From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995525740449.64870890476595; Fri, 24 Feb 2017 20:05:25 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8F15A8214F; Fri, 24 Feb 2017 20:05:24 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 788E78214F for ; Fri, 24 Feb 2017 20:05:21 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:21 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:19 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518323" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:09 +0800 Message-Id: <1487995514-7628-2-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 1/6] MdeModulePkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Feng Tian , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Feng Tian Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Feng Tian --- MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c | 4 ++-- MdeModulePkg/Include/Library/NetLib.h | 6 +++= --- MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 4 ++-- MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c | 2 +- MdeModulePkg/Library/FileExplorerLib/FileExplorer.c | 4 ++-- MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c | 4 ++-- MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 4 ++-- MdeModulePkg/Universal/DebugPortDxe/DebugPort.c | 4 ++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c | 4 ++-- MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 4 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 10 +++= ++----- 11 files changed, 25 insertions(+), 25 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c b/MdeModu= lePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c index 2bc4f8c..d2ad94e 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciOptionRomSupport.c @@ -1,7 +1,7 @@ /** @file PCI Rom supporting funtions implementation for PCI Bus module. =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -776,7 +776,7 @@ ProcessOpRomImage ( NextImage: RomBarOffset +=3D ImageSize; =20 - } while (((Indicator & 0x80) =3D=3D 0x00) && ((UINTN) (RomBarOffset - (U= INT8 *) RomBar) < PciDevice->RomSize)); + } while (((Indicator & 0x80) =3D=3D 0x00) && (((UINTN) RomBarOffset - (U= INTN) RomBar) < PciDevice->RomSize)); =20 return RetStatus; } diff --git a/MdeModulePkg/Include/Library/NetLib.h b/MdeModulePkg/Include/L= ibrary/NetLib.h index 09ead09..3b8ff1a 100644 --- a/MdeModulePkg/Include/Library/NetLib.h +++ b/MdeModulePkg/Include/Library/NetLib.h @@ -2,7 +2,7 @@ This library is only intended to be used by UEFI network stack modules. It provides basic functions for the UEFI network stack. =20 -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at
@@ -1610,10 +1610,10 @@ typedef struct { (sizeof (NET_BUF) + ((BlockOpNum) - 1) * sizeof (NET_BLOCK_OP)) =20 #define NET_HEADSPACE(BlockOp) \ - (UINTN)((BlockOp)->Head - (BlockOp)->BlockHead) + ((UINTN)((BlockOp)->Head) - (UINTN)((BlockOp)->BlockHead)) =20 #define NET_TAILSPACE(BlockOp) \ - (UINTN)((BlockOp)->BlockTail - (BlockOp)->Tail) + ((UINTN)((BlockOp)->BlockTail) - (UINTN)((BlockOp)->Tail)) =20 /** Allocate a single block NET_BUF. Upon allocation, all the diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c b/MdeMod= ulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c index 71e05bd..d7abcc8 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c @@ -10,7 +10,7 @@ ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will receive untrusted input and do basic validation. =20 - Copyright (c) 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -547,7 +547,7 @@ ConvertBmpToGopBlt ( =20 } =20 - ImageIndex =3D (UINTN) (Image - ImageHeader); + ImageIndex =3D (UINTN) Image - (UINTN) ImageHeader; if ((ImageIndex % 4) !=3D 0) { // // Bmp Image starts each row on a 32-bit boundary! diff --git a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c b/Md= eModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c index 589d4db..d9aeb92 100644 --- a/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c +++ b/MdeModulePkg/Library/DxePrintLibPrint2Protocol/PrintLib.c @@ -226,7 +226,7 @@ DxePrintLibPrint2ProtocolVaListToBaseList ( // // If BASE_LIST is larger than Size, then return FALSE // - if ((UINTN)((UINT8 *)BaseListMarker - (UINT8 *)BaseListStart) > Size) { + if (((UINTN)BaseListMarker - (UINTN)BaseListStart) > Size) { DEBUG ((DEBUG_ERROR, "The input variable argument list is too long. = Please consider breaking into multiple print calls.\n")); return FALSE; } diff --git a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c b/MdeModul= ePkg/Library/FileExplorerLib/FileExplorer.c index 5eedad7..9182751 100644 --- a/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c +++ b/MdeModulePkg/Library/FileExplorerLib/FileExplorer.c @@ -728,7 +728,7 @@ LibAppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 3); - StrCpyS (LastSlash, MaxLen - (UINTN) (LastSlash - Str), TmpStr); + StrCpyS (LastSlash, MaxLen - ((UINTN) LastSlash - (UINTN) Str) / siz= eof (CHAR16), TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\' && *(Ptr + 1) =3D=3D '.' && *(Ptr + 2) =3D= =3D '\\') { // @@ -740,7 +740,7 @@ LibAppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 2); - StrCpyS (Ptr, MaxLen - (UINTN) (Ptr - Str), TmpStr); + StrCpyS (Ptr, MaxLen - ((UINTN) Ptr - (UINTN) Str) / sizeof (CHAR16)= , TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\') { LastSlash =3D Ptr; diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/M= deModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 5698c91..1f8aaf4 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -1,7 +1,7 @@ /** @file Save the S3 data to S3 boot script. =20 - Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions @@ -2025,7 +2025,7 @@ S3BootScriptCalculateInsertAddress ( // calculate the Position offset // if (Position !=3D NULL) { - PositionOffset =3D (UINTN) ((UINT8 *)Position - S3TableBase); + PositionOffset =3D (UINTN)Position - (UINTN)S3TableBase; =20 // // If the BeforeOrAfter is FALSE, that means to insert the node right= after the node. diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeMo= dulePkg/Library/UefiBootManagerLib/BmLoadOption.c index 6f705bd..116cf28 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c @@ -1,7 +1,7 @@ /** @file Load option library functions which relate with creating and processing = load options. =20 -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License @@ -912,7 +912,7 @@ EfiBootManagerVariableToLoadOptionEx ( FilePath =3D (EFI_DEVICE_PATH_PROTOCOL *) VariablePtr; VariablePtr +=3D FilePathSize; =20 - OptionalDataSize =3D (UINT32) (VariableSize - (UINTN) (VariablePtr - Var= iable)); + OptionalDataSize =3D (UINT32) (VariableSize - ((UINTN) VariablePtr - (UI= NTN) Variable)); if (OptionalDataSize =3D=3D 0) { OptionalData =3D NULL; } else { diff --git a/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c b/MdeModulePkg= /Universal/DebugPortDxe/DebugPort.c index 298b6b2..dcb623c 100644 --- a/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c +++ b/MdeModulePkg/Universal/DebugPortDxe/DebugPort.c @@ -4,7 +4,7 @@ ALL CODE IN THE SERIALIO STACK MUST BE RE-ENTRANT AND CALLABLE FROM INTERRUPT CONTEXT =20 -Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -569,7 +569,7 @@ DebugPortRead ( LocalBufferSize =3D *BufferSize - (BufferPtr - (UINT8 *) Buffer); } while (LocalBufferSize !=3D 0 && Timeout > 0); =20 - *BufferSize =3D (UINTN) (BufferPtr - (UINT8 *) Buffer); + *BufferSize =3D (UINTN) BufferPtr - (UINTN) Buffer; =20 return Status; } diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrit= e.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c index 2e3e8c7..49e747b 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c @@ -3,7 +3,7 @@ These are the common Fault Tolerant Write (FTW) functions that are share= d=20 by DXE FTW driver and SMM FTW driver. =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials =20 are licensed and made available under the terms and conditions of the BSD = License =20 which accompanies this distribution. The full text of the license may be = found at =20 @@ -373,7 +373,7 @@ FtwWrite ( // // If Record is out of the range of Header, return access denied. // - if (((UINTN)((UINT8 *) Record - (UINT8 *) Header)) > FTW_WRITE_TOTAL_SIZ= E (Header->NumberOfWrites - 1, Header->PrivateDataSize)) { + if (((UINTN) Record - (UINTN) Header) > FTW_WRITE_TOTAL_SIZE (Header->Nu= mberOfWrites - 1, Header->PrivateDataSize)) { return EFI_ACCESS_DENIED; } =20 diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/U= niversal/HiiDatabaseDxe/Image.c index 1668828..e2fa16e 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c @@ -2,7 +2,7 @@ Implementation for EFI_HII_IMAGE_PROTOCOL. =20 =20 -Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -1124,7 +1124,7 @@ HiiSetImage ( return EFI_OUT_OF_RESOURCES; } =20 - Part1Size =3D (UINT32) (UINTN) ((UINT8 *) CurrentImageBlock - (UINT8 *) = ImagePackage->ImageBlock); + Part1Size =3D (UINT32) ((UINTN) CurrentImageBlock - (UINTN) ImagePackage= ->ImageBlock); Part2Size =3D ImagePackage->ImageBlockSize - Part1Size - OldBlockSize; CopyMem (ImageBlocks, ImagePackage->ImageBlock, Part1Size); =20 diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeMod= ulePkg/Universal/Variable/RuntimeDxe/Variable.c index f5b6a5f..b0c7434 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -16,7 +16,7 @@ VariableServiceSetVariable() should also check authenticate data to avoi= d buffer overflow, integer overflow. It should also check attribute to avoid authentication= bypass. =20 -Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License @@ -1170,7 +1170,7 @@ Reclaim ( // Install the new variable if it is not NULL. // if (NewVariable !=3D NULL) { - if ((UINTN) (CurrPtr - ValidBuffer) + NewVariableSize > VariableStoreH= eader->Size) { + if (((UINTN) CurrPtr - (UINTN) ValidBuffer) + NewVariableSize > Variab= leStoreHeader->Size) { // // No enough space to store the new variable. // @@ -1211,8 +1211,8 @@ Reclaim ( // If volatile variable store, just copy valid buffer. // SetMem ((UINT8 *) (UINTN) VariableBase, VariableStoreHeader->Size, 0xf= f); - CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) (CurrPtr= - ValidBuffer)); - *LastVariableOffset =3D (UINTN) (CurrPtr - ValidBuffer); + CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) CurrPtr = - (UINTN) ValidBuffer); + *LastVariableOffset =3D (UINTN) CurrPtr - (UINTN) ValidBuffer; Status =3D EFI_SUCCESS; } else { // @@ -1223,7 +1223,7 @@ Reclaim ( (VARIABLE_STORE_HEADER *) ValidBuffer ); if (!EFI_ERROR (Status)) { - *LastVariableOffset =3D (UINTN) (CurrPtr - ValidBuffer); + *LastVariableOffset =3D (UINTN) CurrPtr - (UINTN) ValidBuffer; mVariableModuleGlobal->HwErrVariableTotalSize =3D HwErrVariableTotal= Size; mVariableModuleGlobal->CommonVariableTotalSize =3D CommonVariableTot= alSize; mVariableModuleGlobal->CommonUserVariableTotalSize =3D CommonUserVar= iableTotalSize; --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995526942563.994940211353; Fri, 24 Feb 2017 20:05:26 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C912582158; Fri, 24 Feb 2017 20:05:24 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A0C978214F for ; Fri, 24 Feb 2017 20:05:22 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:22 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:21 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518332" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:10 +0800 Message-Id: <1487995514-7628-3-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 2/6] CryptoPkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Ting Ye , Qin Long MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Qin Long Cc: Ting Ye Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Qin Long --- CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c = b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c index 19c30dc..feaa371 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/RuntimeMemAllocation.c @@ -2,7 +2,7 @@ Light-weight Memory Management Routines for OpenSSL-based Crypto Library at Runtime Phase. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -282,7 +282,7 @@ RuntimeFreeMem ( UINTN StartOffset; UINTN StartPageIndex; =20 - StartOffset =3D (UINTN) ((UINT8 *)Buffer - mRTPageTable->DataAreaBase= ); + StartOffset =3D (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase; StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S(StartOffset)].StartPageOffset); =20 while (StartPageIndex < mRTPageTable->PageCount) { @@ -403,7 +403,7 @@ void *realloc (void *ptr, size_t size) // // Get Original Size of ptr // - StartOffset =3D (UINTN) ((UINT8 *)ptr - mRTPageTable->DataAreaBase); + StartOffset =3D (UINTN)ptr - (UINTN)mRTPageTable->DataAreaBase; StartPageIndex =3D RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGE= S (StartOffset)].StartPageOffset); PageCount =3D 0; while (StartPageIndex < mRTPageTable->PageCount) { --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995529493394.5495916505174; Fri, 24 Feb 2017 20:05:29 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1365B8219C; Fri, 24 Feb 2017 20:05:27 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BEAD58214F for ; Fri, 24 Feb 2017 20:05:23 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:23 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:22 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518339" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:11 +0800 Message-Id: <1487995514-7628-4-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 3/6] IntelFrameworkModulePkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Jeff Fan MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Jeff Fan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Jeff Fan --- IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c | 4 ++-- IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c | 4 ++-- IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c | 4 ++-- IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c | 4 ++-- IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c | 4 ++-- IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c b/IntelF= rameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c index 8f91a7d..c4c77ec 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c @@ -1,6 +1,6 @@ /** @file =20 -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made available under the terms and conditions @@ -318,7 +318,7 @@ GetPciLegacyRom ( break; } =20 - if ((UINTN)(RomHeader.Raw - (UINT8 *) *Rom) + Pcir->ImageLength * 512 = > *ImageSize) { + if (((UINTN)RomHeader.Raw - (UINTN)*Rom) + Pcir->ImageLength * 512 > *= ImageSize) { break; } =20 diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c b/Inte= lFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c index bba62a8..628424d 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsBoot.c @@ -1,7 +1,7 @@ /** @file BDS Lib functions which relate with create or process the boot option. =20 -Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -1034,7 +1034,7 @@ BdsCreateDevOrder ( DevOrderPtr->Length =3D (UINT16) (sizeof (UINT16) + BEVCount * sizeof (= UINT16)); DevOrderPtr =3D (LEGACY_DEV_ORDER_ENTRY *) BdsFillDevOrderBuf (= BbsTable, BBS_BEV_DEVICE, BbsCount, DevOrderPtr->Data); =20 - ASSERT (TotalSize =3D=3D (UINTN) ((UINT8 *) DevOrderPtr - (UINT8 *) DevO= rder)); + ASSERT (TotalSize =3D=3D ((UINTN) DevOrderPtr - (UINTN) DevOrder)); =20 // // Save device order for legacy boot device to variable. diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c b/I= ntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c index 1020e84..8f273ff 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c @@ -1,7 +1,7 @@ /** @file BDS Lib functions which contain all the code to connect console device =20 -Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -873,7 +873,7 @@ ConvertBmpToGopBlt ( =20 } =20 - ImageIndex =3D (UINTN) (Image - ImageHeader); + ImageIndex =3D (UINTN)Image - (UINTN)ImageHeader; if ((ImageIndex % 4) !=3D 0) { // // Bmp Image starts each row on a 32-bit boundary! diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c b/Inte= lFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c index 24c1998..2ba511a 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsMisc.c @@ -1,7 +1,7 @@ /** @file Misc BDS library function =20 -Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -669,7 +669,7 @@ BdsLibVariableToOption ( // Get load opion data. // LoadOptions =3D TempPtr; - LoadOptionsSize =3D (UINT32) (VariableSize - (UINTN) (TempPtr - Variable= )); + LoadOptionsSize =3D (UINT32) (VariableSize - ((UINTN)TempPtr - (UINTN)Va= riable)); =20 // // The Console variables may have multiple device paths, so make diff --git a/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.= c b/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c index c56a878..080a436 100644 --- a/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c +++ b/IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBm.c @@ -3,7 +3,7 @@ and manage the legacy boot option, all legacy boot option is getting from the legacy BBS table. =20 -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -725,7 +725,7 @@ LegacyBmCreateDevOrder ( DevOrderPtr->Length =3D (UINT16) (sizeof (UINT16) + BEVCount * sizeof (= UINT16)); DevOrderPtr =3D (LEGACY_DEV_ORDER_ENTRY *) LegacyBmFillDevOrder= Buf (BbsTable, BBS_BEV_DEVICE, BbsCount, DevOrderPtr->Data); =20 - ASSERT (TotalSize =3D=3D (UINTN) ((UINT8 *) DevOrderPtr - (UINT8 *) DevO= rder)); + ASSERT (TotalSize =3D=3D ((UINTN) DevOrderPtr - (UINTN) DevOrder)); =20 // // Save device order for legacy boot device to variable. diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.= c b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c index 5898fb3..6233a11 100644 --- a/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c +++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BootMaint/BootOption.c @@ -5,7 +5,7 @@ =20 Boot option manipulation =20 -Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -1124,7 +1124,7 @@ BOpt_AppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 3); - StrCpyS (LastSlash, MaxLen - (UINTN) (LastSlash - Str), TmpStr); + StrCpyS (LastSlash, MaxLen - ((UINTN) LastSlash - (UINTN) Str) / siz= eof (CHAR16), TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\' && *(Ptr + 1) =3D=3D '.' && *(Ptr + 2) =3D= =3D '\\') { // @@ -1136,7 +1136,7 @@ BOpt_AppendFileName ( // that overlap. // StrCpyS (TmpStr, MaxLen, Ptr + 2); - StrCpyS (Ptr, MaxLen - (UINTN) (Ptr - Str), TmpStr); + StrCpyS (Ptr, MaxLen - ((UINTN) Ptr - (UINTN) Str) / sizeof (CHAR16)= , TmpStr); Ptr =3D LastSlash; } else if (*Ptr =3D=3D '\\') { LastSlash =3D Ptr; --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995532129803.52768880492; Fri, 24 Feb 2017 20:05:32 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 50E5E8219F; Fri, 24 Feb 2017 20:05:27 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1851D8219B for ; Fri, 24 Feb 2017 20:05:25 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:25 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:23 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518348" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:12 +0800 Message-Id: <1487995514-7628-5-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 4/6] NetworkPkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Siyuan Fu , Jiaxin Wu MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Siyuan Fu Cc: Jiaxin Wu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Fu Siyuan Reviewed-by: Wu Jiaxin --- NetworkPkg/HttpDxe/HttpImpl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index 745832b..1f7a4fa 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -1342,7 +1342,7 @@ HttpResponseWorker ( // We receive part of header of next HTTP msg. // if (HttpInstance->NextMsg !=3D NULL) { - HttpMsg->BodyLength =3D MIN ((UINTN) (HttpInstance->NextMsg - (CHAR8= *) Fragment.Bulk), HttpMsg->BodyLength); + HttpMsg->BodyLength =3D MIN ((UINTN) HttpInstance->NextMsg - (UINTN)= Fragment.Bulk, HttpMsg->BodyLength); CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); =20 HttpInstance->CacheLen =3D Fragment.Len - HttpMsg->BodyLength; @@ -1360,7 +1360,7 @@ HttpResponseWorker ( CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLen= gth, HttpInstance->CacheLen); HttpInstance->CacheOffset =3D 0; =20 - HttpInstance->NextMsg =3D HttpInstance->CacheBody + (UINTN) (HttpI= nstance->NextMsg - (CHAR8 *) (Fragment.Bulk + HttpMsg->BodyLength)); + HttpInstance->NextMsg =3D HttpInstance->CacheBody + ((UINTN) HttpI= nstance->NextMsg - (UINTN) (Fragment.Bulk + HttpMsg->BodyLength)); } } else { HttpMsg->BodyLength =3D MIN (Fragment.Len, (UINT32) HttpMsg->BodyLen= gth); --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995534709288.124349454671; Fri, 24 Feb 2017 20:05:34 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8D506821A5; Fri, 24 Feb 2017 20:05:27 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2E1A28219B for ; Fri, 24 Feb 2017 20:05:26 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:26 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:24 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518354" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:13 +0800 Message-Id: <1487995514-7628-6-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 5/6] SecurityPkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Chao Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Chao Zhang --- SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c = | 16 ++++++++-------- SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c = | 10 +++++----- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c = | 6 +++--- SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c = | 10 +++++----- SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c = | 10 +++++----- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl= .c | 12 ++++++------ 6 files changed, 32 insertions(+), 32 deletions(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati= onLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL= ib.c index e28e106..588072c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -391,13 +391,13 @@ HashPeImage ( // // Use PE32 offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Check= Sum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UIN= TN) HashBase; NumberOfRvaAndSizes =3D mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndS= izes; } else if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { // // Use PE32+ offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.C= heckSum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - = (UINTN) HashBase; NumberOfRvaAndSizes =3D mNtHeader.Pe32Plus->OptionalHeader.NumberOfRva= AndSizes; } else { // @@ -425,13 +425,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + si= zeof (UINT32); - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) = (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)= HashBase - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum = + sizeof (UINT32); - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UIN= TN) (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UI= NTN) HashBase - (UINTN) mImageBase); } =20 if (HashSize !=3D 0) { @@ -449,13 +449,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + si= zeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Dat= aDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum = + sizeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader= .DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { @@ -474,13 +474,13 @@ HashPeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory= [EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) = (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)= HashBase - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirec= tory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UIN= TN) (HashBase - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UI= NTN) HashBase - (UINTN) mImageBase); } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.= c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index 52bf582..8167a21 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -15,7 +15,7 @@ TcgMeasureGptTable() function will receive untrusted GPT partition table= , and parse partition data carefully. =20 -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials=20 are licensed and made available under the terms and conditions of the BSD = License=20 which accompanies this distribution. The full text of the license may be = found at=20 @@ -443,13 +443,13 @@ TcgMeasurePeImage ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) Ha= shBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN= ) HashBase; } =20 HashStatus =3D Sha1Update (Sha1Ctx, HashBase, HashSize); @@ -494,13 +494,13 @@ TcgMeasurePeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IM= AGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Li= brary/Tpm2CommandLib/Tpm2Help.c index 64d3c53..180f360 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 help. =20 -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -141,7 +141,7 @@ CopyAuthSessionCommand ( Buffer +=3D sizeof(UINT16); } =20 - return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionOut); + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut); } =20 /** @@ -186,7 +186,7 @@ CopyAuthSessionResponse ( CopyMem (AuthSessionOut->hmac.buffer, Buffer, AuthSessionOut->hmac.size); Buffer +=3D AuthSessionOut->hmac.size; =20 - return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionIn); + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionIn); } =20 /** diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= Tcg2Dxe/MeasureBootPeCoff.c index de55ed9..8ee34a7 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c @@ -6,7 +6,7 @@ This external input must be validated carefully to avoid security issue = like buffer overflow, integer overflow. =20 -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials=20 are licensed and made available under the terms and conditions of the BSD = License=20 which accompanies this distribution. The full text of the license may be = found at=20 @@ -206,13 +206,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) Ha= shBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN= ) HashBase; } =20 Status =3D HashUpdate (HashHandle, HashBase, HashSize); @@ -257,13 +257,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IM= AGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= TrEEDxe/MeasureBootPeCoff.c index b20fc70..a7de588 100644 --- a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c @@ -6,7 +6,7 @@ This external input must be validated carefully to avoid security issue = like buffer overflow, integer overflow. =20 -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials=20 are licensed and made available under the terms and conditions of the BSD = License=20 which accompanies this distribution. The full text of the license may be = found at=20 @@ -206,13 +206,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - = HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) Ha= shBase; } else { // // Use PE32+ offset // NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum= ) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN= ) HashBase; } =20 Status =3D HashUpdate (HashHandle, HashBase, HashSize); @@ -257,13 +257,13 @@ MeasurePeImageAndExtend ( // Use PE32 offset // HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirect= ory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IM= AGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset // =20 HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDi= rectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } =20 if (HashSize !=3D 0) { diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index 6f58729..52804dd 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c @@ -1837,12 +1837,12 @@ HashPeImage ( // // Use PE32 offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.Check= Sum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UIN= TN) HashBase; } else { // // Use PE32+ offset. // - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.C= heckSum) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - = (UINTN) HashBase; } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); @@ -1859,13 +1859,13 @@ HashPeImage ( // Use PE32 offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataD= irectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + = sizeof (UINT32); - HashSize =3D (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.D= ataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); + HashSize =3D (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirector= y[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); @@ -1881,13 +1881,13 @@ HashPeImage ( // Use PE32 offset // HashBase =3D (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[E= FI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((= UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY= _ENTRY_SECURITY + 1]) - mImageBase); + HashSize =3D mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) (= &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SEC= URITY + 1]) - (UINTN) mImageBase); } else { // // Use PE32+ offset. // HashBase =3D (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirecto= ry[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN= ) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_D= IRECTORY_ENTRY_SECURITY + 1]) - mImageBase); + HashSize =3D mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINT= N) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_E= NTRY_SECURITY + 1]) - (UINTN) mImageBase); } =20 Status =3D mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Thu Mar 28 15:19:12 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487995537132944.2636082010944; Fri, 24 Feb 2017 20:05:37 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id CB6D6821A3; Fri, 24 Feb 2017 20:05:29 -0800 (PST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 88B29821A3 for ; Fri, 24 Feb 2017 20:05:27 -0800 (PST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 24 Feb 2017 20:05:27 -0800 Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by fmsmga004.fm.intel.com with ESMTP; 24 Feb 2017 20:05:25 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208";a="229518362" From: Hao Wu To: edk2-devel@lists.01.org Date: Sat, 25 Feb 2017 12:05:14 +0800 Message-Id: <1487995514-7628-7-git-send-email-hao.a.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.0 In-Reply-To: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> References: <1487995514-7628-1-git-send-email-hao.a.wu@intel.com> Subject: [edk2] [PATCH v3 6/6] ShellPkg: Refine type cast for pointer subtraction X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Jaben Carsey , Ruiyu Ni MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff =3D (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff =3D (UINTN) Ptr1 - (UINTN) Ptr2; Cc: Jaben Carsey Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu Acked-by: Laszlo Ersek Reviewed-by: Jaben Carsey Reviewed-by: Ruiyu Ni --- ShellPkg/Application/Shell/ShellParametersProtocol.c | 6 ++= +--- ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c | 4 ++= -- ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c | 4 ++= -- ShellPkg/Library/UefiShellDriver1CommandsLib/Dh.c | 4 ++= -- ShellPkg/Library/UefiShellLevel2CommandsLib/Cd.c | 4 ++= -- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ShellPkg/Application/Shell/ShellParametersProtocol.c b/ShellPk= g/Application/Shell/ShellParametersProtocol.c index 4999155..8d76fb4 100644 --- a/ShellPkg/Application/Shell/ShellParametersProtocol.c +++ b/ShellPkg/Application/Shell/ShellParametersProtocol.c @@ -5,7 +5,7 @@ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
Copyright (C) 2014, Red Hat, Inc. (C) Copyright 2013 Hewlett-Packard Development Company, L.P.
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -1034,9 +1034,9 @@ UpdateStdInStdOutStdErr( StrnCpyS(CommandLineCopy, StrSize(CommandLineCopy)/sizeof(CHAR16), NewCo= mmandLine, StrLen(NewCommandLine)); =20 if (FirstLocation !=3D CommandLineCopy + StrLen(CommandLineCopy) - && ((UINTN)(FirstLocation - CommandLineCopy) < StrLen(NewCommandLine)) + && (((UINTN)FirstLocation - (UINTN)CommandLineCopy)/sizeof(CHAR16) < S= trLen(NewCommandLine)) ){ - *(NewCommandLine + (UINTN)(FirstLocation - CommandLineCopy)) =3D CHAR_= NULL; + *(NewCommandLine + ((UINTN)FirstLocation - (UINTN)CommandLineCopy)/siz= eof(CHAR16)) =3D CHAR_NULL; } =20 if (!EFI_ERROR(Status)) { diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c b/Shell= Pkg/Library/UefiShellDebug1CommandsLib/DmpStore.c index bb2c0b9..18f15fa 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c @@ -2,7 +2,7 @@ Main file for DmpStore shell Debug1 function. =20 (C) Copyright 2013-2015 Hewlett-Packard Development Company, L.P.
- Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -364,7 +364,7 @@ AppendSingleVariableToFile ( // // Crc32 // - gBS->CalculateCrc32 (Buffer, (UINTN) (Ptr - Buffer), (UINT32 *) Ptr); + gBS->CalculateCrc32 (Buffer, (UINTN) Ptr - (UINTN) Buffer, (UINT32 *) Pt= r); =20 Status =3D ShellWriteFile (FileHandle, &BufferSize, Buffer); FreePool (Buffer); diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosV= iew.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c index 56b682a..a5b16fe 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c @@ -2,7 +2,7 @@ Tools of clarify the content of the smbios table. =20 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
- Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.
+ Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -700,7 +700,7 @@ CalculateSmbios64BitStructureCountAndLength ( // // Length =3D Next structure head - this structure head // - (*Smbios64TableLength) +=3D (UINTN) (Smbios.Raw - Raw); + (*Smbios64TableLength) +=3D ((UINTN) Smbios.Raw - (UINTN) Raw); if ((*Smbios64TableLength) > Smbios64EntryPoint->TableMaximumSize) { // // The actual table length exceeds maximum table size, diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/Dh.c b/ShellPkg/L= ibrary/UefiShellDriver1CommandsLib/Dh.c index d17a29d..0bcee92 100644 --- a/ShellPkg/Library/UefiShellDriver1CommandsLib/Dh.c +++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/Dh.c @@ -75,7 +75,7 @@ IsValidGuidString( ) { Walker++; } else { - if (*Walker =3D=3D L'-' && (UINTN)(Walker - PrevWalker) =3D=3D mGuid= DataLen[Index]) { + if (*Walker =3D=3D L'-' && (((UINTN)Walker - (UINTN)PrevWalker) / si= zeof (CHAR16)) =3D=3D mGuidDataLen[Index]) { Walker++; PrevWalker =3D Walker; Index++; @@ -85,7 +85,7 @@ IsValidGuidString( } } =20 - if ((UINTN)(Walker - PrevWalker) =3D=3D mGuidDataLen[Index]) { + if ((((UINTN)Walker - (UINTN)PrevWalker) / sizeof (CHAR16)) =3D=3D mGuid= DataLen[Index]) { return TRUE; } else { return FALSE; diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Cd.c b/ShellPkg/Li= brary/UefiShellLevel2CommandsLib/Cd.c index dd4a740..9ae8176 100644 --- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Cd.c +++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Cd.c @@ -99,10 +99,10 @@ IsCurrentFileSystem ( =20 Splitter2 =3D StrStr (Cwd, L":"); =20 - if ((UINTN) (Splitter1 - FullPath) !=3D (UINTN) (Splitter2 - Cwd)) { + if (((UINTN) Splitter1 - (UINTN) FullPath) !=3D ((UINTN) Splitter2 - (UI= NTN) Cwd)) { return FALSE; } else { - if (StrniCmp (FullPath, Cwd, (UINTN) (Splitter1 - FullPath)) =3D=3D NU= LL) { + if (StrniCmp (FullPath, Cwd, ((UINTN) Splitter1 - (UINTN) FullPath) / = sizeof (CHAR16)) =3D=3D NULL) { return TRUE; } else { return FALSE; --=20 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel