summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorG S Niteesh Babu <niteesh.gs@gmail.com>2021-05-06 13:36:02 +0530
committerVijay Kumar Banerjee <vijay@rtems.org>2021-05-06 16:44:38 -0600
commitb391affc3604ba661a8f427db53a4027e4ed32f9 (patch)
tree2ffd02dc2a08b13492d095228a6a0151b8cb65ae
parent2c5199bb049efe8e29cd12461dc57bd6e30388e8 (diff)
downloadrtems-b391affc3604ba661a8f427db53a4027e4ed32f9.tar.bz2
bsps/shared/ofw: Fix coverity defects
This patch adds asserts to fix coverity defects 1) CID 1474437 (Out-of-bounds access) 2) CID 1474436 (Out-of-bounds access) From manual inspection, out of bounds access cannot occur due to bounds checking but coverity fails to detect the checks. We are adding asserts as a secondary check.
-rw-r--r--bsps/shared/ofw/ofw.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c
index f4b8b63931..f7638b98ef 100644
--- a/bsps/shared/ofw/ofw.c
+++ b/bsps/shared/ofw/ofw.c
@@ -42,6 +42,7 @@
#include <assert.h>
#include <rtems/sysinit.h>
#include <ofw/ofw_test.h>
+#include <rtems/score/assert.h>
static void *fdtp = NULL;
@@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop(
const void *prop;
int offset;
int len;
+ int copy_len;
uint32_t cpuid;
offset = rtems_fdt_phandle_to_offset(node);
@@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop(
return -1;
}
- bcopy(prop, buf, MIN(len, bufsize));
+ copy_len = MIN(len, bufsize);
+ _Assert(copy_len <= bufsize);
+ memmove(buf, prop, copy_len);
return len;
}
@@ -637,6 +641,12 @@ int rtems_ofw_get_reg(
range.child_bus = fdt32_to_cpu(ptr[j].child_bus);
range.size = fdt32_to_cpu(ptr[j].size);
+ /**
+ * (buf + size - (sizeof(buf[0]) - 1) is the last valid
+ * address for buf[i]. If buf[i] points to any address larger
+ * than this, it will be an out of bound access
+ */
+ _Assert(&buf[i] < (buf + size - (sizeof(buf[0]) - 1)));
if (buf[i].start >= range.child_bus &&
buf[i].start < range.child_bus + range.size) {
offset = range.parent_bus - range.child_bus;