ValueBufferPtr - ValueBuffer; + Count += Digits; + + if ((Flags & COMMA_TYPE) != 0) { + Count += (Digits - 1) / 3; // commas + } + } + + Width = MIN (Count, Width); + + // + // 5. BufferSize shall be large enough to hold the converted string. + // + SAFE_PRINT_CONSTRAINT_CHECK ((BufferSize >= (Width + 1) * Increment), RETURN_BUFFER_TOO_SMALL); + + // + // Set the tag for the end of the input Buffer. + // + EndBuffer = Buffer + Width * Increment; + + // + // Convert decimal negative + // + if ((Value < 0) && ((Flags & RADIX_HEX) == 0)) { + Value = -Value; + Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, '-', Increment); + Width--; + } + + // + // Count the length of the value string. + // + ValueBufferPtr = BasePrintLibValueToString (ValueBuffer, Value, Radix); + Count = ValueBufferPtr - ValueBuffer; + + // + // Append Zero + // + if ((Flags & PREFIX_ZERO) != 0) { + Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, Width - Count, '0', Increment); + } + + // + // Print Comma type for every 3 characters + // + Digits = Count % 3; + if (Digits != 0) { + Digits = 3 - Digits; + } + for (Index = 0; Index < Count; Index++) { + Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, *ValueBufferPtr--, Increment); + if ((Flags & COMMA_TYPE) != 0) { + Digits++; + if (Digits == 3) { + Digits = 0; + if ((Index + 1) < Count) { + Buffer = BasePrintLibFillBuffer (Buffer, EndBuffer, 1, ',', Increment); + } + } + } + } + + // + // Print Null-terminator + // + BasePrintLibFillBuffer (Buffer, EndBuffer + Increment, 1, 0, Increment); + + return RETURN_SUCCESS; +} + /** Worker function that produces a Null-terminated string in an output buffer based on a Null-terminated format string and a VA_LIST argument list. diff --git a/MdePkg/Library/BasePrintLib/PrintLibInternal.h b/MdePkg/Library/BasePrintLib/PrintLibInternal.h index fccef9b9b9..052e699574 100644 --- a/MdePkg/Library/BasePrintLib/PrintLibInternal.h +++ b/MdePkg/Library/BasePrintLib/PrintLibInternal.h @@ -213,4 +213,65 @@ BasePrintLibConvertValueToString ( IN UINTN Increment ); +/** + Internal function that converts a decimal value to a Null-terminated string. + + Converts the decimal number specified by Value to a Null-terminated string + specified by Buffer containing at most Width characters. If Width is 0 then a + width of MAXIMUM_VALUE_CHARACTERS is assumed. If the conversion contains more + than Width characters, then only the first Width characters are placed in + Buffer. Additional conversion parameters are specified in Flags. + The Flags bit LEFT_JUSTIFY is always ignored. + All conversions are left justified in Buffer. + If Width is 0, PREFIX_ZERO is ignored in Flags. + If COMMA_TYPE is set in Flags, then PREFIX_ZERO is ignored in Flags, and + commas are inserted every 3rd digit starting from the right. + If Value is < 0, then the fist character in Buffer is a '-'. + If PREFIX_ZERO is set in Flags and PREFIX_ZERO is not being ignored, + then Buffer is padded with '0' characters so the combination of the optional + '-' sign character, '0' characters, digit characters for Value, and the + Null-terminator add up to Width characters. + + If an error would be returned, the function will ASSERT(). + + @param Buffer The pointer to the output buffer for the produced + Null-terminated string. + @param BufferSize The size of Buffer in bytes, including the + Null-terminator. + @param Flags The bitmask of flags that specify left justification, + zero pad, and commas. + @param Value The 64-bit signed value to convert to a string. + @param Width The maximum number of characters to place in Buffer, + not including the Null-terminator. + @param Increment The character increment in Buffer. + + @retval RETURN_SUCCESS The decimal value is converted. + @retval RETURN_BUFFER_TOO_SMALL If BufferSize cannot hold the converted + value. + @retval RETURN_INVALID_PARAMETER If Buffer is NULL. + If Increment is 1 and + PcdMaximumAsciiStringLength is not zero, + BufferSize is greater than + PcdMaximumAsciiStringLength. + If Increment is not 1 and + PcdMaximumUnicodeStringLength is not zero, + BufferSize is greater than + (PcdMaximumUnicodeStringLength * + sizeof (CHAR16) + 1). + If unsupported bits are set in Flags. + If both COMMA_TYPE and RADIX_HEX are set in + Flags. + If Width >= MAXIMUM_VALUE_CHARACTERS. + +**/ +RETURN_STATUS +BasePrintLibConvertValueToStringS ( + IN OUT CHAR8 *Buffer, + IN UINTN BufferSize, + IN UINTN Flags, + IN INT64 Value, + IN UINTN Width, + IN UINTN Increment + ); + #endif