[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwts-devel
Subject:    ACK: [PATCH] lib: fwts_multiproc: add sanity check to data->size to clean up static analysis warning
From:       ivanhu <ivan.hu () canonical ! com>
Date:       2020-01-14 4:18:47
Message-ID: 104aa7c9-9eec-3750-dedd-a90e4ae39cfa () canonical ! com
[Download RAW message or body]



On 1/13/20 7:22 PM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> Static analysis warns that the data->size is not validated so add a simple
> sanity check on the size.  This is a moot point as we know the size is never
> going to be huge and we have to trust the given table size, but this at least
> sanity checks things and keeps static analyzers happy.
> 
> Addresses-Coverity: ("Untrusted value as argument")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  src/lib/src/fwts_multiproc.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/src/lib/src/fwts_multiproc.c b/src/lib/src/fwts_multiproc.c
> index 1402c1a7..c79c0be3 100644
> --- a/src/lib/src/fwts_multiproc.c
> +++ b/src/lib/src/fwts_multiproc.c
> @@ -39,6 +39,8 @@
>  #define BIOS_START      (0x000e0000)            /* Start of BIOS memory */
>  #define BIOS_END        (0x000fffff)            /* End of BIOS memory */
>  
> +#define MAX_SIZE(x)	(1UL << (sizeof(x) * 8))
> +
>  /*
>   *  fwts_mp_get_address()
>   *	scan for _MP_ floating pointer, set phys_addr if found.
> @@ -111,6 +113,7 @@ int fwts_mp_data_get(fwts_mp_data *data)
>  	void *mem;
>  	uint8_t *tmp;
>  	fwts_mp_config_table_header *header;
> +	int max_data_size;
>  
>  	if (data == NULL)
>  		return FWTS_ERROR;
> @@ -130,6 +133,10 @@ int fwts_mp_data_get(fwts_mp_data *data)
>  
>  	data->size = header->base_table_length +
>  		((header->spec_rev == 1) ? 0 : header->extended_table_length);
> +	max_data_size = MAX_SIZE(header->base_table_length) +
> +			MAX_SIZE(header->extended_table_length);
> +	if (data->size < 0 || data->size > max_data_size)
> +		return FWTS_ERROR;
>  
>  	/* Remap with full header and table now we know how big it is */
>  	(void)fwts_munmap(mem, sizeof(fwts_mp_config_table_header));
> 



Acked-by: Ivan Hu <ivan.hu@canonical.com>

-- 
fwts-devel mailing list
fwts-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/fwts-devel

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic