[PATCH v3] bsps/shared/ofw: Fix coverity defects
Gedare Bloom
gedare at rtems.org
Thu May 6 16:57:19 UTC 2021
ok, Vijay please push
On Thu, May 6, 2021 at 2:06 AM G S Niteesh Babu <niteesh.gs at gmail.com> wrote:
>
> This patch adds asserts to fix coverity defects
> 1) CID 1474437 (Out-of-bounds access)
> 2) CID 1474436 (Out-of-bounds access)
>
> From manual inspection, out of bounds access cannot occur due to
> bounds checking but coverity fails to detect the checks.
> We are adding asserts as a secondary check.
> ---
> bsps/shared/ofw/ofw.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
> index f4b8b63931..f7638b98ef 100644
> --- a/bsps/shared/ofw/ofw.c
> +++ b/bsps/shared/ofw/ofw.c
> @@ -42,6 +42,7 @@
> #include <assert.h>
> #include <rtems/sysinit.h>
> #include <ofw/ofw_test.h>
> +#include <rtems/score/assert.h>
>
> static void *fdtp = NULL;
>
> @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
> const void *prop;
> int offset;
> int len;
> + int copy_len;
> uint32_t cpuid;
>
> offset = rtems_fdt_phandle_to_offset(node);
> @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
> return -1;
> }
>
> - bcopy(prop, buf, MIN(len, bufsize));
> + copy_len = MIN(len, bufsize);
> + _Assert(copy_len <= bufsize);
> + memmove(buf, prop, copy_len);
>
> return len;
> }
> @@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
> range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
> range.size = fdt32_to_cpu(ptr[j].size);
>
> + /**
> + * (buf + size - (sizeof(buf[0]) - 1) is the last valid
> + * address for buf[i]. If buf[i] points to any address larger
> + * than this, it will be an out of bound access
> + */
> + _Assert(&buf[i] < (buf + size - (sizeof(buf[0]) - 1)));
> if (buf[i].start >= range.child_bus &&
> buf[i].start < range.child_bus + range.size) {
> offset = range.parent_bus - range.child_bus;
> --
> 2.17.1
>
More information about the devel
mailing list