Commit Graph

8 Commits

Author SHA1 Message Date
Sean Brogan d7a09cb86a MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798

SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.

Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
  size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.

Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
  underflow (in case of subtraction).

Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
  be used. For example file sizes and array indices should always
  be unsigned. Subtracting a larger positive signed number from a
  smaller positive signed number with SafeInt32Sub() will succeed,
  producing a negative number, that then must not be used as an
  array index (but can occasionally be used as a pointer index.)
  Similarly for adding a larger magnitude negative number to a
  smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
  if your integer operations overflowed, not if you are doing the
  right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
  unsigned index.

Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
21ef3a321c
ca516b1a61
33bab4031a

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-01-25 09:42:20 -08:00
Leif Lindholm 5b8766bb92 MdePkg: Arm/AArch64 - filter #pragma pack() when __ASSEMBLER__
clang, when used as a preprocessor for dtc, does not discard #pragma
statements although -x assembler-with-cpp is specified. This causes dtc
to barf at a #pragma pack() statement that is already filtered out for
__GNUC__. So add a check to also filter this out if __ASSEMBLER__.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-12-07 11:31:50 +00:00
Ard Biesheuvel 08855193ca MdePkg/ProcessorBind: add defines for page allocation granularity
The UEFI spec differs between architectures in the minimum alignment
and granularity of page allocations that are visible to the OS as
EFI_MEMORY_RUNTIME regions.

So define macros that carry these values to the respective ProcessorBind.h
header files.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2017-03-06 11:27:00 +01:00
Thomas Huth 00b7cc0fe3 MdePkg: Fix some typing errors in the header files
Correct the typos in some header files of MdePkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-10-07 18:09:09 -07:00
Olivier Martin ba0a34f15f MdePkg/ProcessorBind.h: Add ARM and AArch64 GCC macros for Clang
When compiling with Clang, we still use GNU as for the assembler, so we still need to define the GCC_ASM* macros.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16282 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-31 14:05:09 +00:00
Jordan Justen 02eef55311 MdePkg Base.h: Always define ASM_PFX
Some compilers may define __USER_LABEL_PREFIX__ to determine the
prefix used with ASM_PFX. Otherwise, IA32 will use a single underscore
'_' character, and all other architectures will use an empty prefix.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16019 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-01 17:23:10 +00:00
Olivier Martin 2a79158c47 MdePkg/AArch64: Fixed some definitions in ProcessorBind.h
- Fixed INT8 declaration
- Introduced MAX_INTN/MAX_UINTN
- Force the MAX_* to be 'unsigned long long' numbers

Change-Id: I1ad818559d051df9a880aa8e4ac090e76fdb27e0
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14610 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-29 09:00:13 +00:00
Harry Liebel b4319afbda MdePkg: Added ARM Aarch64 architecture support
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Harry Liebel <Harry.Liebel@arm.com>
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14513 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-29 09:52:18 +00:00