Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
On Fri, May 7, 2021 at 4:16 AM Vijay Kumar Banerjee wrote: > On Thu, May 6, 2021 at 10:57 AM Gedare Bloom wrote: > > > > ok, Vijay please push > > Pushed. Thanks. > Thanks for pushing. > > > > > On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu > wrote: > > > > > > This patch adds asserts to fix coverity defects > > > 1) CID 1474437 (Out-of-bounds access) > > > 2) CID 1474436 (Out-of-bounds access) > > > > > > From manual inspection, out of bounds access cannot occur due to > > > bounds checking but coverity fails to detect the checks. > > > We are adding asserts as a secondary check. > > > --- > > > bsps/shared/ofw/ofw.c | 12 +++- > > > 1 file changed, 11 insertions(+), 1 deletion(-) > > > > > > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c > > > index f4b8b63931..f7638b98ef 100644 > > > --- a/bsps/shared/ofw/ofw.c > > > +++ b/bsps/shared/ofw/ofw.c > > > @@ -42,6 +42,7 @@ > > > #include > > > #include > > > #include > > > +#include > > > > > > static void *fdtp = NULL; > > > > > > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( > > >const void *prop; > > >int offset; > > >int len; > > > + int copy_len; > > >uint32_t cpuid; > > > > > >offset = rtems_fdt_phandle_to_offset(node); > > > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( > > > return -1; > > >} > > > > > > - bcopy(prop, buf, MIN(len, bufsize)); > > > + copy_len = MIN(len, bufsize); > > > + _Assert(copy_len <= bufsize); > > > + memmove(buf, prop, copy_len); > > > > > >return len; > > > } > > > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( > > > range.child_bus = fdt32_to_cpu(ptr[j].child_bus); > > > range.size = fdt32_to_cpu(ptr[j].size); > > > > > > +/** > > > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid > > > + * address for buf[i]. If buf[i] points to any address larger > > > + * than this, it will be an out of bound access > > > + */ > > > +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1))); > > > if (buf[i].start >= range.child_bus && > > > buf[i].start < range.child_bus + range.size) { > > >offset = range.parent_bus - range.child_bus; > > > -- > > > 2.17.1 > > > > ___ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
On Thu, May 6, 2021 at 10:57 AM Gedare Bloom wrote: > > ok, Vijay please push Pushed. Thanks. > > On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu wrote: > > > > This patch adds asserts to fix coverity defects > > 1) CID 1474437 (Out-of-bounds access) > > 2) CID 1474436 (Out-of-bounds access) > > > > From manual inspection, out of bounds access cannot occur due to > > bounds checking but coverity fails to detect the checks. > > We are adding asserts as a secondary check. > > --- > > bsps/shared/ofw/ofw.c | 12 +++- > > 1 file changed, 11 insertions(+), 1 deletion(-) > > > > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c > > index f4b8b63931..f7638b98ef 100644 > > --- a/bsps/shared/ofw/ofw.c > > +++ b/bsps/shared/ofw/ofw.c > > @@ -42,6 +42,7 @@ > > #include > > #include > > #include > > +#include > > > > static void *fdtp = NULL; > > > > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( > >const void *prop; > >int offset; > >int len; > > + int copy_len; > >uint32_t cpuid; > > > >offset = rtems_fdt_phandle_to_offset(node); > > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( > > return -1; > >} > > > > - bcopy(prop, buf, MIN(len, bufsize)); > > + copy_len = MIN(len, bufsize); > > + _Assert(copy_len <= bufsize); > > + memmove(buf, prop, copy_len); > > > >return len; > > } > > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( > > range.child_bus = fdt32_to_cpu(ptr[j].child_bus); > > range.size = fdt32_to_cpu(ptr[j].size); > > > > +/** > > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid > > + * address for buf[i]. If buf[i] points to any address larger > > + * than this, it will be an out of bound access > > + */ > > +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1))); > > if (buf[i].start >= range.child_bus && > > buf[i].start < range.child_bus + range.size) { > >offset = range.parent_bus - range.child_bus; > > -- > > 2.17.1 > > ___ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
Re: [PATCH v3] bsps/shared/ofw: Fix coverity defects
ok, Vijay please push On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu wrote: > > This patch adds asserts to fix coverity defects > 1) CID 1474437 (Out-of-bounds access) > 2) CID 1474436 (Out-of-bounds access) > > From manual inspection, out of bounds access cannot occur due to > bounds checking but coverity fails to detect the checks. > We are adding asserts as a secondary check. > --- > bsps/shared/ofw/ofw.c | 12 +++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c > index f4b8b63931..f7638b98ef 100644 > --- a/bsps/shared/ofw/ofw.c > +++ b/bsps/shared/ofw/ofw.c > @@ -42,6 +42,7 @@ > #include > #include > #include > +#include > > static void *fdtp = NULL; > > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( >const void *prop; >int offset; >int len; > + int copy_len; >uint32_t cpuid; > >offset = rtems_fdt_phandle_to_offset(node); > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( > return -1; >} > > - bcopy(prop, buf, MIN(len, bufsize)); > + copy_len = MIN(len, bufsize); > + _Assert(copy_len <= bufsize); > + memmove(buf, prop, copy_len); > >return len; > } > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( > range.child_bus = fdt32_to_cpu(ptr[j].child_bus); > range.size = fdt32_to_cpu(ptr[j].size); > > +/** > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid > + * address for buf[i]. If buf[i] points to any address larger > + * than this, it will be an out of bound access > + */ > +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1))); > if (buf[i].start >= range.child_bus && > buf[i].start < range.child_bus + range.size) { >offset = range.parent_bus - range.child_bus; > -- > 2.17.1 > ___ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
[PATCH v3] bsps/shared/ofw: Fix coverity defects
This patch adds asserts to fix coverity defects 1) CID 1474437 (Out-of-bounds access) 2) CID 1474436 (Out-of-bounds access) >From manual inspection, out of bounds access cannot occur due to bounds checking but coverity fails to detect the checks. We are adding asserts as a secondary check. --- bsps/shared/ofw/ofw.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c index f4b8b63931..f7638b98ef 100644 --- a/bsps/shared/ofw/ofw.c +++ b/bsps/shared/ofw/ofw.c @@ -42,6 +42,7 @@ #include #include #include +#include static void *fdtp = NULL; @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( const void *prop; int offset; int len; + int copy_len; uint32_t cpuid; offset = rtems_fdt_phandle_to_offset(node); @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( return -1; } - bcopy(prop, buf, MIN(len, bufsize)); + copy_len = MIN(len, bufsize); + _Assert(copy_len <= bufsize); + memmove(buf, prop, copy_len); return len; } @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( range.child_bus = fdt32_to_cpu(ptr[j].child_bus); range.size = fdt32_to_cpu(ptr[j].size); +/** + * (buf + size - (sizeof(buf[0]) - 1) is the last valid + * address for buf[i]. If buf[i] points to any address larger + * than this, it will be an out of bound access + */ +_Assert([i] < (buf + size - (sizeof(buf[0]) - 1))); if (buf[i].start >= range.child_bus && buf[i].start < range.child_bus + range.size) { offset = range.parent_bus - range.child_bus; -- 2.17.1 ___ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel