diff options
| author | Sean Brogan <sean.brogan@microsoft.com> | 2017-04-24 16:37:20 -0700 |
|---|---|---|
| committer | Kinney, Michael D <michael.d.kinney@intel.com> | 2018-01-25 09:42:20 -0800 |
| commit | d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de (patch) | |
| tree | c46f9e44097e63cf3dc2aa141ee98bbda599fc10 /MdePkg/MdePkg.dec | |
| parent | 11cf02f6d0a56398023e01b0322fbd05a396b353 (diff) | |
| download | edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.tar.gz edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.tar.bz2 edk2-d7a09cb86a0416c099fa3a9e0fbe2c8f399b28de.zip | |
MdePkg/BaseSafeIntLib: Add SafeIntLib class and instance
https://bugzilla.tianocore.org/show_bug.cgi?id=798
SafeIntLib provides helper functions to prevent integer overflow
during type conversion, addition, subtraction, and multiplication.
Conversion Functions
====================
* Converting from a signed type to an unsigned type of the same
size, or vice-versa.
* Converting to a smaller type that could possibly overflow.
* Converting from a signed type to a larger unsigned type.
Unsigned Addition, Subtraction, Multiplication
===============================================
* Unsigned integer math functions protect from overflow and
underflow (in case of subtraction).
Signed Addition, Subtraction, Multiplication
============================================
* Strongly consider using unsigned numbers.
* Signed numbers are often used where unsigned numbers should
be used. For example file sizes and array indices should always
be unsigned. Subtracting a larger positive signed number from a
smaller positive signed number with SafeInt32Sub() will succeed,
producing a negative number, that then must not be used as an
array index (but can occasionally be used as a pointer index.)
Similarly for adding a larger magnitude negative number to a
smaller magnitude positive number.
* SafeIntLib does not protect you from such errors. It tells you
if your integer operations overflowed, not if you are doing the
right thing with your non-overflowed integers.
* Likewise you can overflow a buffer with a non-overflowed
unsigned index.
Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
https://github.com/Microsoft/MS_UEFI/commit/21ef3a321c907b40fa93797619c9f6c686dd92e0
https://github.com/Microsoft/MS_UEFI/commit/ca516b1a61315c2d823f453e12d2135098f53d61
https://github.com/Microsoft/MS_UEFI/commit/33bab4031a417d7d5a7d356c15a14c2e60302b2d
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'MdePkg/MdePkg.dec')
| -rw-r--r-- | MdePkg/MdePkg.dec | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 58992fa689..0e64f22f4a 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -241,6 +241,11 @@ ## @libraryclass provides EFI_FILE_HANDLE services
FileHandleLib|Include/Library/FileHandleLib.h
+ ## @libraryclass provides helper functions to prevent integer overflow during
+ # type conversion, addition, subtraction, and multiplication.
+ ##
+ SafeIntLib|Include/Library/SafeIntLib.h
+
[LibraryClasses.IA32, LibraryClasses.X64]
## @libraryclass Abstracts both S/W SMI generation and detection.
##
|