Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
On Fri, May 7, 2021 at 4:16 AM Vijay Kumar Banerjee wrote:
> On Thu, May 6, 2021 at 10:57 AM Gedare Bloom wrote:
> >
> > ok, Vijay please push
>
> Pushed. Thanks.
>
Thanks for pushing.
>
> >
> > On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu
> wrote:
> > >
> > > This patch adds asserts to fix coverity defects
> > > 1) CID 1474437 (Out-of-bounds access)
> > > 2) CID 1474436 (Out-of-bounds access)
> > >
> > > From manual inspection, out of bounds access cannot occur due to
> > > bounds checking but coverity fails to detect the checks.
> > > We are adding asserts as a secondary check.
> > > ---
> > > bsps/shared/ofw/ofw.c | 12 +++-
> > > 1 file changed, 11 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
> > > index f4b8b63931..f7638b98ef 100644
> > > --- a/bsps/shared/ofw/ofw.c
> > > +++ b/bsps/shared/ofw/ofw.c
> > > @@ -42,6 +42,7 @@
> > > #include
> > > #include
> > > #include
> > > +#include
> > >
> > > static void *fdtp = NULL;
> > >
> > > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
> > >const void *prop;
> > >int offset;
> > >int len;
> > > + int copy_len;
> > >uint32_t cpuid;
> > >
> > >offset = rtems_fdt_phandle_to_offset(node);
> > > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
> > > return -1;
> > >}
> > >
> > > - bcopy(prop, buf, MIN(len, bufsize));
> > > + copy_len = MIN(len, bufsize);
> > > + _Assert(copy_len <= bufsize);
> > > + memmove(buf, prop, copy_len);
> > >
> > >return len;
> > > }
> > > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
> > > range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
> > > range.size = fdt32_to_cpu(ptr[j].size);
> > >
> > > +/**
> > > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid
> > > + * address for buf[i]. If buf[i] points to any address larger
> > > + * than this, it will be an out of bound access
> > > + */
> > > +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1)));
> > > if (buf[i].start >= range.child_bus &&
> > > buf[i].start < range.child_bus + range.size) {
> > >offset = range.parent_bus - range.child_bus;
> > > --
> > > 2.17.1
> > >
>
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
On Thu, May 6, 2021 at 10:57 AM Gedare Bloom wrote:
>
> ok, Vijay please push
Pushed. Thanks.
>
> On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu wrote:
> >
> > This patch adds asserts to fix coverity defects
> > 1) CID 1474437 (Out-of-bounds access)
> > 2) CID 1474436 (Out-of-bounds access)
> >
> > From manual inspection, out of bounds access cannot occur due to
> > bounds checking but coverity fails to detect the checks.
> > We are adding asserts as a secondary check.
> > ---
> > bsps/shared/ofw/ofw.c | 12 +++-
> > 1 file changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
> > index f4b8b63931..f7638b98ef 100644
> > --- a/bsps/shared/ofw/ofw.c
> > +++ b/bsps/shared/ofw/ofw.c
> > @@ -42,6 +42,7 @@
> > #include
> > #include
> > #include
> > +#include
> >
> > static void *fdtp = NULL;
> >
> > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
> >const void *prop;
> >int offset;
> >int len;
> > + int copy_len;
> >uint32_t cpuid;
> >
> >offset = rtems_fdt_phandle_to_offset(node);
> > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
> > return -1;
> >}
> >
> > - bcopy(prop, buf, MIN(len, bufsize));
> > + copy_len = MIN(len, bufsize);
> > + _Assert(copy_len <= bufsize);
> > + memmove(buf, prop, copy_len);
> >
> >return len;
> > }
> > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
> > range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
> > range.size = fdt32_to_cpu(ptr[j].size);
> >
> > +/**
> > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid
> > + * address for buf[i]. If buf[i] points to any address larger
> > + * than this, it will be an out of bound access
> > + */
> > +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1)));
> > if (buf[i].start >= range.child_bus &&
> > buf[i].start < range.child_bus + range.size) {
> >offset = range.parent_bus - range.child_bus;
> > --
> > 2.17.1
> >
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
ok, Vijay please push
On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu wrote:
>
> This patch adds asserts to fix coverity defects
> 1) CID 1474437 (Out-of-bounds access)
> 2) CID 1474436 (Out-of-bounds access)
>
> From manual inspection, out of bounds access cannot occur due to
> bounds checking but coverity fails to detect the checks.
> We are adding asserts as a secondary check.
> ---
> bsps/shared/ofw/ofw.c | 12 +++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
> index f4b8b63931..f7638b98ef 100644
> --- a/bsps/shared/ofw/ofw.c
> +++ b/bsps/shared/ofw/ofw.c
> @@ -42,6 +42,7 @@
> #include
> #include
> #include
> +#include
>
> static void *fdtp = NULL;
>
> @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
>const void *prop;
>int offset;
>int len;
> + int copy_len;
>uint32_t cpuid;
>
>offset = rtems_fdt_phandle_to_offset(node);
> @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
> return -1;
>}
>
> - bcopy(prop, buf, MIN(len, bufsize));
> + copy_len = MIN(len, bufsize);
> + _Assert(copy_len <= bufsize);
> + memmove(buf, prop, copy_len);
>
>return len;
> }
> @@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
> range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
> range.size = fdt32_to_cpu(ptr[j].size);
>
> +/**
> + * (buf + size - (sizeof(buf[0]) - 1) is the last valid
> + * address for buf[i]. If buf[i] points to any address larger
> + * than this, it will be an out of bound access
> + */
> +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1)));
> if (buf[i].start >= range.child_bus &&
> buf[i].start < range.child_bus + range.size) {
>offset = range.parent_bus - range.child_bus;
> --
> 2.17.1
>
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
[PATCH v3] bsps/shared/ofw: Fix coverity defects
This patch adds asserts to fix coverity defects
1) CID 1474437 (Out-of-bounds access)
2) CID 1474436 (Out-of-bounds access)
>From manual inspection, out of bounds access cannot occur due to
bounds checking but coverity fails to detect the checks.
We are adding asserts as a secondary check.
---
bsps/shared/ofw/ofw.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
index f4b8b63931..f7638b98ef 100644
--- a/bsps/shared/ofw/ofw.c
+++ b/bsps/shared/ofw/ofw.c
@@ -42,6 +42,7 @@
#include
#include
#include
+#include
static void *fdtp = NULL;
@@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
const void *prop;
int offset;
int len;
+ int copy_len;
uint32_t cpuid;
offset = rtems_fdt_phandle_to_offset(node);
@@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
return -1;
}
- bcopy(prop, buf, MIN(len, bufsize));
+ copy_len = MIN(len, bufsize);
+ _Assert(copy_len <= bufsize);
+ memmove(buf, prop, copy_len);
return len;
}
@@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
range.size = fdt32_to_cpu(ptr[j].size);
+/**
+ * (buf + size - (sizeof(buf[0]) - 1) is the last valid
+ * address for buf[i]. If buf[i] points to any address larger
+ * than this, it will be an out of bound access
+ */
+_Assert([i] < (buf + size - (sizeof(buf[0]) - 1)));
if (buf[i].start >= range.child_bus &&
buf[i].start < range.child_bus + range.size) {
offset = range.parent_bus - range.child_bus;
--
2.17.1
___
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
