MdeModulePkg/Core/Dxe: assert SectionInstance invariant in FindChildNode()

FindChildNode() has two callers: GetSection(), and FindChildNode() itself.

- At the GetSection() call site, a positive (i.e., nonzero)
  SectionInstance is passed. This is because GetSection() takes a
  zero-based (UINTN) SectionInstance, and then passes
  Instance=(SectionInstance+1) to FindChildNode().

- For reaching the recursive FindChildNode() call site, a section type
  mismatch, or a section instance mismatch, is necessary. This means,
  respectively, that SectionInstance will either not have been decreased,
  or not to zero anyway, at the recursive FindChildNode() call site.

Add two ASSERT()s to FindChildNode(), for expressing the (SectionSize>0)
invariant.

In turn, the invariant provides the explanation why, after the recursive
call, a zero SectionInstance implies success. Capture it in a comment.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201119105340.16225-2-lersek@redhat.com>

1 files changed, 17 insertions, 6 deletions

diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
index d678166db4..d7f7ef4274 100644
--- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
+++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
@@ -952,8 +952,8 @@ CreateChildNode (
                                  search.

   @param  SearchType             Indicates the type of section to search for.

   @param  SectionInstance        Indicates which instance of section to find.

-                                 This is an in/out parameter to deal with

-                                 recursions.

+                                 This is an in/out parameter and it is 1-based,

+                                 to deal with recursions.

   @param  SectionDefinitionGuid  Guid of section definition

   @param  FoundChild             Output indicating the child node that is found.

   @param  FoundStream            Output indicating which section stream the child

@@ -988,6 +988,8 @@ FindChildNode (
   EFI_STATUS                                    ErrorStatus;

   EFI_STATUS                                    Status;

 

+  ASSERT (*SectionInstance > 0);

+

   CurrentChildNode = NULL;

   ErrorStatus = EFI_NOT_FOUND;

 

@@ -1037,6 +1039,11 @@ FindChildNode (
       }

     }

 

+    //

+    // Type mismatch, or we haven't found the desired instance yet.

+    //

+    ASSERT (*SectionInstance > 0);

+

     if (CurrentChildNode->EncapsulatedStreamHandle != NULL_STREAM_HANDLE) {

       //

       // If the current node is an encapsulating node, recurse into it...

@@ -1050,16 +1057,20 @@ FindChildNode (
                 &RecursedFoundStream,

                 AuthenticationStatus

                 );

-      //

-      // If the status is not EFI_SUCCESS, just save the error code and continue

-      // to find the request child node in the rest stream.

-      //

       if (*SectionInstance == 0) {

+        //

+        // The recursive FindChildNode() call decreased (*SectionInstance) to

+        // zero.

+        //

         ASSERT_EFI_ERROR (Status);

         *FoundChild = RecursedChildNode;

         *FoundStream = RecursedFoundStream;

         return EFI_SUCCESS;

       } else {

+        //

+        // If the status is not EFI_SUCCESS, just save the error code and

+        // continue to find the request child node in the rest stream.

+        //

         ErrorStatus = Status;

       }

     } else if ((CurrentChildNode->Type == EFI_SECTION_GUID_DEFINED) && (SearchType != EFI_SECTION_GUID_DEFINED)) {