tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 08:04:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg:Use safe string functions

Browse Source 
Replace unsafe String functions with new added safe string functions

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17724 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Dandan Bi 2015-06-29 02:36:31 +00:00 committed by dandanbi
parent e9da7deaa4
commit 5ad66ec692
13 changed files with 201 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
MdeModulePkg/Library/UefiHiiLib/HiiLib.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
HII Library implementation that uses DXE protocols and services. HII Library implementation that uses DXE protocols and services.
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -606,6 +606,7 @@ HiiConstructConfigHdr (
CHAR16 *ReturnString; CHAR16 *ReturnString;
UINTN Index; UINTN Index;
UINT8 *Buffer; UINT8 *Buffer;
UINTN MaxLen;
// //
// Compute the length of Name in Unicode characters. // Compute the length of Name in Unicode characters.
@ -636,7 +637,8 @@ HiiConstructConfigHdr (
// GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null> // GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null>
// | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 | 1 | // | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 | 1 |
// //
String = AllocateZeroPool ((5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1) * sizeof (CHAR16)); MaxLen = 5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1;
String = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (String == NULL) { if (String == NULL) {
return NULL; return NULL;
} }
@ -644,7 +646,8 @@ HiiConstructConfigHdr (
// //
// Start with L"GUID=" // Start with L"GUID="
// //
ReturnString = StrCpy (String, L"GUID="); StrCpyS (String, MaxLen, L"GUID=");
ReturnString = String;
String += StrLen (String); String += StrLen (String);
if (Guid != NULL) { if (Guid != NULL) {
@ -659,7 +662,7 @@ HiiConstructConfigHdr (
// //
// Append L"&NAME=" // Append L"&NAME="
// //
StrCpy (String, L"&NAME="); StrCpyS (String, MaxLen, L"&NAME=");
String += StrLen (String); String += StrLen (String);
if (Name != NULL) { if (Name != NULL) {
@ -674,7 +677,7 @@ HiiConstructConfigHdr (
// //
// Append L"&PATH=" // Append L"&PATH="
// //
StrCpy (String, L"&PATH="); StrCpyS (String, MaxLen, L"&PATH=");
String += StrLen (String); String += StrLen (String);
// //
@ -786,7 +789,7 @@ InternalHiiGetBufferFromString (
StringPtr = (CHAR16 *) DataBuffer; StringPtr = (CHAR16 *) DataBuffer;
ZeroMem (TemStr, sizeof (TemStr)); ZeroMem (TemStr, sizeof (TemStr));
for (Index = 0; Index < Length; Index += 4) { for (Index = 0; Index < Length; Index += 4) {
StrnCpy (TemStr, ConfigHdr + Index, 4); StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), ConfigHdr + Index, 4);
StringPtr[Index/4] = (CHAR16) StrHexToUint64 (TemStr); StringPtr[Index/4] = (CHAR16) StrHexToUint64 (TemStr);
} }
// //
@ -2011,6 +2014,7 @@ InternalHiiIfrValueAction (
EFI_HII_PACKAGE_LIST_HEADER *HiiPackageList; EFI_HII_PACKAGE_LIST_HEADER *HiiPackageList;
UINTN PackageListLength; UINTN PackageListLength;
UINTN MaxLen;
EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
@ -2266,14 +2270,15 @@ NextConfigAltResp:
// Construct ConfigAltHdr string "&<ConfigHdr>&ALTCFG=\0" // Construct ConfigAltHdr string "&<ConfigHdr>&ALTCFG=\0"
// | 1 | StrLen (ConfigHdr) | 8 | 1 | // | 1 | StrLen (ConfigHdr) | 8 | 1 |
// //
ConfigAltHdr = AllocateZeroPool ((1 + StringPtr - StringHdr + 8 + 1) * sizeof (CHAR16)); MaxLen = 1 + StringPtr - StringHdr + 8 + 1;
ConfigAltHdr = AllocateZeroPool ( MaxLen * sizeof (CHAR16));
if (ConfigAltHdr == NULL) { if (ConfigAltHdr == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
StrCpy (ConfigAltHdr, L"&"); StrCpyS (ConfigAltHdr, MaxLen, L"&");
StrnCat (ConfigAltHdr, StringHdr, StringPtr - StringHdr); StrnCatS (ConfigAltHdr, MaxLen, StringHdr, StringPtr - StringHdr);
StrCat (ConfigAltHdr, L"&ALTCFG="); StrCatS (ConfigAltHdr, MaxLen, L"&ALTCFG=");
// //
// Skip all AltResp (AltConfigHdr ConfigBody) for the same ConfigHdr // Skip all AltResp (AltConfigHdr ConfigBody) for the same ConfigHdr

32
MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
View File

@ -2149,6 +2149,7 @@ FxConfirmPopup (
UINT32 CheckFlags; UINT32 CheckFlags;
BOOLEAN RetVal; BOOLEAN RetVal;
UINTN CatLen; UINTN CatLen;
UINTN MaxLen;
CfmStrLen = 0; CfmStrLen = 0;
CatLen = StrLen (gConfirmMsgConnect); CatLen = StrLen (gConfirmMsgConnect);
@ -2209,50 +2210,51 @@ FxConfirmPopup (
// Allocate buffer to save the string. // Allocate buffer to save the string.
// String + "?" + "\0" // String + "?" + "\0"
// //
CfmStr = AllocateZeroPool ((CfmStrLen + 1 + 1) * sizeof (CHAR16)); MaxLen = CfmStrLen + 1 + 1;
CfmStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (CfmStr != NULL); ASSERT (CfmStr != NULL);
if ((Action & BROWSER_ACTION_DISCARD) == BROWSER_ACTION_DISCARD) { if ((Action & BROWSER_ACTION_DISCARD) == BROWSER_ACTION_DISCARD) {
StrCpy (CfmStr, gConfirmDiscardMsg); StrCpyS (CfmStr, MaxLen, gConfirmDiscardMsg);
} }
if ((Action & BROWSER_ACTION_DEFAULT) == BROWSER_ACTION_DEFAULT) { if ((Action & BROWSER_ACTION_DEFAULT) == BROWSER_ACTION_DEFAULT) {
if (CfmStr[0] != 0) { if (CfmStr[0] != 0) {
StrCat (CfmStr, gConfirmMsgConnect); StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
StrCat (CfmStr, gConfirmDefaultMsg2nd); StrCatS (CfmStr, MaxLen, gConfirmDefaultMsg2nd);
} else { } else {
StrCpy (CfmStr, gConfirmDefaultMsg); StrCpyS (CfmStr, MaxLen, gConfirmDefaultMsg);
} }
} }
if ((Action & BROWSER_ACTION_SUBMIT) == BROWSER_ACTION_SUBMIT) { if ((Action & BROWSER_ACTION_SUBMIT) == BROWSER_ACTION_SUBMIT) {
if (CfmStr[0] != 0) { if (CfmStr[0] != 0) {
StrCat (CfmStr, gConfirmMsgConnect); StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
StrCat (CfmStr, gConfirmSubmitMsg2nd); StrCatS (CfmStr, MaxLen, gConfirmSubmitMsg2nd);
} else { } else {
StrCpy (CfmStr, gConfirmSubmitMsg); StrCpyS (CfmStr, MaxLen, gConfirmSubmitMsg);
} }
} }
if ((Action & BROWSER_ACTION_RESET) == BROWSER_ACTION_RESET) { if ((Action & BROWSER_ACTION_RESET) == BROWSER_ACTION_RESET) {
if (CfmStr[0] != 0) { if (CfmStr[0] != 0) {
StrCat (CfmStr, gConfirmMsgConnect); StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
StrCat (CfmStr, gConfirmResetMsg2nd); StrCatS (CfmStr, MaxLen, gConfirmResetMsg2nd);
} else { } else {
StrCpy (CfmStr, gConfirmResetMsg); StrCpyS (CfmStr, MaxLen, gConfirmResetMsg);
} }
} }
if ((Action & BROWSER_ACTION_EXIT) == BROWSER_ACTION_EXIT) { if ((Action & BROWSER_ACTION_EXIT) == BROWSER_ACTION_EXIT) {
if (CfmStr[0] != 0) { if (CfmStr[0] != 0) {
StrCat (CfmStr, gConfirmMsgConnect); StrCatS (CfmStr, MaxLen, gConfirmMsgConnect);
StrCat (CfmStr, gConfirmExitMsg2nd); StrCatS (CfmStr, MaxLen, gConfirmExitMsg2nd);
} else { } else {
StrCpy (CfmStr, gConfirmExitMsg); StrCpyS (CfmStr, MaxLen, gConfirmExitMsg);
} }
} }
StrCat (CfmStr, gConfirmMsgEnd); StrCatS (CfmStr, MaxLen, gConfirmMsgEnd);
do { do {
CreateDialog (&Key, gEmptyString, CfmStr, gConfirmOpt, gEmptyString, NULL); CreateDialog (&Key, gEmptyString, CfmStr, gConfirmOpt, gEmptyString, NULL);

20
MdeModulePkg/Universal/DisplayEngineDxe/InputHandler.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Implementation for handling user input from the User Interfaces. Implementation for handling user input from the User Interfaces.
Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -84,6 +84,7 @@ ReadString (
UINTN Maximum; UINTN Maximum;
FORM_DISPLAY_ENGINE_STATEMENT *Question; FORM_DISPLAY_ENGINE_STATEMENT *Question;
BOOLEAN IsPassword; BOOLEAN IsPassword;
UINTN MaxLen;
DimensionsWidth = gStatementDimensions.RightColumn - gStatementDimensions.LeftColumn; DimensionsWidth = gStatementDimensions.RightColumn - gStatementDimensions.LeftColumn;
DimensionsHeight = gStatementDimensions.BottomRow - gStatementDimensions.TopRow; DimensionsHeight = gStatementDimensions.BottomRow - gStatementDimensions.TopRow;
@ -102,7 +103,8 @@ ReadString (
IsPassword = FALSE; IsPassword = FALSE;
} }
TempString = AllocateZeroPool ((Maximum + 1)* sizeof (CHAR16)); MaxLen = Maximum + 1;
TempString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (TempString); ASSERT (TempString);
if (ScreenSize < (Maximum + 1)) { if (ScreenSize < (Maximum + 1)) {
@ -244,7 +246,7 @@ ReadString (
// //
// Effectively truncate string by 1 character // Effectively truncate string by 1 character
// //
StrCpy (StringPtr, TempString); StrCpyS (StringPtr, MaxLen, TempString);
CurrentCursor --; CurrentCursor --;
} }
@ -253,7 +255,7 @@ ReadString (
// If it is the beginning of the string, don't worry about checking maximum limits // If it is the beginning of the string, don't worry about checking maximum limits
// //
if ((StringPtr[0] == CHAR_NULL) && (Key.UnicodeChar != CHAR_BACKSPACE)) { if ((StringPtr[0] == CHAR_NULL) && (Key.UnicodeChar != CHAR_BACKSPACE)) {
StrnCpy (StringPtr, &Key.UnicodeChar, 1); StrnCpyS (StringPtr, MaxLen, &Key.UnicodeChar, 1);
CurrentCursor++; CurrentCursor++;
} else if ((GetStringWidth (StringPtr) < ((Maximum + 1) * sizeof (CHAR16))) && (Key.UnicodeChar != CHAR_BACKSPACE)) { } else if ((GetStringWidth (StringPtr) < ((Maximum + 1) * sizeof (CHAR16))) && (Key.UnicodeChar != CHAR_BACKSPACE)) {
KeyPad[0] = Key.UnicodeChar; KeyPad[0] = Key.UnicodeChar;
@ -264,11 +266,11 @@ ReadString (
TempString[Index] = StringPtr[Index]; TempString[Index] = StringPtr[Index];
} }
TempString[Index] = CHAR_NULL; TempString[Index] = CHAR_NULL;
StrCat (TempString, KeyPad); StrCatS (TempString, MaxLen, KeyPad);
StrCat (TempString, StringPtr + CurrentCursor); StrCatS (TempString, MaxLen, StringPtr + CurrentCursor);
StrCpy (StringPtr, TempString); StrCpyS (StringPtr, MaxLen, TempString);
} else { } else {
StrCat (StringPtr, KeyPad); StrCatS (StringPtr, MaxLen, KeyPad);
} }
CurrentCursor++; CurrentCursor++;
} }
@ -1447,7 +1449,7 @@ GetSelectionInputPopUp (
CopyMem (TempStringPtr, StringPtr, (sizeof (CHAR16) * (PopUpWidth - 5))); CopyMem (TempStringPtr, StringPtr, (sizeof (CHAR16) * (PopUpWidth - 5)));
FreePool (StringPtr); FreePool (StringPtr);
StringPtr = TempStringPtr; StringPtr = TempStringPtr;
StrCat (StringPtr, L"..."); StrCatS (StringPtr, PopUpWidth - 1, L"...");
} }
if (Index == HighlightOptionIndex) { if (Index == HighlightOptionIndex) {

30
MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c
View File

@ -28,6 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
VOID VOID
NewStrCat ( NewStrCat (
IN OUT CHAR16 *Destination, IN OUT CHAR16 *Destination,
IN UINTN DestMax,
IN CHAR16 *Source IN CHAR16 *Source
) )
{ {
@ -45,7 +46,7 @@ NewStrCat (
Destination[Length] = NARROW_CHAR; Destination[Length] = NARROW_CHAR;
Length++; Length++;
StrCpy (Destination + Length, Source); StrCpyS (Destination + Length, DestMax - Length, Source);
} }
/** /**
@ -957,6 +958,7 @@ ProcessOptions (
UINT8 ValueType; UINT8 ValueType;
EFI_IFR_ORDERED_LIST *OrderList; EFI_IFR_ORDERED_LIST *OrderList;
BOOLEAN ValueInvalid; BOOLEAN ValueInvalid;
UINTN MaxLen;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
@ -999,7 +1001,8 @@ ProcessOptions (
// We now know how many strings we will have, so we can allocate the // We now know how many strings we will have, so we can allocate the
// space required for the array or strings. // space required for the array or strings.
// //
*OptionString = AllocateZeroPool (OrderList->MaxContainers * BufferSize); MaxLen = OrderList->MaxContainers * BufferSize / sizeof (CHAR16);
*OptionString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (*OptionString); ASSERT (*OptionString);
HiiValue.Type = ValueType; HiiValue.Type = ValueType;
@ -1057,14 +1060,14 @@ ProcessOptions (
} }
Character[0] = LEFT_ONEOF_DELIMITER; Character[0] = LEFT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle); StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle);
ASSERT (StringPtr != NULL); ASSERT (StringPtr != NULL);
NewStrCat (OptionString[0], StringPtr); NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER; Character[0] = RIGHT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
Character[0] = CHAR_CARRIAGE_RETURN; Character[0] = CHAR_CARRIAGE_RETURN;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr); FreePool (StringPtr);
} }
@ -1092,14 +1095,14 @@ ProcessOptions (
// Not report error, just get the correct option string info. // Not report error, just get the correct option string info.
// //
Character[0] = LEFT_ONEOF_DELIMITER; Character[0] = LEFT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle); StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle);
ASSERT (StringPtr != NULL); ASSERT (StringPtr != NULL);
NewStrCat (OptionString[0], StringPtr); NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER; Character[0] = RIGHT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
Character[0] = CHAR_CARRIAGE_RETURN; Character[0] = CHAR_CARRIAGE_RETURN;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr); FreePool (StringPtr);
continue; continue;
@ -1151,6 +1154,7 @@ ProcessOptions (
// //
Status = GetSelectionInputPopUp (MenuOption); Status = GetSelectionInputPopUp (MenuOption);
} else { } else {
MaxLen = BufferSize / sizeof(CHAR16);
*OptionString = AllocateZeroPool (BufferSize); *OptionString = AllocateZeroPool (BufferSize);
ASSERT (*OptionString); ASSERT (*OptionString);
@ -1204,12 +1208,12 @@ ProcessOptions (
} }
Character[0] = LEFT_ONEOF_DELIMITER; Character[0] = LEFT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle); StringPtr = GetToken (OneOfOption->OptionOpCode->Option, gFormData->HiiHandle);
ASSERT (StringPtr != NULL); ASSERT (StringPtr != NULL);
NewStrCat (OptionString[0], StringPtr); NewStrCat (OptionString[0], MaxLen, StringPtr);
Character[0] = RIGHT_ONEOF_DELIMITER; Character[0] = RIGHT_ONEOF_DELIMITER;
NewStrCat (OptionString[0], Character); NewStrCat (OptionString[0], MaxLen, Character);
FreePool (StringPtr); FreePool (StringPtr);
} }

10
MdeModulePkg/Universal/DriverSampleDxe/DriverSample.c
View File

@ -330,7 +330,7 @@ ValidatePassword (
// //
EncodedPassword = AllocateZeroPool (PasswordMaxSize); EncodedPassword = AllocateZeroPool (PasswordMaxSize);
ASSERT (EncodedPassword != NULL); ASSERT (EncodedPassword != NULL);
StrnCpy (EncodedPassword, Password, StrLen (Password)); StrnCpyS (EncodedPassword, PasswordMaxSize / sizeof (CHAR16), Password, StrLen (Password));
EncodePassword (EncodedPassword, StrLen (EncodedPassword) * sizeof (CHAR16)); EncodePassword (EncodedPassword, StrLen (EncodedPassword) * sizeof (CHAR16));
if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, PasswordMaxSize) != 0) { if (CompareMem (EncodedPassword, PrivateData->Configuration.WhatIsThePassword2, PasswordMaxSize) != 0) {
// //
@ -400,7 +400,7 @@ SetPassword (
FreePool (TempPassword); FreePool (TempPassword);
return EFI_NOT_READY; return EFI_NOT_READY;
} }
StrnCpy (Password, TempPassword, StrLen (TempPassword)); StrnCpyS (Password, PasswordSize / sizeof (CHAR16), TempPassword, StrLen (TempPassword));
FreePool (TempPassword); FreePool (TempPassword);
// //
@ -601,7 +601,7 @@ CreateAltCfgString (
TmpStr = StringPtr; TmpStr = StringPtr;
if (Result != NULL) { if (Result != NULL) {
StrCpy (StringPtr, Result); StrCpyS (StringPtr, NewLen / sizeof (CHAR16), Result);
StringPtr += StrLen (Result); StringPtr += StrLen (Result);
FreePool (Result); FreePool (Result);
} }
@ -908,7 +908,7 @@ ExtractConfig (
1 + sizeof (PrivateData->Configuration.NameValueVar2) * 2 + 1) * sizeof (CHAR16); 1 + sizeof (PrivateData->Configuration.NameValueVar2) * 2 + 1) * sizeof (CHAR16);
*Results = AllocateZeroPool (BufferSize); *Results = AllocateZeroPool (BufferSize);
ASSERT (*Results != NULL); ASSERT (*Results != NULL);
StrCpy (*Results, ConfigRequest); StrCpyS (*Results, BufferSize / sizeof (CHAR16), ConfigRequest);
Value = *Results; Value = *Results;
// //
@ -1184,7 +1184,7 @@ RouteConfig (
StrBuffer = (CHAR16 *) PrivateData->Configuration.NameValueVar2; StrBuffer = (CHAR16 *) PrivateData->Configuration.NameValueVar2;
ZeroMem (TemStr, sizeof (TemStr)); ZeroMem (TemStr, sizeof (TemStr));
while (Value < StrPtr) { while (Value < StrPtr) {
StrnCpy (TemStr, Value, 4); StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), Value, 4);
*(StrBuffer++) = (CHAR16) StrHexToUint64 (TemStr); *(StrBuffer++) = (CHAR16) StrHexToUint64 (TemStr);
Value += 4; Value += 4;
} }

56
MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
View File

@ -1670,6 +1670,7 @@ ConstructConfigHdr (
CHAR16 *Name; CHAR16 *Name;
CHAR8 *AsciiName; CHAR8 *AsciiName;
EFI_GUID *Guid; EFI_GUID *Guid;
UINTN MaxLen;
ASSERT (OpCodeData != NULL); ASSERT (OpCodeData != NULL);
@ -1733,7 +1734,8 @@ ConstructConfigHdr (
// GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null> // GUID=<HexCh>32&NAME=<Char>NameLength&PATH=<HexChar>DevicePathSize <Null>
// | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 | 1 | // | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 | 1 |
// //
String = AllocateZeroPool ((5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1) * sizeof (CHAR16)); MaxLen = 5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1;
String = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (String == NULL) { if (String == NULL) {
return NULL; return NULL;
} }
@ -1741,7 +1743,8 @@ ConstructConfigHdr (
// //
// Start with L"GUID=" // Start with L"GUID="
// //
ReturnString = StrCpy (String, L"GUID="); StrCpyS (String, MaxLen, L"GUID=");
ReturnString = String;
String += StrLen (String); String += StrLen (String);
if (Guid != NULL) { if (Guid != NULL) {
@ -1756,7 +1759,7 @@ ConstructConfigHdr (
// //
// Append L"&NAME=" // Append L"&NAME="
// //
StrCpy (String, L"&NAME="); StrCpyS (String, MaxLen, L"&NAME=");
String += StrLen (String); String += StrLen (String);
if (Name != NULL) { if (Name != NULL) {
@ -1771,7 +1774,7 @@ ConstructConfigHdr (
// //
// Append L"&PATH=" // Append L"&PATH="
// //
StrCpy (String, L"&PATH="); StrCpyS (String, MaxLen, L"&PATH=");
String += StrLen (String); String += StrLen (String);
// //
@ -1991,7 +1994,7 @@ ExtractConfigRequest (
UINT16 Width; UINT16 Width;
CHAR16 *ConfigHdr; CHAR16 *ConfigHdr;
CHAR16 *RequestElement; CHAR16 *RequestElement;
UINTN Length; UINTN MaxLen;
CHAR16 *StringPtr; CHAR16 *StringPtr;
ASSERT (DatabaseRecord != NULL && OpCodeData != NULL && ConfigRequest != NULL); ASSERT (DatabaseRecord != NULL && OpCodeData != NULL && ConfigRequest != NULL);
@ -2032,8 +2035,8 @@ ExtractConfigRequest (
ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle); ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle);
ASSERT (ConfigHdr != NULL); ASSERT (ConfigHdr != NULL);
Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1) * sizeof (CHAR16); MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1;
*ConfigRequest = AllocatePool (Length); *ConfigRequest = AllocatePool (MaxLen * sizeof (CHAR16));
if (*ConfigRequest == NULL) { if (*ConfigRequest == NULL) {
FreePool (ConfigHdr); FreePool (ConfigHdr);
FreePool (RequestElement); FreePool (RequestElement);
@ -2041,13 +2044,13 @@ ExtractConfigRequest (
} }
StringPtr = *ConfigRequest; StringPtr = *ConfigRequest;
StrCpy (StringPtr, ConfigHdr); StrCpyS (StringPtr, MaxLen, ConfigHdr);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
*StringPtr = L'&'; *StringPtr = L'&';
StringPtr++; StringPtr++;
StrCpy (StringPtr, RequestElement); StrCpyS (StringPtr, MaxLen, RequestElement);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
*StringPtr = L'\0'; *StringPtr = L'\0';
@ -2098,7 +2101,7 @@ ExtractConfigResp (
UINT16 Width; UINT16 Width;
CHAR16 *ConfigHdr; CHAR16 *ConfigHdr;
CHAR16 *RequestElement; CHAR16 *RequestElement;
UINTN Length; UINTN MaxLen;
CHAR16 *StringPtr; CHAR16 *StringPtr;
ASSERT ((DatabaseRecord != NULL) && (OpCodeData != NULL) && (ConfigResp != NULL) && (ValueElement != NULL)); ASSERT ((DatabaseRecord != NULL) && (OpCodeData != NULL) && (ConfigResp != NULL) && (ValueElement != NULL));
@ -2140,8 +2143,8 @@ ExtractConfigResp (
ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle); ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle);
ASSERT (ConfigHdr != NULL); ASSERT (ConfigHdr != NULL);
Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen (L"VALUE=") + StrLen(ValueElement) + 1) * sizeof (CHAR16); MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen (L"VALUE=") + StrLen(ValueElement) + 1;
*ConfigResp = AllocatePool (Length); *ConfigResp = AllocatePool (MaxLen * sizeof (CHAR16));
if (*ConfigResp == NULL) { if (*ConfigResp == NULL) {
FreePool (ConfigHdr); FreePool (ConfigHdr);
FreePool (RequestElement); FreePool (RequestElement);
@ -2149,22 +2152,22 @@ ExtractConfigResp (
} }
StringPtr = *ConfigResp; StringPtr = *ConfigResp;
StrCpy (StringPtr, ConfigHdr); StrCpyS (StringPtr, MaxLen, ConfigHdr);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
*StringPtr = L'&'; *StringPtr = L'&';
StringPtr++; StringPtr++;
StrCpy (StringPtr, RequestElement); StrCpyS (StringPtr, MaxLen, RequestElement);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
*StringPtr = L'&'; *StringPtr = L'&';
StringPtr++; StringPtr++;
StrCpy (StringPtr, L"VALUE="); StrCpyS (StringPtr, MaxLen, L"VALUE=");
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
StrCpy (StringPtr, ValueElement); StrCpyS (StringPtr, MaxLen, ValueElement);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
*StringPtr = L'\0'; *StringPtr = L'\0';
@ -2433,9 +2436,10 @@ GenerateKeywordResp (
} }
// //
// 2. Allocate the buffer and create the KeywordResp string. // 2. Allocate the buffer and create the KeywordResp string include '\0'.
// //
*KeywordResp = AllocatePool ((RespStrLen + 1) * sizeof (CHAR16)); RespStrLen += 1;
*KeywordResp = AllocatePool (RespStrLen * sizeof (CHAR16));
if (*KeywordResp == NULL) { if (*KeywordResp == NULL) {
if (UnicodeNameSpace != NULL) { if (UnicodeNameSpace != NULL) {
FreePool (UnicodeNameSpace); FreePool (UnicodeNameSpace);
@ -2448,36 +2452,36 @@ GenerateKeywordResp (
// //
// 2.1 Copy NameSpaceId section. // 2.1 Copy NameSpaceId section.
// //
StrCpy (RespStr, L"NAMESPACE="); StrCpyS (RespStr, RespStrLen, L"NAMESPACE=");
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
StrCpy (RespStr, UnicodeNameSpace); StrCpyS (RespStr, RespStrLen, UnicodeNameSpace);
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
// //
// 2.2 Copy PathHdr section. // 2.2 Copy PathHdr section.
// //
StrCpy (RespStr, PathHdr); StrCpyS (RespStr, RespStrLen, PathHdr);
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
// //
// 2.3 Copy Keyword section. // 2.3 Copy Keyword section.
// //
StrCpy (RespStr, L"KEYWORD="); StrCpyS (RespStr, RespStrLen, L"KEYWORD=");
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
StrCpy (RespStr, KeywordData); StrCpyS (RespStr, RespStrLen, KeywordData);
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
// //
// 2.4 Copy the Value section. // 2.4 Copy the Value section.
// //
StrCpy (RespStr, ValueStr); StrCpyS (RespStr, RespStrLen, ValueStr);
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
// //
// 2.5 Copy ReadOnly section if exist. // 2.5 Copy ReadOnly section if exist.
// //
if (ReadOnly) { if (ReadOnly) {
StrCpy (RespStr, L"&READONLY"); StrCpyS (RespStr, RespStrLen, L"&READONLY");
RespStr += StrLen (RespStr); RespStr += StrLen (RespStr);
} }
@ -2538,7 +2542,7 @@ MergeToMultiKeywordResp (
*StringPtr = L'&'; *StringPtr = L'&';
StringPtr++; StringPtr++;
StrCpy (StringPtr, *KeywordResp); StrCpyS (StringPtr, MultiKeywordRespLen / sizeof (CHAR16), *KeywordResp);
return EFI_SUCCESS; return EFI_SUCCESS;
} }

62
MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Implementation of interfaces function for EFI_HII_CONFIG_ROUTING_PROTOCOL. Implementation of interfaces function for EFI_HII_CONFIG_ROUTING_PROTOCOL.
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -252,8 +252,7 @@ GenerateSubStr (
Str = AllocateZeroPool (Length * sizeof (CHAR16)); Str = AllocateZeroPool (Length * sizeof (CHAR16));
ASSERT (Str != NULL); ASSERT (Str != NULL);
StrCpy (Str, String); StrCpyS (Str, Length, String);
Length = (BufferLen * 2 + 1) * sizeof (CHAR16);
StringHeader = Str + StrLen (String); StringHeader = Str + StrLen (String);
TemString = (CHAR16 *) StringHeader; TemString = (CHAR16 *) StringHeader;
@ -297,7 +296,7 @@ GenerateSubStr (
// //
// Convert the uppercase to lowercase since <HexAf> is defined in lowercase format. // Convert the uppercase to lowercase since <HexAf> is defined in lowercase format.
// //
StrCat (Str, L"&"); StrCatS (Str, Length, L"&");
HiiToLower (Str); HiiToLower (Str);
*SubStr = Str; *SubStr = Str;
@ -392,6 +391,7 @@ AppendToMultiString (
{ {
UINTN AppendStringSize; UINTN AppendStringSize;
UINTN MultiStringSize; UINTN MultiStringSize;
UINTN MaxLen;
if (MultiString == NULL || *MultiString == NULL || AppendString == NULL) { if (MultiString == NULL || *MultiString == NULL || AppendString == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -399,6 +399,7 @@ AppendToMultiString (
AppendStringSize = StrSize (AppendString); AppendStringSize = StrSize (AppendString);
MultiStringSize = StrSize (*MultiString); MultiStringSize = StrSize (*MultiString);
MaxLen = MAX_STRING_LENGTH / sizeof (CHAR16);
// //
// Enlarge the buffer each time when length exceeds MAX_STRING_LENGTH. // Enlarge the buffer each time when length exceeds MAX_STRING_LENGTH.
@ -410,12 +411,13 @@ AppendToMultiString (
MultiStringSize + AppendStringSize, MultiStringSize + AppendStringSize,
(VOID *) (*MultiString) (VOID *) (*MultiString)
); );
MaxLen = (MultiStringSize + AppendStringSize) / sizeof (CHAR16);
ASSERT (*MultiString != NULL); ASSERT (*MultiString != NULL);
} }
// //
// Append the incoming string // Append the incoming string
// //
StrCat (*MultiString, AppendString); StrCatS (*MultiString, MaxLen, AppendString);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -536,6 +538,8 @@ MergeDefaultString (
EFI_STRING AltConfigHdr; EFI_STRING AltConfigHdr;
UINTN HeaderLength; UINTN HeaderLength;
UINTN SizeAltCfgResp; UINTN SizeAltCfgResp;
UINTN MaxLen;
UINTN TotalSize;
if (*AltCfgResp == NULL) { if (*AltCfgResp == NULL) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -572,13 +576,14 @@ MergeDefaultString (
// Construct AltConfigHdr string "&<ConfigHdr>&ALTCFG=XXXX\0" // Construct AltConfigHdr string "&<ConfigHdr>&ALTCFG=XXXX\0"
// |1| StrLen (ConfigHdr) | 8 | 4 | 1 | // |1| StrLen (ConfigHdr) | 8 | 4 | 1 |
// //
AltConfigHdr = AllocateZeroPool ((1 + HeaderLength + 8 + 4 + 1) * sizeof (CHAR16)); MaxLen = 1 + HeaderLength + 8 + 4 + 1;
AltConfigHdr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
if (AltConfigHdr == NULL) { if (AltConfigHdr == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
StrCpy (AltConfigHdr, L"&"); StrCpyS (AltConfigHdr, MaxLen, L"&");
StrnCat (AltConfigHdr, *AltCfgResp, HeaderLength); StrnCatS (AltConfigHdr, MaxLen, *AltCfgResp, HeaderLength);
StrCat (AltConfigHdr, L"&ALTCFG="); StrCatS (AltConfigHdr, MaxLen, L"&ALTCFG=");
HeaderLength = StrLen (AltConfigHdr); HeaderLength = StrLen (AltConfigHdr);
StringPtrDefault = StrStr (DefaultAltCfgResp, AltConfigHdr); StringPtrDefault = StrStr (DefaultAltCfgResp, AltConfigHdr);
@ -586,7 +591,7 @@ MergeDefaultString (
// //
// Get AltCfg Name // Get AltCfg Name
// //
StrnCat (AltConfigHdr, StringPtrDefault + HeaderLength, 4); StrnCatS (AltConfigHdr, MaxLen, StringPtrDefault + HeaderLength, 4);
StringPtr = StrStr (*AltCfgResp, AltConfigHdr); StringPtr = StrStr (*AltCfgResp, AltConfigHdr);
// //
@ -595,34 +600,35 @@ MergeDefaultString (
if (StringPtr == NULL) { if (StringPtr == NULL) {
StringPtrEnd = StrStr (StringPtrDefault + 1, L"&GUID"); StringPtrEnd = StrStr (StringPtrDefault + 1, L"&GUID");
SizeAltCfgResp = StrSize (*AltCfgResp); SizeAltCfgResp = StrSize (*AltCfgResp);
TotalSize = SizeAltCfgResp + StrSize (StringPtrDefault);
if (StringPtrEnd == NULL) { if (StringPtrEnd == NULL) {
// //
// No more default string is found. // No more default string is found.
// //
*AltCfgResp = (EFI_STRING) ReallocatePool ( *AltCfgResp = (EFI_STRING) ReallocatePool (
SizeAltCfgResp, SizeAltCfgResp,
SizeAltCfgResp + StrSize (StringPtrDefault), TotalSize,
(VOID *) (*AltCfgResp) (VOID *) (*AltCfgResp)
); );
if (*AltCfgResp == NULL) { if (*AltCfgResp == NULL) {
FreePool (AltConfigHdr); FreePool (AltConfigHdr);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
StrCat (*AltCfgResp, StringPtrDefault); StrCatS (*AltCfgResp, TotalSize / sizeof (CHAR16), StringPtrDefault);
break; break;
} else { } else {
TempChar = *StringPtrEnd; TempChar = *StringPtrEnd;
*StringPtrEnd = L'\0'; *StringPtrEnd = L'\0';
*AltCfgResp = (EFI_STRING) ReallocatePool ( *AltCfgResp = (EFI_STRING) ReallocatePool (
SizeAltCfgResp, SizeAltCfgResp,
SizeAltCfgResp + StrSize (StringPtrDefault), TotalSize,
(VOID *) (*AltCfgResp) (VOID *) (*AltCfgResp)
); );
if (*AltCfgResp == NULL) { if (*AltCfgResp == NULL) {
FreePool (AltConfigHdr); FreePool (AltConfigHdr);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
StrCat (*AltCfgResp, StringPtrDefault); StrCatS (*AltCfgResp, TotalSize / sizeof (CHAR16), StringPtrDefault);
*StringPtrEnd = TempChar; *StringPtrEnd = TempChar;
} }
} }
@ -1188,8 +1194,8 @@ GetVarStoreType (
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
StrCpy (TempStr, GuidStr); StrCpyS (TempStr, LengthString, GuidStr);
StrCat (TempStr, NameStr); StrCatS (TempStr, LengthString, NameStr);
if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr)) == 0) { if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr)) == 0) {
*EfiVarStore = (EFI_IFR_VARSTORE_EFI *) AllocateZeroPool (IfrOpHdr->Length); *EfiVarStore = (EFI_IFR_VARSTORE_EFI *) AllocateZeroPool (IfrOpHdr->Length);
if (*EfiVarStore == NULL) { if (*EfiVarStore == NULL) {
@ -1304,8 +1310,8 @@ IsThisVarstore (
goto Done; goto Done;
} }
StrCpy (TempStr, GuidStr); StrCpyS (TempStr, LengthString, GuidStr);
StrCat (TempStr, NameStr); StrCatS (TempStr, LengthString, NameStr);
if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr)) == 0) { if (ConfigHdr == NULL || StrnCmp (ConfigHdr, TempStr, StrLen (TempStr)) == 0) {
RetVal = TRUE; RetVal = TRUE;
@ -2666,7 +2672,7 @@ GenerateConfigRequest (
// //
// Start with <ConfigHdr> // Start with <ConfigHdr>
// //
StrCpy (StringPtr, ConfigHdr); StrCpyS (StringPtr, Length, ConfigHdr);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
// //
@ -2765,12 +2771,12 @@ GenerateHdr (
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Done; goto Done;
} }
StrCpy (*ConfigHdr, GuidStr); StrCpyS (*ConfigHdr, Length, GuidStr);
StrCat (*ConfigHdr, NameStr); StrCatS (*ConfigHdr, Length, NameStr);
if (VarStorageData->Name == NULL) { if (VarStorageData->Name == NULL) {
StrCat (*ConfigHdr, L"&"); StrCatS (*ConfigHdr, Length, L"&");
} }
StrCat (*ConfigHdr, PathStr); StrCatS (*ConfigHdr, Length, PathStr);
// //
// Remove the last character L'&' // Remove the last character L'&'
@ -2934,7 +2940,7 @@ GenerateAltConfigResp (
// //
// Start with <ConfigHdr> // Start with <ConfigHdr>
// //
StrCpy (StringPtr, ConfigHdr); StrCpyS (StringPtr, Length, ConfigHdr);
StringPtr += StrLen (StringPtr); StringPtr += StrLen (StringPtr);
for (Link = DefaultIdArray->Entry.ForwardLink; Link != &DefaultIdArray->Entry; Link = Link->ForwardLink) { for (Link = DefaultIdArray->Entry.ForwardLink; Link != &DefaultIdArray->Entry; Link = Link->ForwardLink) {
@ -4612,8 +4618,8 @@ HiiBlockToConfig (
*(ConfigElement + (StringPtr - TmpPtr)) = L'&'; *(ConfigElement + (StringPtr - TmpPtr)) = L'&';
} }
*(ConfigElement + (StringPtr - TmpPtr) + 1) = 0; *(ConfigElement + (StringPtr - TmpPtr) + 1) = 0;
StrCat (ConfigElement, L"VALUE="); StrCatS (ConfigElement, Length, L"VALUE=");
StrCat (ConfigElement, ValueStr); StrCatS (ConfigElement, Length, ValueStr);
AppendToMultiString (Config, ConfigElement); AppendToMultiString (Config, ConfigElement);
@ -5130,8 +5136,8 @@ Exit:
if (*AltCfgResp == NULL) { if (*AltCfgResp == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
} else { } else {
StrnCpy (*AltCfgResp, HdrStart, HdrEnd - HdrStart); StrnCpyS (*AltCfgResp, Length, HdrStart, HdrEnd - HdrStart);
StrCat (*AltCfgResp, Result); StrCatS (*AltCfgResp, Length, Result);
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
} }
} }

6
MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Implementation for EFI_HII_DATABASE_PROTOCOL. Implementation for EFI_HII_DATABASE_PROTOCOL.
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -798,7 +798,7 @@ InsertStringPackage (
if (Language == NULL) { if (Language == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
AsciiStrCpy (Language, (CHAR8 *) PackageHdr + HeaderSize - LanguageSize); AsciiStrCpyS (Language, LanguageSize / sizeof (CHAR8), (CHAR8 *) PackageHdr + HeaderSize - LanguageSize);
for (Link = PackageList->StringPkgHdr.ForwardLink; Link != &PackageList->StringPkgHdr; Link = Link->ForwardLink) { for (Link = PackageList->StringPkgHdr.ForwardLink; Link != &PackageList->StringPkgHdr; Link = Link->ForwardLink) {
StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry, HII_STRING_PACKAGE_SIGNATURE); StringPackage = CR (Link, HII_STRING_PACKAGE_INSTANCE, StringEntry, HII_STRING_PACKAGE_SIGNATURE);
if (HiiCompareLanguage (Language, StringPackage->StringPkgHdr->Language)) { if (HiiCompareLanguage (Language, StringPackage->StringPkgHdr->Language)) {
@ -1182,7 +1182,7 @@ InsertFontPackage (
} }
FontInfo->FontStyle = FontPkgHdr->FontStyle; FontInfo->FontStyle = FontPkgHdr->FontStyle;
FontInfo->FontSize = FontPkgHdr->Cell.Height; FontInfo->FontSize = FontPkgHdr->Cell.Height;
StrCpy (FontInfo->FontName, FontPkgHdr->FontFamily); StrCpyS (FontInfo->FontName, sizeof (FontInfo->FontName) / sizeof (CHAR16), FontPkgHdr->FontFamily);
if (IsFontInfoExisted (Private, FontInfo, NULL, NULL, NULL)) { if (IsFontInfoExisted (Private, FontInfo, NULL, NULL, NULL)) {
Status = EFI_UNSUPPORTED; Status = EFI_UNSUPPORTED;

20
MdeModulePkg/Universal/HiiDatabaseDxe/Font.c
View File

@ -2,7 +2,7 @@
Implementation for EFI_HII_FONT_PROTOCOL. Implementation for EFI_HII_FONT_PROTOCOL.
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -933,16 +933,18 @@ SaveFontName (
) )
{ {
UINTN FontInfoLen; UINTN FontInfoLen;
UINTN NameSize;
ASSERT (FontName != NULL && FontInfo != NULL); ASSERT (FontName != NULL && FontInfo != NULL);
FontInfoLen = sizeof (EFI_FONT_INFO) - sizeof (CHAR16) + StrSize (FontName); NameSize = StrSize (FontName);
FontInfoLen = sizeof (EFI_FONT_INFO) - sizeof (CHAR16) + NameSize;
*FontInfo = (EFI_FONT_INFO *) AllocateZeroPool (FontInfoLen); *FontInfo = (EFI_FONT_INFO *) AllocateZeroPool (FontInfoLen);
if (*FontInfo == NULL) { if (*FontInfo == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
StrCpy ((*FontInfo)->FontName, FontName); StrCpyS ((*FontInfo)->FontName, NameSize / sizeof (CHAR16), FontName);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -971,6 +973,7 @@ GetSystemFont (
{ {
EFI_FONT_DISPLAY_INFO *Info; EFI_FONT_DISPLAY_INFO *Info;
UINTN InfoSize; UINTN InfoSize;
UINTN NameSize;
if (Private == NULL || Private->Signature != HII_DATABASE_PRIVATE_DATA_SIGNATURE) { if (Private == NULL || Private->Signature != HII_DATABASE_PRIVATE_DATA_SIGNATURE) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
@ -982,7 +985,8 @@ GetSystemFont (
// //
// The standard font always has the name "sysdefault". // The standard font always has the name "sysdefault".
// //
InfoSize = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + StrSize (L"sysdefault"); NameSize = StrSize (L"sysdefault");
InfoSize = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + NameSize;
Info = (EFI_FONT_DISPLAY_INFO *) AllocateZeroPool (InfoSize); Info = (EFI_FONT_DISPLAY_INFO *) AllocateZeroPool (InfoSize);
if (Info == NULL) { if (Info == NULL) {
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -993,7 +997,7 @@ GetSystemFont (
Info->FontInfoMask = EFI_FONT_INFO_SYS_FONT | EFI_FONT_INFO_SYS_SIZE | EFI_FONT_INFO_SYS_STYLE; Info->FontInfoMask = EFI_FONT_INFO_SYS_FONT | EFI_FONT_INFO_SYS_SIZE | EFI_FONT_INFO_SYS_STYLE;
Info->FontInfo.FontStyle = 0; Info->FontInfo.FontStyle = 0;
Info->FontInfo.FontSize = EFI_GLYPH_HEIGHT; Info->FontInfo.FontSize = EFI_GLYPH_HEIGHT;
StrCpy (Info->FontInfo.FontName, L"sysdefault"); StrCpyS (Info->FontInfo.FontName, NameSize / sizeof (CHAR16), L"sysdefault");
*FontInfo = Info; *FontInfo = Info;
if (FontInfoSize != NULL) { if (FontInfoSize != NULL) {
@ -2310,6 +2314,7 @@ HiiStringIdToImage (
EFI_STRING String; EFI_STRING String;
UINTN StringSize; UINTN StringSize;
UINTN FontLen; UINTN FontLen;
UINTN NameSize;
EFI_FONT_INFO *StringFontInfo; EFI_FONT_INFO *StringFontInfo;
EFI_FONT_DISPLAY_INFO *NewStringInfo; EFI_FONT_DISPLAY_INFO *NewStringInfo;
CHAR8 TempSupportedLanguages; CHAR8 TempSupportedLanguages;
@ -2432,7 +2437,8 @@ HiiStringIdToImage (
// StringFontInfo equals NULL means system default font attaches with the string block. // StringFontInfo equals NULL means system default font attaches with the string block.
// //
if (StringFontInfo != NULL && IsSystemFontInfo (Private, (EFI_FONT_DISPLAY_INFO *) StringInfo, NULL, NULL)) { if (StringFontInfo != NULL && IsSystemFontInfo (Private, (EFI_FONT_DISPLAY_INFO *) StringInfo, NULL, NULL)) {
FontLen = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + StrSize (StringFontInfo->FontName); NameSize = StrSize (StringFontInfo->FontName);
FontLen = sizeof (EFI_FONT_DISPLAY_INFO) - sizeof (CHAR16) + NameSize;
NewStringInfo = AllocateZeroPool (FontLen); NewStringInfo = AllocateZeroPool (FontLen);
if (NewStringInfo == NULL) { if (NewStringInfo == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
@ -2441,7 +2447,7 @@ HiiStringIdToImage (
NewStringInfo->FontInfoMask = EFI_FONT_INFO_SYS_FORE_COLOR | EFI_FONT_INFO_SYS_BACK_COLOR; NewStringInfo->FontInfoMask = EFI_FONT_INFO_SYS_FORE_COLOR | EFI_FONT_INFO_SYS_BACK_COLOR;
NewStringInfo->FontInfo.FontStyle = StringFontInfo->FontStyle; NewStringInfo->FontInfo.FontStyle = StringFontInfo->FontStyle;
NewStringInfo->FontInfo.FontSize = StringFontInfo->FontSize; NewStringInfo->FontInfo.FontSize = StringFontInfo->FontSize;
StrCpy (NewStringInfo->FontInfo.FontName, StringFontInfo->FontName); StrCpyS (NewStringInfo->FontInfo.FontName, NameSize / sizeof (CHAR16), StringFontInfo->FontName);
Status = HiiStringToImage ( Status = HiiStringToImage (
This, This,

10
MdeModulePkg/Universal/HiiDatabaseDxe/String.c
View File

@ -1333,7 +1333,7 @@ HiiNewString (
StringPackage->StringPkgHdr->StringInfoOffset = HeaderSize; StringPackage->StringPkgHdr->StringInfoOffset = HeaderSize;
CopyMem (StringPackage->StringPkgHdr->LanguageWindow, mLanguageWindow, 16 * sizeof (CHAR16)); CopyMem (StringPackage->StringPkgHdr->LanguageWindow, mLanguageWindow, 16 * sizeof (CHAR16));
StringPackage->StringPkgHdr->LanguageName = 1; StringPackage->StringPkgHdr->LanguageName = 1;
AsciiStrCpy (StringPackage->StringPkgHdr->Language, (CHAR8 *) Language); AsciiStrCpyS (StringPackage->StringPkgHdr->Language, sizeof(StringPackage->StringPkgHdr->Language) / sizeof (CHAR8), (CHAR8 *) Language);
// //
// Calculate the length of the string blocks, including string block to record // Calculate the length of the string blocks, including string block to record
@ -1842,7 +1842,7 @@ HiiGetLanguages (
} }
ResultSize += AsciiStrSize (StringPackage->StringPkgHdr->Language); ResultSize += AsciiStrSize (StringPackage->StringPkgHdr->Language);
if (ResultSize <= *LanguagesSize) { if (ResultSize <= *LanguagesSize) {
AsciiStrCpy (Languages, StringPackage->StringPkgHdr->Language); AsciiStrCpyS (Languages, *LanguagesSize / sizeof (CHAR8), StringPackage->StringPkgHdr->Language);
Languages += AsciiStrSize (StringPackage->StringPkgHdr->Language); Languages += AsciiStrSize (StringPackage->StringPkgHdr->Language);
*(Languages - 1) = L';'; *(Languages - 1) = L';';
} }
@ -1959,7 +1959,7 @@ HiiGetSecondaryLanguages (
ResultSize = AsciiStrSize (Languages); ResultSize = AsciiStrSize (Languages);
if (ResultSize <= *SecondaryLanguagesSize) { if (ResultSize <= *SecondaryLanguagesSize) {
AsciiStrCpy (SecondaryLanguages, Languages); AsciiStrCpyS (SecondaryLanguages, *SecondaryLanguagesSize / sizeof (CHAR8), Languages);
} else { } else {
*SecondaryLanguagesSize = ResultSize; *SecondaryLanguagesSize = ResultSize;
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
@ -2024,13 +2024,13 @@ HiiCompareLanguage (
StrLen = AsciiStrSize (Language1); StrLen = AsciiStrSize (Language1);
Lan1 = AllocateZeroPool (StrLen); Lan1 = AllocateZeroPool (StrLen);
ASSERT (Lan1 != NULL); ASSERT (Lan1 != NULL);
AsciiStrCpy(Lan1, Language1); AsciiStrCpyS(Lan1, StrLen / sizeof (CHAR8), Language1);
AsciiHiiToLower (Lan1); AsciiHiiToLower (Lan1);
StrLen = AsciiStrSize (Language2); StrLen = AsciiStrSize (Language2);
Lan2 = AllocateZeroPool (StrLen); Lan2 = AllocateZeroPool (StrLen);
ASSERT (Lan2 != NULL); ASSERT (Lan2 != NULL);
AsciiStrCpy(Lan2, Language2); AsciiStrCpyS(Lan2, StrLen / sizeof (CHAR8), Language2);
AsciiHiiToLower (Lan2); AsciiHiiToLower (Lan2);
// //

8
MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
View File

@ -1324,6 +1324,7 @@ IfrCatenate (
UINT16 Length0; UINT16 Length0;
UINT16 Length1; UINT16 Length1;
UINT8 *TmpBuf; UINT8 *TmpBuf;
UINTN MaxLen;
// //
// String[0] - The second string // String[0] - The second string
@ -1363,10 +1364,11 @@ IfrCatenate (
if (Value[0].Type == EFI_IFR_TYPE_STRING) { if (Value[0].Type == EFI_IFR_TYPE_STRING) {
Size = StrSize (String[0]); Size = StrSize (String[0]);
StringPtr= AllocatePool (StrSize (String[1]) + Size); MaxLen = (StrSize (String[1]) + Size) / sizeof (CHAR16);
StringPtr= AllocatePool (MaxLen * sizeof (CHAR16));
ASSERT (StringPtr != NULL); ASSERT (StringPtr != NULL);
StrCpy (StringPtr, String[1]); StrCpyS (StringPtr, MaxLen, String[1]);
StrCat (StringPtr, String[0]); StrCatS (StringPtr, MaxLen, String[0]);
Result->Type = EFI_IFR_TYPE_STRING; Result->Type = EFI_IFR_TYPE_STRING;
Result->Value.string = NewString (StringPtr, FormSet->HiiHandle); Result->Value.string = NewString (StringPtr, FormSet->HiiHandle);

17
MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
View File

@ -688,6 +688,7 @@ InitializeRequestElement (
LIST_ENTRY *Link; LIST_ENTRY *Link;
BOOLEAN Find; BOOLEAN Find;
FORM_BROWSER_CONFIG_REQUEST *ConfigInfo; FORM_BROWSER_CONFIG_REQUEST *ConfigInfo;
UINTN MaxLen;
Storage = Question->Storage; Storage = Question->Storage;
if (Storage == NULL) { if (Storage == NULL) {
@ -732,6 +733,8 @@ InitializeRequestElement (
// //
FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId); FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);
ASSERT (FormsetStorage != NULL); ASSERT (FormsetStorage != NULL);
StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize (FormsetStorage->ConfigRequest) : sizeof (CHAR16);
MaxLen = StringSize / sizeof (CHAR16) + FormsetStorage->SpareStrLen;
// //
// Append <RequestElement> to <ConfigRequest> // Append <RequestElement> to <ConfigRequest>
@ -740,8 +743,8 @@ InitializeRequestElement (
// //
// Old String buffer is not sufficient for RequestElement, allocate a new one // Old String buffer is not sufficient for RequestElement, allocate a new one
// //
StringSize = (FormsetStorage->ConfigRequest != NULL) ? StrSize (FormsetStorage->ConfigRequest) : sizeof (CHAR16); MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16)); NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL); ASSERT (NewStr != NULL);
if (FormsetStorage->ConfigRequest != NULL) { if (FormsetStorage->ConfigRequest != NULL) {
CopyMem (NewStr, FormsetStorage->ConfigRequest, StringSize); CopyMem (NewStr, FormsetStorage->ConfigRequest, StringSize);
@ -751,7 +754,7 @@ InitializeRequestElement (
FormsetStorage->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL; FormsetStorage->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
} }
StrCat (FormsetStorage->ConfigRequest, RequestElement); StrCatS (FormsetStorage->ConfigRequest, MaxLen, RequestElement);
FormsetStorage->ElementCount++; FormsetStorage->ElementCount++;
FormsetStorage->SpareStrLen -= StrLen; FormsetStorage->SpareStrLen -= StrLen;
@ -782,6 +785,8 @@ InitializeRequestElement (
ConfigInfo->Storage = FormsetStorage->BrowserStorage; ConfigInfo->Storage = FormsetStorage->BrowserStorage;
InsertTailList(&Form->ConfigRequestHead, &ConfigInfo->Link); InsertTailList(&Form->ConfigRequestHead, &ConfigInfo->Link);
} }
StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize (ConfigInfo->ConfigRequest) : sizeof (CHAR16);
MaxLen = StringSize / sizeof (CHAR16) + ConfigInfo->SpareStrLen;
// //
// Append <RequestElement> to <ConfigRequest> // Append <RequestElement> to <ConfigRequest>
@ -790,8 +795,8 @@ InitializeRequestElement (
// //
// Old String buffer is not sufficient for RequestElement, allocate a new one // Old String buffer is not sufficient for RequestElement, allocate a new one
// //
StringSize = (ConfigInfo->ConfigRequest != NULL) ? StrSize (ConfigInfo->ConfigRequest) : sizeof (CHAR16); MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16)); NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL); ASSERT (NewStr != NULL);
if (ConfigInfo->ConfigRequest != NULL) { if (ConfigInfo->ConfigRequest != NULL) {
CopyMem (NewStr, ConfigInfo->ConfigRequest, StringSize); CopyMem (NewStr, ConfigInfo->ConfigRequest, StringSize);
@ -801,7 +806,7 @@ InitializeRequestElement (
ConfigInfo->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL; ConfigInfo->SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
} }
StrCat (ConfigInfo->ConfigRequest, RequestElement); StrCatS (ConfigInfo->ConfigRequest, MaxLen, RequestElement);
ConfigInfo->ElementCount++; ConfigInfo->ElementCount++;
ConfigInfo->SpareStrLen -= StrLen; ConfigInfo->SpareStrLen -= StrLen;
return EFI_SUCCESS; return EFI_SUCCESS;

60
MdeModulePkg/Universal/SetupBrowserDxe/Setup.c
View File

@ -635,6 +635,7 @@ ProcessStorage (
CHAR16 *StrPtr; CHAR16 *StrPtr;
UINTN BufferSize; UINTN BufferSize;
UINTN TmpSize; UINTN TmpSize;
UINTN MaxLen;
FORMSET_STORAGE *BrowserStorage; FORMSET_STORAGE *BrowserStorage;
if (RetrieveData) { if (RetrieveData) {
@ -660,7 +661,7 @@ ProcessStorage (
// Copy the data if the input buffer is bigger enough. // Copy the data if the input buffer is bigger enough.
// //
if (*ResultsDataSize >= BufferSize) { if (*ResultsDataSize >= BufferSize) {
StrCpy (*ResultsData, StrPtr); StrCpyS (*ResultsData, *ResultsDataSize / sizeof (CHAR16), StrPtr);
} }
*ResultsDataSize = BufferSize; *ResultsDataSize = BufferSize;
@ -673,12 +674,13 @@ ProcessStorage (
ASSERT (BrowserStorage != NULL); ASSERT (BrowserStorage != NULL);
TmpSize = StrLen (*ResultsData); TmpSize = StrLen (*ResultsData);
BufferSize = (TmpSize + StrLen (BrowserStorage->ConfigHdr) + 2) * sizeof (CHAR16); BufferSize = (TmpSize + StrLen (BrowserStorage->ConfigHdr) + 2) * sizeof (CHAR16);
MaxLen = BufferSize / sizeof (CHAR16);
ConfigResp = AllocateZeroPool (BufferSize); ConfigResp = AllocateZeroPool (BufferSize);
ASSERT (ConfigResp != NULL); ASSERT (ConfigResp != NULL);
StrCpy (ConfigResp, BrowserStorage->ConfigHdr); StrCpyS (ConfigResp, MaxLen, BrowserStorage->ConfigHdr);
StrCat (ConfigResp, L"&"); StrCatS (ConfigResp, MaxLen, L"&");
StrCat (ConfigResp, *ResultsData); StrCatS (ConfigResp, MaxLen, *ResultsData);
// //
// Update Browser uncommited data // Update Browser uncommited data
@ -1079,19 +1081,19 @@ NewStringCat (
) )
{ {
CHAR16 *NewString; CHAR16 *NewString;
UINTN TmpSize; UINTN MaxLen;
if (*Dest == NULL) { if (*Dest == NULL) {
NewStringCpy (Dest, Src); NewStringCpy (Dest, Src);
return; return;
} }
TmpSize = StrSize (*Dest); MaxLen = ( StrSize (*Dest) + StrSize (Src) - 1) / sizeof (CHAR16);
NewString = AllocateZeroPool (TmpSize + StrSize (Src) - 1); NewString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewString != NULL); ASSERT (NewString != NULL);
StrCpy (NewString, *Dest); StrCpyS (NewString, MaxLen, *Dest);
StrCat (NewString, Src); StrCatS (NewString, MaxLen, Src);
FreePool (*Dest); FreePool (*Dest);
*Dest = NewString; *Dest = NewString;
@ -1441,7 +1443,7 @@ BufferToValue (
DstBuf = (CHAR16 *) Dst; DstBuf = (CHAR16 *) Dst;
ZeroMem (TemStr, sizeof (TemStr)); ZeroMem (TemStr, sizeof (TemStr));
for (Index = 0; Index < LengthStr; Index += 4) { for (Index = 0; Index < LengthStr; Index += 4) {
StrnCpy (TemStr, Value + Index, 4); StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), Value + Index, 4);
DstBuf[Index/4] = (CHAR16) StrHexToUint64 (TemStr); DstBuf[Index/4] = (CHAR16) StrHexToUint64 (TemStr);
} }
// //
@ -1505,6 +1507,7 @@ GetQuestionValue (
CHAR16 *Value; CHAR16 *Value;
UINTN Length; UINTN Length;
BOOLEAN IsBufferStorage; BOOLEAN IsBufferStorage;
UINTN MaxLen;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
Value = NULL; Value = NULL;
@ -1704,15 +1707,17 @@ GetQuestionValue (
Length = StrLen (FormsetStorage->ConfigHdr); Length = StrLen (FormsetStorage->ConfigHdr);
Length += StrLen (Question->VariableName) + 1; Length += StrLen (Question->VariableName) + 1;
} }
ConfigRequest = AllocateZeroPool ((Length + 1) * sizeof (CHAR16)); // Allocate buffer include '\0'
MaxLen = Length + 1;
ConfigRequest = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigRequest != NULL); ASSERT (ConfigRequest != NULL);
StrCpy (ConfigRequest, FormsetStorage->ConfigHdr); StrCpyS (ConfigRequest, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) { if (IsBufferStorage) {
StrCat (ConfigRequest, Question->BlockName); StrCatS (ConfigRequest, MaxLen, Question->BlockName);
} else { } else {
StrCat (ConfigRequest, L"&"); StrCatS (ConfigRequest, MaxLen, L"&");
StrCat (ConfigRequest, Question->VariableName); StrCatS (ConfigRequest, MaxLen, Question->VariableName);
} }
// //
@ -1818,6 +1823,7 @@ SetQuestionValue (
CHAR16 *TemString; CHAR16 *TemString;
UINTN Index; UINTN Index;
NAME_VALUE_NODE *Node; NAME_VALUE_NODE *Node;
UINTN MaxLen;
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
Node = NULL; Node = NULL;
@ -2002,17 +2008,18 @@ SetQuestionValue (
} }
FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId); FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);
ASSERT (FormsetStorage != NULL); ASSERT (FormsetStorage != NULL);
ConfigResp = AllocateZeroPool ((StrLen (FormsetStorage->ConfigHdr) + Length + 1) * sizeof (CHAR16)); MaxLen = StrLen (FormsetStorage->ConfigHdr) + Length + 1;
ConfigResp = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigResp != NULL); ASSERT (ConfigResp != NULL);
StrCpy (ConfigResp, FormsetStorage->ConfigHdr); StrCpyS (ConfigResp, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) { if (IsBufferStorage) {
StrCat (ConfigResp, Question->BlockName); StrCatS (ConfigResp, MaxLen, Question->BlockName);
StrCat (ConfigResp, L"&VALUE="); StrCatS (ConfigResp, MaxLen, L"&VALUE=");
} else { } else {
StrCat (ConfigResp, L"&"); StrCatS (ConfigResp, MaxLen, L"&");
StrCat (ConfigResp, Question->VariableName); StrCatS (ConfigResp, MaxLen, Question->VariableName);
StrCat (ConfigResp, L"="); StrCatS (ConfigResp, MaxLen, L"=");
} }
Value = ConfigResp + StrLen (ConfigResp); Value = ConfigResp + StrLen (ConfigResp);
@ -4887,8 +4894,11 @@ AppendConfigRequest (
CHAR16 *NewStr; CHAR16 *NewStr;
UINTN StringSize; UINTN StringSize;
UINTN StrLength; UINTN StrLength;
UINTN MaxLen;
StrLength = StrLen (RequestElement); StrLength = StrLen (RequestElement);
StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof (CHAR16);
MaxLen = StringSize / sizeof (CHAR16) + *SpareStrLen;
// //
// Append <RequestElement> to <ConfigRequest> // Append <RequestElement> to <ConfigRequest>
@ -4897,8 +4907,8 @@ AppendConfigRequest (
// //
// Old String buffer is not sufficient for RequestElement, allocate a new one // Old String buffer is not sufficient for RequestElement, allocate a new one
// //
StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof (CHAR16); MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16)); NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL); ASSERT (NewStr != NULL);
if (*ConfigRequest != NULL) { if (*ConfigRequest != NULL) {
@ -4909,7 +4919,7 @@ AppendConfigRequest (
*SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL; *SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
} }
StrCat (*ConfigRequest, RequestElement); StrCatS (*ConfigRequest, MaxLen, RequestElement);
*SpareStrLen -= StrLength; *SpareStrLen -= StrLength;
} }