MdePkg: DebugLib: Check Signature in CR in Release Builds

The CR macro is used to access an enclosing structure from a
pointer within the structure. In DEBUG builds (i.e. when
MDEPKG_NDEBUG is not set and debug asserts are enabled), this
macro does signature validation checking to ensure that the
structure that has been found is the correct structure, based
on a signature passed in by the caller.

However, if MDEPKG_NDEBUG is set or debug asserts are disabled,
no signature validation is performed, meaning that CR may return
an invalid structure that the caller believes is valid and has had
signature validation on, causing undefined behavior (memory
corruption). We should where at all possible have defined behavior,
particularly in RELEASE builds, which are what typical platforms
will ship to consumers.

This patch updates CR to do the signature validation in all scenarios
to provide defined behavior from the macro. In the event of a
signature failure, CR will either 1) assert if !MDEPKG_NDEBUG and
debug asserts are enabled (existing behavior) or 2) return NULL to
indicate to the caller that signature validation failed.

There exist consumers today who already, erroneously, rely on this
behavior.

Another macro, BASE_CR, exists for callers who do not wish to perform
signature validation. Any code that wishes to avoid the signature
validation should move to this macro.

Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>

0 files changed, 0 insertions, 0 deletions