diff options
| author | G S Niteesh Babu <niteesh.gs@gmail.com> | 2021-05-06 13:36:02 +0530 |
|---|---|---|
| committer | Vijay Kumar Banerjee <vijay@rtems.org> | 2021-05-06 16:44:38 -0600 |
| commit | b391affc3604ba661a8f427db53a4027e4ed32f9 (patch) | |
| tree | 2ffd02dc2a08b13492d095228a6a0151b8cb65ae | |
| parent | Return NULL for zero size allocations (diff) | |
| download | rtems-b391affc3604ba661a8f427db53a4027e4ed32f9.tar.bz2 | |
bsps/shared/ofw: Fix coverity defects
This patch adds asserts to fix coverity defects
1) CID 1474437 (Out-of-bounds access)
2) CID 1474436 (Out-of-bounds access)
From manual inspection, out of bounds access cannot occur due to
bounds checking but coverity fails to detect the checks.
We are adding asserts as a secondary check.
| -rw-r--r-- | bsps/shared/ofw/ofw.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c index f4b8b63931..f7638b98ef 100644 --- a/bsps/shared/ofw/ofw.c +++ b/bsps/shared/ofw/ofw.c @@ -42,6 +42,7 @@ #include <assert.h> #include <rtems/sysinit.h> #include <ofw/ofw_test.h> +#include <rtems/score/assert.h> static void *fdtp = NULL; @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( const void *prop; int offset; int len; + int copy_len; uint32_t cpuid; offset = rtems_fdt_phandle_to_offset(node); @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( return -1; } - bcopy(prop, buf, MIN(len, bufsize)); + copy_len = MIN(len, bufsize); + _Assert(copy_len <= bufsize); + memmove(buf, prop, copy_len); return len; } @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( range.child_bus = fdt32_to_cpu(ptr[j].child_bus); range.size = fdt32_to_cpu(ptr[j].size); + /** + * (buf + size - (sizeof(buf[0]) - 1) is the last valid + * address for buf[i]. If buf[i] points to any address larger + * than this, it will be an out of bound access + */ + _Assert(&buf[i] < (buf + size - (sizeof(buf[0]) - 1))); if (buf[i].start >= range.child_bus && buf[i].start < range.child_bus + range.size) { offset = range.parent_bus - range.child_bus; |