diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2020-11-19 11:53:39 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-11-21 01:40:53 +0000 |
| commit | b9bdfc72853fe97bd24401f8873ca61524dd2dc6 (patch) | |
| tree | 93c8a090ae957e227f2aeb6a736e44a78596f2be /SecurityPkg/Include | |
| parent | 6c8dd15c4ae42501438a525ec41299f365f223cb (diff) | |
| download | edk2-b9bdfc72853fe97bd24401f8873ca61524dd2dc6.tar.gz edk2-b9bdfc72853fe97bd24401f8873ca61524dd2dc6.tar.bz2 edk2-b9bdfc72853fe97bd24401f8873ca61524dd2dc6.zip | |
MdeModulePkg/Core/Dxe: assert SectionInstance invariant in FindChildNode()
FindChildNode() has two callers: GetSection(), and FindChildNode() itself.
- At the GetSection() call site, a positive (i.e., nonzero)
SectionInstance is passed. This is because GetSection() takes a
zero-based (UINTN) SectionInstance, and then passes
Instance=(SectionInstance+1) to FindChildNode().
- For reaching the recursive FindChildNode() call site, a section type
mismatch, or a section instance mismatch, is necessary. This means,
respectively, that SectionInstance will either not have been decreased,
or not to zero anyway, at the recursive FindChildNode() call site.
Add two ASSERT()s to FindChildNode(), for expressing the (SectionSize>0)
invariant.
In turn, the invariant provides the explanation why, after the recursive
call, a zero SectionInstance implies success. Capture it in a comment.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201119105340.16225-2-lersek@redhat.com>
Diffstat (limited to 'SecurityPkg/Include')
0 files changed, 0 insertions, 0 deletions