diff options
| author | Sean Brogan <sean.brogan@microsoft.com> | 2017-04-24 16:37:20 -0700 |
|---|---|---|
| committer | Kinney, Michael D <michael.d.kinney@intel.com> | 2018-01-25 09:42:20 -0800 |
| commit | d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de (patch) | |
| tree | c46f9e44097e63cf3dc2aa141ee98bbda599fc10 /MdePkg/Include/Ebc | |
| parent | 11cf02f6d0a56398023e01b0322fbd05a396b353 (diff) | |
| download | edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.tar.gz edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.tar.bz2 edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.zip | |
MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798
SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.
Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.
Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
underflow (in case of subtraction).
Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
be used. For example file sizes and array indices should always
be unsigned. Subtracting a larger positive signed number from a
smaller positive signed number with SafeInt32Sub() will succeed,
producing a negative number, that then must not be used as an
array index (but can occasionally be used as a pointer index.)
Similarly for adding a larger magnitude negative number to a
smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
if your integer operations overflowed, not if you are doing the
right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
unsigned index.
Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
https://github.com/Microsoft/MS_UEFI/commit/21ef3a321c907b40fa93797619c9f6c686dd92e0
https://github.com/Microsoft/MS_UEFI/commit/ca516b1a61315c2d823f453e12d2135098f53d61
https://github.com/Microsoft/MS_UEFI/commit/33bab4031a417d7d5a7d356c15a14c2e60302b2d
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'MdePkg/Include/Ebc')
| -rw-r--r-- | MdePkg/Include/Ebc/ProcessorBind.h | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/MdePkg/Include/Ebc/ProcessorBind.h b/MdePkg/Include/Ebc/ProcessorBind.h index da8b1a6d80..ed41648913 100644 --- a/MdePkg/Include/Ebc/ProcessorBind.h +++ b/MdePkg/Include/Ebc/ProcessorBind.h @@ -4,7 +4,7 @@ We currently only have one EBC compiler so there may be some Intel compiler
specific functions in this file.
-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@@ -91,23 +91,28 @@ typedef unsigned long UINTN; /// A value of native width with the highest bit set.
/// Scalable macro to set the most significant bit in a natural number.
///
-#define MAX_BIT (1ULL << (sizeof (INTN) * 8 - 1))
+#define MAX_BIT ((UINTN)((1ULL << (sizeof (INTN) * 8 - 1))))
///
/// A value of native width with the two highest bits set.
/// Scalable macro to set the most 2 significant bits in a natural number.
///
-#define MAX_2_BITS (3ULL << (sizeof (INTN) * 8 - 2))
+#define MAX_2_BITS ((UINTN)(3ULL << (sizeof (INTN) * 8 - 2)))
///
/// Maximum legal EBC address
///
-#define MAX_ADDRESS ((UINTN) ~0)
+#define MAX_ADDRESS ((UINTN)(~0ULL >> (64 - sizeof (INTN) * 8)))
///
/// Maximum legal EBC INTN and UINTN values.
///
-#define MAX_UINTN ((UINTN) ~0)
-#define MAX_INTN ((INTN)~MAX_BIT)
+#define MAX_UINTN ((UINTN)(~0ULL >> (64 - sizeof (INTN) * 8)))
+#define MAX_INTN ((INTN)(~0ULL >> (65 - sizeof (INTN) * 8)))
+
+///
+/// Minimum legal EBC INTN value.
+///
+#define MIN_INTN (((INTN)-MAX_INTN) - 1)
///
/// The stack alignment required for EBC
|