This is an automated email from the ASF dual-hosted git repository. xiaoxiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git
The following commit(s) were added to refs/heads/master by this push: new ffab06c6c usrsock:fix stack-buffer-overflow issue when running basic_send test case ffab06c6c is described below commit ffab06c6c5f6b10f4617b6a07b32ffbb5939028e Author: liangchaozhong <liangchaozh...@xiaomi.com> AuthorDate: Fri Oct 21 10:12:04 2022 +0800 usrsock:fix stack-buffer-overflow issue when running basic_send test case The following error was reported when runing usrsocktest with KASAN check enabled. ==1348590==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xf20ec610 at pc 0x56ac61ba bp 0xf20ec278 sp 0xf20ec268 rootcause: hdrbuf's size is not large enough to store the data in usrsock's request. solution: double herbuf's size to make sure the space, used to store usrsock's request, is enough. Signed-off-by: liangchaozhong <liangchaozh...@xiaomi.com> --- examples/usrsocktest/usrsocktest_daemon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/examples/usrsocktest/usrsocktest_daemon.c b/examples/usrsocktest/usrsocktest_daemon.c index b91bc7122..b62985883 100644 --- a/examples/usrsocktest/usrsocktest_daemon.c +++ b/examples/usrsocktest/usrsocktest_daemon.c @@ -1579,7 +1579,7 @@ static int handle_usrsock_request(int fd, FAR struct daemon_priv_s *priv) }, }; - uint8_t hdrbuf[16]; + uint8_t hdrbuf[32]; FAR struct usrsock_request_common_s *common_hdr = (FAR void *)hdrbuf; ssize_t rlen; @@ -1601,7 +1601,8 @@ static int handle_usrsock_request(int fd, FAR struct daemon_priv_s *priv) return -EIO; } - assert(handlers[common_hdr->reqid].hdrlen < sizeof(hdrbuf)); + assert(handlers[common_hdr->reqid].hdrlen < + (sizeof(hdrbuf) - sizeof(*common_hdr))); rlen = read_req(fd, common_hdr, hdrbuf, handlers[common_hdr->reqid].hdrlen);