alright looks good. Vijay or Christian please confirm and push if you're good with it too.
On Wed, May 5, 2021 at 12:52 AM Niteesh G. S. <niteesh...@gmail.com> wrote: > > > > On Mon, May 3, 2021 at 11:23 PM Gedare Bloom <ged...@rtems.org> wrote: >> >> Hi Niteesh, >> >> This looks good to me. What/how did you test it? > > I tested it using the ofw01 test > https://git.rtems.org/rtems/tree/testsuites/libtests/ofw01/init.c > and read EEPROM using i2c. > >> >> Gedare >> >> On Sat, May 1, 2021 at 6:31 AM G S Niteesh Babu <niteesh...@gmail.com> wrote: >> > >> > This patch adds asserts to fix coverity defects >> > 1) CID 1474437 (Out-of-bounds access) >> > 2) CID 1474436 (Out-of-bounds access) >> > >> > From manual inspection, out of bounds access cannot occur due to >> > bounds checking but coverity fails to detect the checks. >> > We are adding asserts as a secondary check. >> > --- >> > bsps/shared/ofw/ofw.c | 12 +++++++++++- >> > 1 file changed, 11 insertions(+), 1 deletion(-) >> > >> > diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c >> > index f4b8b63931..0e0a7033ab 100644 >> > --- a/bsps/shared/ofw/ofw.c >> > +++ b/bsps/shared/ofw/ofw.c >> > @@ -42,6 +42,7 @@ >> > #include <assert.h> >> > #include <rtems/sysinit.h> >> > #include <ofw/ofw_test.h> >> > +#include <rtems/score/assert.h> >> > >> > static void *fdtp = NULL; >> > >> > @@ -186,6 +187,7 @@ ssize_t rtems_ofw_get_prop( >> > const void *prop; >> > int offset; >> > int len; >> > + int copy_len; >> > uint32_t cpuid; >> > >> > offset = rtems_fdt_phandle_to_offset(node); >> > @@ -226,7 +228,9 @@ ssize_t rtems_ofw_get_prop( >> > return -1; >> > } >> > >> > - bcopy(prop, buf, MIN(len, bufsize)); >> > + copy_len = MIN(len, bufsize); >> > + _Assert(copy_len <= bufsize); >> > + memmove(prop, buf, copy_len); >> > >> > return len; >> > } >> > @@ -637,6 +641,12 @@ int rtems_ofw_get_reg( >> > range.child_bus = fdt32_to_cpu(ptr[j].child_bus); >> > range.size = fdt32_to_cpu(ptr[j].size); >> > >> > + /** >> > + * (buf + size - (sizeof(buf[0]) - 1) is the last valid >> > + * address for buf[i]. If buf[i] points to any address larger >> > + * than this, it will be an out of bound access >> > + */ >> > + _Assert(&buf[i] < (buf + size - (sizeof(buf[0]) - 1))); >> > if (buf[i].start >= range.child_bus && >> > buf[i].start < range.child_bus + range.size) { >> > offset = range.parent_bus - range.child_bus; >> > -- >> > 2.17.1 >> > _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
