[PATCH v2] bsps/shared/ofw: Fix coverity defects
Vijay Kumar Banerjee
vijay at rtems.org
Thu May 6 01:46:49 UTC 2021
Hi all,
On Wed, May 5, 2021 at 8:42 AM Gedare Bloom <gedare at rtems.org> wrote:
>
> alright looks good. Vijay or Christian please confirm and push if
> you're good with it too.
>
ofw01.exe breaks after this patch. This probably needs some more debugging.
If it helps, I'm pasting the error:
```
*** FATAL ***
fatal source: 9 (RTEMS_FATAL_SOURCE_EXCEPTION)
R0 = 0x8001e68c R8 = 0x8001e68c
R1 = 0x80104641 R9 = 0x8005b90c
R2 = 0x00000030 R10 = 0x80104640
R3 = 0x80104648 R11 = 0x00000002
R4 = 0x00000008 R12 = 0x8001e68b
R5 = 0x00002ebc SP = 0x801045b8
R6 = 0x80104640 LR = 0x8000d720
R7 = 0x80101e28 PC = 0x80011ba8
CPSR = 0x80000193 VEC = 0x00000004
RTEMS version: 6.0.0.cfabe5d6e9d8b428110732fffb7ff6ee8211de04
RTEMS tools: 10.3.1 20210409 (RTEMS 6, RSB
4e256fc4cb0d91a098d2f3d88c3d302fc0426d56, Newlib 436e475)
executing thread ID: 0x089010001
executing thread name: IDLE
U-Boot SPL 2018.09-00002-g0b54a51eee (Sep 10 2018 - 19:41:39 -0500)
Trying to boot from MMC2
Loading Environment from EXT4...
** Unable to use mmc 0:1 for loading the env **
```
Best regards,
Vijay
> On Wed, May 5, 2021 at 12:52 AM Niteesh G. S. <niteesh.gs at gmail.com> wrote:
> >
> >
> >
> > On Mon, May 3, 2021 at 11:23 PM Gedare Bloom <gedare at rtems.org> wrote:
> >>
> >> Hi Niteesh,
> >>
> >> This looks good to me. What/how did you test it?
> >
> > I tested it using the ofw01 test
> > https://git.rtems.org/rtems/tree/testsuites/libtests/ofw01/init.c
> > and read EEPROM using i2c.
> >
> >>
> >> Gedare
> >>
> >> On Sat, May 1, 2021 at 6:31 AM G S Niteesh Babu <niteesh.gs at gmail.com> wrote:
> >> >
> >> > This patch adds asserts to fix coverity defects
> >> > 1) CID 1474437 (Out-of-bounds access)
> >> > 2) CID 1474436 (Out-of-bounds access)
> >> >
> >> > From manual inspection, out of bounds access cannot occur due to
> >> > bounds checking but coverity fails to detect the checks.
> >> > We are adding asserts as a secondary check.
> >> > ---
> >> > bsps/shared/ofw/ofw.c | 12 +++++++++++-
> >> > 1 file changed, 11 insertions(+), 1 deletion(-)
> >> >
> >> > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
> >> > index f4b8b63931..0e0a7033ab 100644
> >> > --- a/bsps/shared/ofw/ofw.c
> >> > +++ b/bsps/shared/ofw/ofw.c
> >> > @@ -42,6 +42,7 @@
> >> > #include <assert.h>
> >> > #include <rtems/sysinit.h>
> >> > #include <ofw/ofw_test.h>
> >> > +#include <rtems/score/assert.h>
> >> >
> >> > static void *fdtp = NULL;
> >> >
> >> > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
> >> > const void *prop;
> >> > int offset;
> >> > int len;
> >> > + int copy_len;
> >> > uint32_t cpuid;
> >> >
> >> > offset = rtems_fdt_phandle_to_offset(node);
> >> > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
> >> > return -1;
> >> > }
> >> >
> >> > - bcopy(prop, buf, MIN(len, bufsize));
> >> > + copy_len = MIN(len, bufsize);
> >> > + _Assert(copy_len <= bufsize);
> >> > + memmove(prop, buf, copy_len);
> >> >
> >> > return len;
> >> > }
> >> > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
> >> > range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
> >> > range.size = fdt32_to_cpu(ptr[j].size);
> >> >
> >> > + /**
> >> > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid
> >> > + * address for buf[i]. If buf[i] points to any address larger
> >> > + * than this, it will be an out of bound access
> >> > + */
> >> > + _Assert(&buf[i] < (buf + size - (sizeof(buf[0]) - 1)));
> >> > if (buf[i].start >= range.child_bus &&
> >> > buf[i].start < range.child_bus + range.size) {
> >> > offset = range.parent_bus - range.child_bus;
> >> > --
> >> > 2.17.1
> >> >
More information about the devel
mailing list