Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Christian Ehrhardt <ehrhardt@genua.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Tested-by: Christian Ehrhardt <ehrhardt@genua.de>
The Graphics Output Protocol's mode information specifies the
PixelsPerScanLine property. Most of the time this is identical to
HorizontalResolution. However, due to alignment requirements etc. it
may be slightly larger. I.e. each scan line will have some "pixels"
that are not visible on the screen but consume space in the frame
buffer.
If the graphics output protocol correctly initializes
HorizontalResolution to 1366 and PixelsPerScanLine to 1376. As a
result the graphics output is broken.
If setting HorizontalResolution to 1376 instead, the output is fine
(except for 10 invisible pixels on the right of the screen).
The patch fixes this bug by using PixelsPerScanLine when calculating
the line width.
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Christian Ehrhardt <ehrhardt@genua.de>
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Christian Ehrhardt <ehrhardt@genua.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Tested-by: Christian Ehrhardt <ehrhardt@genua.de>
* In DxeIpIo, there are several places use ASSERT() to check input
parameters without and descriptions or error handling. This patch
fixed this issue.
* Fixed some incorrect descriptions in code commence.
* Remove unneeded Exit tag in function IpIoOpen and IpIoConfigIp.
* Add EFIAPI tag for function IpIoRefreshNeighbor.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* When the packet is not normal packet or icmp error packet, the code
does not recycle it by signal RecycleSignal event, and this will
result some memory leak. This patch is to fix this issue.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Today's implementation prints nothing when the format string cannot
fit in the report status extended data buffer.
It confuses user.
The patch changes to print partial message by truncating the format
string when it's too long.
The missing enhancement is the extended data buffer only reserves 96
bytes for the var-args. When the format string is not very long but
contains 13 %lx or %p, the var-args buffer is too small. Today's
implementation prints nothing for this case.
This patch doesn't change such behavior.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
* The library API use array elements without any index range check, this
patch is to fix this issue to avoid null pointer reference.
V2
* Added an ASSERT check for the case PrefixLength equals to IP6_PREFIX_MAX.
* Synced some code descriptions to head file.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
In some case the ArrayIndex with UINT16 may be not large enough to
hold the multiplication result of HiiQuestion->VarOffset * 8;
So this patch update the data type to fix this potential issue.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
* Added some ASSERT descriptions for library APIs.
* Added "Optional" option for Context parameter in UdpIoCancelDgrams().
* Added function return status check for UdpIoFreeIo().
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* In old implementation, the operation len-- assumes AsciiSPrint()
has counted NULL terminator, and it's not correct. This patch is
to fix this issue.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* Library API should check the input parameters before use, or
ASSERT to tell it has to meet some requirements. But in DxeNetLib,
not all functions follows this rule.
* ASSERT shouldn't be used as error handling, add some handling code
for errors.
* Add some ASSERT commence in function notes.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
The NIC_ITEM_CONFIG_SIZE macro in DxeNetLib is defined as:
sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) *
MAX_IP4_CONFIG_IN_VARIABLE. This macro should be surrounded
with parenthesis to avoid being incorrectly used.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This is caused by a previous patch which tried to fix string over-read.
It's found that that patch for PrintLib in MdePkg will cause premature
terminating of loop used to traversing format string and cause incomplete
string output. Because this library uses similar code to do the same
job, it has the same issue too. So the fix is also the same.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
According to UEFI/PI spec, the AllocateXXXPool() interfaces should
return eight-byte aligned buffer that satisfies the required
HEADER_ALIGNMENT which is 4.
This patch adds ASSERT to make sure the bin at required alignment,
that can help catch the issue earlier about incorrect aligned buffer
returned from AllocateXXXPool().
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
According to UEFI/PI spec, the AllocateXXXPool() interfaces should
return eight-byte aligned buffer that satisfies the required
HEADER_ALIGNMENT which is 4.
This patch adds ASSERT to make sure the bin at required alignment,
that can help catch the issue earlier about incorrect aligned buffer
returned from AllocateXXXPool().
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Due to a potential hole in the stop condition of loop, the two continuous
access to ArgumentString (index, index+1) inside the loop might cause the
string ending character ('\0') and the byte after it to be read.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
v2:
* Fix GCC the build error.
This patch is to add the boundary condition check to make sure
the accessed buffer is valid.
Cc: Gary Lin <glin@suse.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Tested-by: Gary Lin <glin@suse.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
This patch updates the constructor of DpcLib to return error if failed to
locate DPC protocol.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch updates the DxeIpIoLib to check the input parameters before using.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This patch updates some API descriptions in DxeIpIoLib to match the real
implementation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
In DxeIpIo, there are several places not check the returned value of called functions.
This patch is to add the error handling to these functions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This patch updates the DxeIpIoLib to return EFI_INVALID_PARAMETER instead of
ASSERT if the input pointers are not correct.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This patch updates TcpIoConnect() and TcpIoAccept() that the Tcp.Cancel()
should be invoked to cancel the corresponding request when timeout occurs.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
For TcpIoConnect() and TcpIoAccept(), this patch adds the check for Timeout event
before calling CheckEvent() service so as to avoid the unnecessary function call.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This patch add implementation of new API InitializeCpuExceptionHandlersEx
introduced into CpuExceptionHandlerLib on behalf of Stack Guard feature.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Reviewed-by: Jiewen.yao@intel.com
AIP may not support detecting network media state, in this case,
should call NetLibDetectMedia to get media state. This patch is to
fix this issue.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
In wireless connection, connecting state needs to be cared more
about. ECR 1772 redefined the state EFI_NOT_READY to represent
connecting state and can be retrieved from Aip protocol. This
patch adds a new API to check media state at a specified time
interval when network is connecting until the connection process
finishes or timeout.
V2:
* Return error status code directly when Aip protocol falied to detect
media rather than wait for another time's check.
* Set media state default value to EFI_SUCCESS since some platforms may
not support retrieving media state from Aip protocol.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
DXE performance gauge record access functions might be reentered since
we are supporting something like USB hot-plug, which is a timer event
where gBS->ConnectController might be called and then PERF will be
called in CoreConnectSingleController.
When StartGaugeEx is being reentered, not only the gauge record might
be overwritten, more serious situation will be caused if gauge data
buffer reallocation procedure is interrupted, between line 180 and 187
in DxeCorePerformanceLib.c specifically. There, mMaxGaugeRecords will
be doubled twice (denoted as 4X), but mGaugeData only points to a
buffer of size 2X, which will probably cause the following 2X memory
to be overflowed when gauge records are increased.
So we add EFI lock with TPL_NOTIFY in StartGaugeEx/EndGaugeEx/GetGaugeEx
to avoid memory overflow and gauge data corruption.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
EfiBootManagerStartHotkeyService() asserts when "BootOptionSupport"
variable doesn't exist.
In fact, though "BootOptionSupport" variable is set in BdsDxe
module, it's possible that the variable is deleted by
PlatformBootManagerBeforeConsole().
The patch removes the assertion and adds code to handle the case.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
V2:
Fix MSFT C4255 warning
V1:
Enable MSFT C4255 warning.
From MSDN:
Compiler Warning (level 4) C4255
function' : no function prototype given: converting '()' to '(void)'
The compiler did not find an explicit list of arguments to a function.
This warning is for the C compiler only.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Bell Song <binx.song@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
V2 update: Directly use NetIp4IsUnicast() to check station address in IP driver.
This patch is to follow RFC3021 which allows to use 31-bit mask
in point-to-point link.
If a 31-bit subnet mask is assigned to a point-to-point link, it
leaves the <Host-number> with only 1 bit. Consequently, only two
possible addresses may result:
{<Network-number>, 0} and {<Network-number>, -1}
These addresses have historically been associated with network and
broadcast addresses (see Section 2.2). In a point-to-point link with
a 31-bit subnet mask, the two addresses above MUST be interpreted as
host addresses.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
AllocateCopyPool(AllocationSize, *Buffer) will copy "AllocationSize" bytes of
memory from old "Buffer" to new allocated one. If "AllocationSize" is bigger
than size of "Buffer", heap memory overflow occurs during copy.
One solution is to allocate pool first then copy the necessary bytes to new
memory. Another is using ReallocatePool instead if old buffer will be freed
on spot.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
V3:
(1) Reset QuestionStoredInBitField to FALSE at end opcode(EFI_IFR_END_OP)
(2) Fix typo and format issues(line alignment for debug print message
and value assignment...)
V2:
(1)Remove the VarOffsetBitLevel/StorageWidthBitLevel to reduce the final
VarCheckBinSize and update the implementation accordingly.
(2)Update the VAR_CHECK_HII_REVISION
(3)Refine the Debug message and function comments,like update oneof",
"checkbox", "numeric" to "OneOf", "CheckBox", "Numeric".
VarCheckHiiLib check the value set to storage based on the possible value
listed in the vfr file. Since we have enhanced vfr to support Question
value stored in bit field, so now enhance VarCheckHiiLib to support bit
field check.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
In patch 2, we will introduce DEBUG_INFO in VarCheckHiiLib,in order to keep
consistence, replace all EFI_D_INFO with DEBUG_INFO firstly in this pacth.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated.
1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this
attribute
2. No change to GetVariable/GetNextVariableName
Also update several function descriptors accordingly
Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Current implementation skips to check whether the last four
characters are digits when the OptionNumber is NULL.
Even worse, it may incorrectly return FALSE when OptionNumber is
NULL.
The patch fixes it to always check the variable name even
OptionNumber is NULL.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
BmCharToUint() could be called using external data and it
already contains logic to return -1 when data is invalid,
so removing unnecessary assertion to avoid system hang.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=698
Within function NetRandomInitSeed(), left shift a negative value is used
in:
"~Time.Hour << 24"
which involves undefined behavior.
Since Time.Hour is of type UINT8 (range from 0 to 23), hence ~Time.Hour
will be a negative value (of type int, signed).
According to the C11 spec, Section 6.5.7:
> 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
> bits are filled with zeros. If E1 has an unsigned type, the value
> of the result is E1 * 2^E2 , reduced modulo one more than the
> maximum value representable in the result type. If E1 has a signed
> type and nonnegative value, and E1 * 2^E2 is representable in the
> result type, then that is the resulting value; otherwise, the
> behavior is undefined.
This commit will remove the '~' operator before 'Time.Hour', since it
seems like an implementation choice for generating the seed.
Cc: Steven Shi <steven.shi@intel.com>
Cc: Qin Long <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=702
Within function InternalPrintLibSPrintMarker(), possible left shift of a
negative value is found in:
"(*(ArgumentString + 1) << 8)"
which involves undefined behavior.
Since '*(ArgumentString + 1)' is of type CONST CHAR8 (signed), it will be
promoted to type int (signed) during the left shift operation. If
'*(ArgumentString + 1)' is a negative value, the behavior will be
undefined.
According to the C11 spec, Section 6.5.7:
> 4 The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
> bits are filled with zeros. If E1 has an unsigned type, the value
> of the result is E1 * 2^E2 , reduced modulo one more than the
> maximum value representable in the result type. If E1 has a signed
> type and nonnegative value, and E1 * 2^E2 is representable in the
> result type, then that is the resulting value; otherwise, the
> behavior is undefined.
This commit explicitly cast '*(ArgumentString + 1)' with UINT8 to resolve
this issue.
Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
In NetbufTrim() function, the NetBuf TotalSize should be checked with 0 before
making the trim operation, otherwise the function will fall into infinite loop.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=545
In UefiHiiLib, there are codes to validate the current setting of
questions, now update the logic to handle question with bit storage.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Ruiyu Ni
Wang Fan
Bi, Dandan
Wang, Jian J
Star Zeng
Jiaxin Wu
Fu Siyuan
Heyi Guo
Song, BinX
Zhang, Chao B
Liming Gao
Hao Wu