https://bugzilla.tianocore.org/show_bug.cgi?id=798
SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.
Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.
Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
underflow (in case of subtraction).
Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
be used. For example file sizes and array indices should always
be unsigned. Subtracting a larger positive signed number from a
smaller positive signed number with SafeInt32Sub() will succeed,
producing a negative number, that then must not be used as an
array index (but can occasionally be used as a pointer index.)
Similarly for adding a larger magnitude negative number to a
smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
if your integer operations overflowed, not if you are doing the
right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
unsigned index.
Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport21ef3a321cca516b1a6133bab4031a
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
update Base.h in MdePkg to check the _MSC_VER and define
GLOBAL_REMOVE_IF_UNREFERENCED to nothing for VS2013 and higher tool
chain tags.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Since the following patch needs to add API converting string
to IP address in BaseLib, define the IP address as base types
in Base.h.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=181
Add size check for 8-bit, 16-bit, and 32-bit enums
to make sure they follow the UEFI Specification 2.3.1
Data Types.
<Enumerated Type>
Element of a standard ANSI C enum type declaration.
Type INT32.or UINT32. ANSI C does not define the
size of sign of an enum so they should never be
used in structures. ANSI C integer promotion rules
make INT32 or UINT32 interchangeable when passed as
an argument to a function.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Several modules use ARRAY_SIZE() already; centralize the definition. (The
module-specific macro definitions are guarded by #ifndef directives at
this point.)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Cecil Sheng <cecil.sheng@hpe.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Daryl McDaniel <edk2-lists@mc2research.org>
Cc: David Wei <david.wei@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Jaben Carsey <jaben.carsey@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Tim He <tim.he@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Correct the typos in some header files of MdePkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
This is never set anymore, so unsetting it or testing whether it is unset
no longer makes any sense.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Both GCC and LLVM 3.8 64bits support new variable argument (VA)
intrinsics for Microsoft ABI, enable these new VA intrinsics for
GNUC family 64bits code build. These VA intrinsics are only
permitted use in 64bits code, so not use them in 32bits code build.
The original 32bits GNU VA intrinsics has the same calling convention
as MS, so we don't need change them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Steven Shi <steven.shi@intel.com>
[ardb: update CPP logic so that the change only applies to X64]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
GCC v4.4 does not implement __builtin_unreachable(), so avoid using
it when building with this version or earlier.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-By: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
The NORETURN attribute informs compilers and analyzers that the flagged
function cannot return. This may improve the quality of the optimizations.
The UNREACHABLE() macro informs compilers and analyzers that its position
cannot be reached, for example eliminating implicit returns.
It is recommended to be used together with the NORETURN attribute to prevent
warnings regarding the function flagged as 'noreturn' returning.
The ANALYZER-prefixed versions have the same effects, but exclude compilers.
They may be used to surpress warnings of static analyzers, such as possible
dereferencing of a NULL pointer when dereferencing it after having checked it
via ASSERT().
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Add the definition for the new return status code defined in UEFI 2.6.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Recent versions of the Intel C compiler define the _MSC_EXTENSIONS
constant. Base.h checks if this constant is defined to decide whether
or not to use a pragma intrinsic, which is unsupported by the latest
version of the Intel C compiler. Thus the check has been modified to
only pass in the case __INTEL_COMPILER is not defined.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
v2:
*Return the EFI_HTTP_ERROR in the “Status” field in token, instead of
in the status codes returned table of EFI_HTTP_PROTOCOL.Response() interface.
Add a new error status code EFI_HTTP_ERROR in corresponding with
the UEFI 2.6 spec
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Use pragma to disable warning 4200 for all VS* and DDK* tool chains to support
data structure declarations where the last field of the data structure is a
flexible array member.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: lhauch <larry.hauch@intel.com>
Tested-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17361 6f19259b-4bc3-4df7-8a09-765794883524
Some compilers may define __USER_LABEL_PREFIX__ to determine the
prefix used with ASM_PFX. Otherwise, IA32 will use a single underscore
'_' character, and all other architectures will use an empty prefix.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16019 6f19259b-4bc3-4df7-8a09-765794883524
2. Remove the #defines and add the extern declarations for gEfiDebugPortVariableGuid and gEfiDebugPortDevicePathGuid.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: michael.d.kinney@intel.com
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14465 6f19259b-4bc3-4df7-8a09-765794883524
Impaction:
There should be no impact unless code has been written that tests a constant or variable of type EFI_STATUS to be less than 0, or tested it against a negative value. This most likely have not been done.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9324 6f19259b-4bc3-4df7-8a09-765794883524
Add BASE_LIST type to Base.h
Add BAS_ARG() macro to Base.h
Add 4 functions to PrintLib.h that use BASE_LIST.
Change ReportStatsuCodeExtractDebugInfo() from ReportStatusCodeLib.h to take a BASE_LIST argument instead of a VA_LIST argument
Add the 4 new functions to BasePrintLib implementation that use BASE_LIST
Update BaseReportStatusCodeLib implementation of ReportStatsuCodeExtractDebugInfo() to use a BASE_LIST argument instead of a VA_LIST argument
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8404 6f19259b-4bc3-4df7-8a09-765794883524