<div dir="auto">Thanks!</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 7 Nov 2022, 01:32 gaoliming via <a href="http://groups.io">groups.io</a>, <gaoliming=<a href="mailto:byosoft.com.cn@groups.io">byosoft.com.cn@groups.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="ZH-CN" link="blue" vlink="purple" style="word-wrap:break-word"><div class="m_-7791251494075673953WordSection1"><p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;font-family:等线">Create <a href="https://github.com/tianocore/edk2/pull/3604" target="_blank" rel="noreferrer">https://github.com/tianocore/edk2/pull/3604</a> to merge this patch.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;font-family:等线"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;font-family:等线">Thanks<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;font-family:等线">Liming<u></u><u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt"><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:等线">发件人<span lang="EN-US">:</span></span></b><span lang="EN-US" style="font-size:11.0pt;font-family:等线"> <a href="mailto:devel@edk2.groups.io" target="_blank" rel="noreferrer">devel@edk2.groups.io</a> <<a href="mailto:devel@edk2.groups.io" target="_blank" rel="noreferrer">devel@edk2.groups.io</a>> </span><b><span style="font-size:11.0pt;font-family:等线">代表 </span></b><span lang="EN-US" style="font-size:11.0pt;font-family:等线">Pedro Falcato<br></span><b><span style="font-size:11.0pt;font-family:等线">发送时间<span lang="EN-US">:</span></span></b><span lang="EN-US" style="font-size:11.0pt;font-family:等线"> 2022</span><span style="font-size:11.0pt;font-family:等线">年<span lang="EN-US">11</span>月<span lang="EN-US">5</span>日<span lang="EN-US"> 8:25<br></span><b>收件人<span lang="EN-US">:</span></b><span lang="EN-US"> <a href="mailto:devel@edk2.groups.io" target="_blank" rel="noreferrer">devel@edk2.groups.io</a>; <a href="mailto:gaoliming@byosoft.com.cn" target="_blank" rel="noreferrer">gaoliming@byosoft.com.cn</a><br></span><b>抄送<span lang="EN-US">:</span></b><span lang="EN-US"> Vitaly Cheptsov <<a href="mailto:vit9696@protonmail.com" target="_blank" rel="noreferrer">vit9696@protonmail.com</a>>; Marvin Häuser <<a href="mailto:mhaeuser@posteo.de" target="_blank" rel="noreferrer">mhaeuser@posteo.de</a>>; Michael D Kinney <<a href="mailto:michael.d.kinney@intel.com" target="_blank" rel="noreferrer">michael.d.kinney@intel.com</a>>; Zhiguang Liu <<a href="mailto:zhiguang.liu@intel.com" target="_blank" rel="noreferrer">zhiguang.liu@intel.com</a>>; Jiewen Yao <<a href="mailto:Jiewen.yao@intel.com" target="_blank" rel="noreferrer">Jiewen.yao@intel.com</a>><br></span><b>主题<span lang="EN-US">:</span></b><span lang="EN-US"> Re: [edk2-devel] </span>回复<span lang="EN-US">: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in SafeString<u></u><u></u></span></span></p></div></div><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><div><div><p class="MsoNormal"><span lang="EN-US">Hi Liming,<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">Thank you for the review. Can we please push this in time for the stable tag?<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">Thanks,<u></u><u></u></span></p></div><div><p class="MsoNormal"><span lang="EN-US">Pedro<u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><div><div><p class="MsoNormal"><span lang="EN-US">On Fri, Nov 4, 2022 at 1:22 AM gaoliming via <a href="http://groups.io" target="_blank" rel="noreferrer">groups.io</a> <gaoliming=<a href="mailto:byosoft.com.cn@groups.io" target="_blank" rel="noreferrer">byosoft.com.cn@groups.io</a>> wrote:<u></u><u></u></span></p></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US">Reviewed-by: Liming Gao <<a href="mailto:gaoliming@byosoft.com.cn" target="_blank" rel="noreferrer">gaoliming@byosoft.com.cn</a>><br><br>> -----</span>邮件原件<span lang="EN-US">-----<br>> </span>发件人<span lang="EN-US">: Pedro Falcato <<a href="mailto:pedro.falcato@gmail.com" target="_blank" rel="noreferrer">pedro.falcato@gmail.com</a>><br>> </span>发送时间<span lang="EN-US">: 2022</span>年<span lang="EN-US">11</span>月<span lang="EN-US">3</span>日<span lang="EN-US"> 9:12<br>> </span>收件人<span lang="EN-US">: <a href="mailto:devel@edk2.groups.io" target="_blank" rel="noreferrer">devel@edk2.groups.io</a><br>> </span>抄送<span lang="EN-US">: Pedro Falcato <<a href="mailto:pedro.falcato@gmail.com" target="_blank" rel="noreferrer">pedro.falcato@gmail.com</a>>; Vitaly Cheptsov<br>> <<a href="mailto:vit9696@protonmail.com" target="_blank" rel="noreferrer">vit9696@protonmail.com</a>>; Marvin Häuser <<a href="mailto:mhaeuser@posteo.de" target="_blank" rel="noreferrer">mhaeuser@posteo.de</a>>;<br>> Michael D Kinney <<a href="mailto:michael.d.kinney@intel.com" target="_blank" rel="noreferrer">michael.d.kinney@intel.com</a>>; Liming Gao<br>> <<a href="mailto:gaoliming@byosoft.com.cn" target="_blank" rel="noreferrer">gaoliming@byosoft.com.cn</a>>; Zhiguang Liu <<a href="mailto:zhiguang.liu@intel.com" target="_blank" rel="noreferrer">zhiguang.liu@intel.com</a>>; Jiewen<br>> Yao <<a href="mailto:Jiewen.yao@Intel.com" target="_blank" rel="noreferrer">Jiewen.yao@Intel.com</a>><br>> </span>主题<span lang="EN-US">: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in SafeString<br>> <br>> There was a OOB access in *StrHexTo* functions, when passed strings like<br>> "XDEADBEEF".<br>> <br>> OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe,<br>> which was able to catch these (mostly harmless) issues.<br>> <br>> Cc: Vitaly Cheptsov <<a href="mailto:vit9696@protonmail.com" target="_blank" rel="noreferrer">vit9696@protonmail.com</a>><br>> Cc: Marvin Häuser <<a href="mailto:mhaeuser@posteo.de" target="_blank" rel="noreferrer">mhaeuser@posteo.de</a>><br>> Cc: Michael D Kinney <<a href="mailto:michael.d.kinney@intel.com" target="_blank" rel="noreferrer">michael.d.kinney@intel.com</a>><br>> Cc: Liming Gao <<a href="mailto:gaoliming@byosoft.com.cn" target="_blank" rel="noreferrer">gaoliming@byosoft.com.cn</a>><br>> Cc: Zhiguang Liu <<a href="mailto:zhiguang.liu@intel.com" target="_blank" rel="noreferrer">zhiguang.liu@intel.com</a>><br>> Signed-off-by: Pedro Falcato <<a href="mailto:pedro.falcato@gmail.com" target="_blank" rel="noreferrer">pedro.falcato@gmail.com</a>><br>> Acked-by: Michael D Kinney <<a href="mailto:michael.d.kinney@intel.com" target="_blank" rel="noreferrer">michael.d.kinney@intel.com</a>><br>> Reviewed-by: Jiewen Yao <<a href="mailto:Jiewen.yao@Intel.com" target="_blank" rel="noreferrer">Jiewen.yao@Intel.com</a>><br>> ---<br>>  MdePkg/Library/BaseLib/SafeString.c | 25 +++++++++++++++++++++----<br>>  1 file changed, 21 insertions(+), 4 deletions(-)<br>> <br>> diff --git a/MdePkg/Library/BaseLib/SafeString.c<br>> b/MdePkg/Library/BaseLib/SafeString.c<br>> index f338a32a3a41..b75b33381732 100644<br>> --- a/MdePkg/Library/BaseLib/SafeString.c<br>> +++ b/MdePkg/Library/BaseLib/SafeString.c<br>> @@ -863,6 +863,9 @@ StrHexToUintnS (<br>>    OUT       UINTN   *Data<br>>    )<br>>  {<br>> +  BOOLEAN  FoundLeadingZero;<br>> +<br>> +  FoundLeadingZero = FALSE;<br>>    ASSERT (((UINTN)String & BIT0) == 0);<br>> <br>>    //<br>> @@ -892,12 +895,14 @@ StrHexToUintnS (<br>>    //<br>>    // Ignore leading Zeros after the spaces<br>>    //<br>> +<br>> +  FoundLeadingZero = *String == L'0';<br>>    while (*String == L'0') {<br>>      String++;<br>>    }<br>> <br>>    if (CharToUpper (*String) == L'X') {<br>> -    if (*(String - 1) != L'0') {<br>> +    if (!FoundLeadingZero) {<br>>        *Data = 0;<br>>        return RETURN_SUCCESS;<br>>      }<br>> @@ -992,6 +997,9 @@ StrHexToUint64S (<br>>    OUT       UINT64  *Data<br>>    )<br>>  {<br>> +  BOOLEAN  FoundLeadingZero;<br>> +<br>> +  FoundLeadingZero = FALSE;<br>>    ASSERT (((UINTN)String & BIT0) == 0);<br>> <br>>    //<br>> @@ -1021,12 +1029,13 @@ StrHexToUint64S (<br>>    //<br>>    // Ignore leading Zeros after the spaces<br>>    //<br>> +  FoundLeadingZero = *String == L'0';<br>>    while (*String == L'0') {<br>>      String++;<br>>    }<br>> <br>>    if (CharToUpper (*String) == L'X') {<br>> -    if (*(String - 1) != L'0') {<br>> +    if (!FoundLeadingZero) {<br>>        *Data = 0;<br>>        return RETURN_SUCCESS;<br>>      }<br>> @@ -2393,6 +2402,9 @@ AsciiStrHexToUintnS (<br>>    OUT       UINTN  *Data<br>>    )<br>>  {<br>> +  BOOLEAN  FoundLeadingZero;<br>> +<br>> +  FoundLeadingZero = FALSE;<br>>    //<br>>    // 1. Neither String nor Data shall be a null pointer.<br>>    //<br>> @@ -2420,12 +2432,13 @@ AsciiStrHexToUintnS (<br>>    //<br>>    // Ignore leading Zeros after the spaces<br>>    //<br>> +  FoundLeadingZero = *String == '0';<br>>    while (*String == '0') {<br>>      String++;<br>>    }<br>> <br>>    if (AsciiCharToUpper (*String) == 'X') {<br>> -    if (*(String - 1) != '0') {<br>> +    if (!FoundLeadingZero) {<br>>        *Data = 0;<br>>        return RETURN_SUCCESS;<br>>      }<br>> @@ -2517,6 +2530,9 @@ AsciiStrHexToUint64S (<br>>    OUT       UINT64  *Data<br>>    )<br>>  {<br>> +  BOOLEAN  FoundLeadingZero;<br>> +<br>> +  FoundLeadingZero = FALSE;<br>>    //<br>>    // 1. Neither String nor Data shall be a null pointer.<br>>    //<br>> @@ -2544,12 +2560,13 @@ AsciiStrHexToUint64S (<br>>    //<br>>    // Ignore leading Zeros after the spaces<br>>    //<br>> +  FoundLeadingZero = *String == '0';<br>>    while (*String == '0') {<br>>      String++;<br>>    }<br>> <br>>    if (AsciiCharToUpper (*String) == 'X') {<br>> -    if (*(String - 1) != '0') {<br>> +    if (!FoundLeadingZero) {<br>>        *Data = 0;<br>>        return RETURN_SUCCESS;<br>>      }<br>> --<br>> 2.38.1<br><br><br><br><br><br><br><br><u></u><u></u></span></p></blockquote></div><p class="MsoNormal"><span lang="EN-US"><br clear="all"><br>-- <u></u><u></u></span></p><div><div><p class="MsoNormal"><span lang="EN-US">Pedro Falcato<u></u><u></u></span></p></div></div><div><p class="MsoNormal"><u></u></p></div></div></div></div>


  

</p></p></blockquote></div>


 <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr>   Groups.io Links:<p>   You receive all messages sent to this group.    <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/96023">View/Reply Online (#96023)</a> |    |  <a target="_blank" href="https://groups.io/mt/94861914/1813853">Mute This Topic</a>  | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br>    <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |  <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>  [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>