From nobody Sun Feb  8 19:39:44 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+100107+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100107+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.microsoft.com
ARC-Seal: i=1; a=rsa-sha256; t=1676303405; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hXDy7ge0zufhXTkVYofDzMPItWISkAxbiyVcij1+BHdLpAua+OSQR/KvNsMKX1uadzjjKcUfPc1xH0xIwHQZVn51N/UYbOItT8DDdQR0wEgW76A0SpDAMczMKbw7PaDX9Qqr54zmx6BrO9NgxVvOE1m5wvxGs+5nCAxYbV/GfeQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676303405;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=R9i+Or5sSt3p3mMF6tBdY57eSfLzyBwyy7cIti7ZhhA=;
	b=NSWcBNTJs4+q4EZwimhBwt/Ewk4yxxeN8xEblwXs/grgTo5Psrdl8uld5GxQEc4KLEgJw54vihcGie3phySwFEDp+gyE+RrRY/tPEMjJFQ3FpOujEpsFySdhMHok+O/XFEMmQZpPME1loWaqWjboEzJVAR/m6cR/NIofFYqcc4g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100107+1787277+3901457@groups.io;
	dmarc=fail header.from=<mikuback@linux.microsoft.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1676303405286643.7867883785386;
 Mon, 13 Feb 2023 07:50:05 -0800 (PST)
Return-Path: <bounce+27952+100107+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id WQh6YY1788612xOregmHErNa;
 Mon, 13 Feb 2023 07:50:03 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.17800.1676303401357502586
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:50:01 -0800
X-Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 572F020C8B73;
	Mon, 13 Feb 2023 07:50:00 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 572F020C8B73
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Erich McMillan <emcmillan@microsoft.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [edk2-devel] [PATCH v3 06/12] MdePkg: Fix conditionally uninitialized
 variables
Date: Mon, 13 Feb 2023 10:49:02 -0500
Message-Id: <20230213154908.1993-7-mikuback@linux.microsoft.com>
In-Reply-To: <20230213154908.1993-1-mikuback@linux.microsoft.com>
References: <20230213154908.1993-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
X-Gm-Message-State: TeGVyGGpZ8JsebFUiF47sGugx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1676303403;
 bh=jAaPoRsq+WQSMVlegpTUE439+woQEaqIlIlN7+YglCU=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=jr8E0bKGmUp9s4XbKrciGQ41nibsfGavIaTSkUja+tFkXES8TDO2Y77d0zjPeiHFOO8
 A46OydHi6JblOuMp7/LFnImqCL+lXd24Pg+bM8uym7RLfhi+v7JENBu2wKPhGxvfRHKIs
 OKr7jEc55tGsCznLnE4IAfiVgNvo2bD11xs=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1676303406868100002
Content-Type: text/plain; charset="utf-8"

From: Michael Kubacki <michael.kubacki@microsoft.com>

Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html

Note that this change affects the actual return value from the
following functions. The functions documented that if an integer
overflow occurred, MAX_UINTN would be returned. They were
implemented to actually return an undefined value from the stack.

This change makes the function follow its description. However, this
is technically different than what callers may have previously
expected.

MdePkg/Library/BaseLib/String.c:
  - StrDecimalToUintn()
  - StrDecimalToUint64()
  - StrHexToUintn()
  - StrHexToUint64()
  - AsciiStrDecimalToUintn()
  - AsciiStrDecimalToUint64()
  - AsciiStrHexToUintn()
  - AsciiStrHexToUint64()

Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Co-authored-by: Erich McMillan <emcmillan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
 MdePkg/Library/BaseLib/String.c | 40 ++++++++++++++++----
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/Strin=
g.c
index 98e6d31463e0..637c96e7b31b 100644
--- a/MdePkg/Library/BaseLib/String.c
+++ b/MdePkg/Library/BaseLib/String.c
@@ -408,7 +408,10 @@ StrDecimalToUintn (
 {
   UINTN  Result;
=20
-  StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrDecimalToUintnS (String, (CHAR16 **)NULL, &Result))=
) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -454,7 +457,10 @@ StrDecimalToUint64 (
 {
   UINT64  Result;
=20
-  StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrDecimalToUint64S (String, (CHAR16 **)NULL, &Result)=
)) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -501,7 +507,10 @@ StrHexToUintn (
 {
   UINTN  Result;
=20
-  StrHexToUintnS (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrHexToUintnS (String, (CHAR16 **)NULL, &Result))) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -548,7 +557,10 @@ StrHexToUint64 (
 {
   UINT64  Result;
=20
-  StrHexToUint64S (String, (CHAR16 **)NULL, &Result);
+  if (RETURN_ERROR (StrHexToUint64S (String, (CHAR16 **)NULL, &Result))) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -989,7 +1001,10 @@ AsciiStrDecimalToUintn (
 {
   UINTN  Result;
=20
-  AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrDecimalToUintnS (String, (CHAR8 **)NULL, &Resu=
lt))) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -1031,7 +1046,10 @@ AsciiStrDecimalToUint64 (
 {
   UINT64  Result;
=20
-  AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrDecimalToUint64S (String, (CHAR8 **)NULL, &Res=
ult))) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
@@ -1077,7 +1095,10 @@ AsciiStrHexToUintn (
 {
   UINTN  Result;
=20
-  AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrHexToUintnS (String, (CHAR8 **)NULL, &Result))=
) {
+    return MAX_UINTN;
+  }
+
   return Result;
 }
=20
@@ -1123,7 +1144,10 @@ AsciiStrHexToUint64 (
 {
   UINT64  Result;
=20
-  AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result);
+  if (RETURN_ERROR (AsciiStrHexToUint64S (String, (CHAR8 **)NULL, &Result)=
)) {
+    return MAX_UINT64;
+  }
+
   return Result;
 }
=20
--=20
2.28.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100107): https://edk2.groups.io/g/devel/message/100107
Mute This Topic: https://groups.io/mt/96938302/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-