On 11/22/23 17:30, Gerd Hoffmann wrote: > Hi, > >> - in general, we should filter out surrogate code points, for any use. >> any UCS2 string from the guest that contains a surrogate code point >> should be considered invalid, and the request should be rejected based >> just on that. > > Something like this?
yes please (except I'd recommend s/outlaw/reject/ in the comment) Thanks laszlo > > edk2 seems to be inconsistent with strings, sometimes they are expected > to include a terminating '\0' char (most of the time), sometimes not > (in variable policies for example). > > gboolean uefi_str_is_valid(const uint16_t *str, size_t len, > gboolean must_be_null_terminated) > { > size_t pos = 0; > > for (;;) { > if (pos == len) { > if (must_be_null_terminated) { > return false; > } else { > return true; > } > } > switch (str[pos]) { > case 0: > /* end of string */ > return true; > ;; > case 0xd800 ... 0xdfff: > /* outlaw surrogates */ > return false; > default: > /* char is good, check next */ > break; > } > pos++; > } > } > > take care, > Gerd >