Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copy of Overlapping Memory in snprintf #1173

Closed
ArielSAdamsNASA opened this issue Sep 29, 2021 · 4 comments · Fixed by #1355
Closed

Copy of Overlapping Memory in snprintf #1173

ArielSAdamsNASA opened this issue Sep 29, 2021 · 4 comments · Fixed by #1355
Assignees
@jphickey
Labels
bug draco-rc4
Milestone
Draco

Comments

@ArielSAdamsNASA
Copy link
Contributor

ArielSAdamsNASA commented Sep 29, 2021
edited
Loading

Describe the bug
In the call to function snprintf, the object pointed to by argument local->volume_name may overlap with the object pointed to by argument local->system_mountpt.

local->system_mountpt is 64 bytes off of the address of OS_filesys_table[OS_ObjectIndexFromToken(token)].

local->volume_name is 32 bytes off of the address of OS_filesys_table[OS_ObjectIndexFromToken(token)]

Expected behavior
Resolve possible overlap.

Code snips

osal/src/os/posix/src/os-impl-filesys.c

Line 175 in 42af0f7

snprintf(local->system_mountpt, sizeof(local->system_mountpt), "%s/osal:%s", tmpdir, local->volume_name);

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Reporter Info
Ariel Adams, ASRC Federal
jphickey pushed a commit to jphickey/osal that referenced this issue Aug 10, 2022
@astrogeco
Merge pull request nasa#1173 from skliper/fix1172-defaultreturnvalue
b19a65d 
Fix nasa#1172, Update to use Ut_Stub_CheckDefaultReturnValue API
@Jkillelea
Copy link

Hi all,

This bug just cropped up for me again, at commit 419c673.

The specific error is:

/home/[user]/projects/cFS/osal/src/os/posix/src/os-impl-filesys.c:173:9: error: ‘snprintf’ argument 5 overlaps destination object ‘OS_filesys_table’ [-Werror=restrict]
  173 |         snprintf(local->system_mountpt, sizeof(local->system_mountpt), "%s/osal:%s", tmpdir, local->volume_name);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@sunbrst
Copy link

sunbrst commented Jan 22, 2023

Confirmed that I'm seeing this issue too (failing a build of cFS - https://github.com/nasa/cFS). Has anyone found a commit that works for this?

@jphickey jphickey self-assigned this Jan 23, 2023
@jphickey
Copy link
Contributor

I've looked at this before but it doesn't seem like a real issue. Yes - the volume_name and system_mountpt are members of the same struct, but they don't overlap. As long as volume_name is properly null-terminated within OS_FS_VOL_NAME_LEN bytes (32 by default, which it should be, I can't see any reason why it would not be) then this will not access overlapping memory.

I think the reason the compiler reports this warning is because if it was not null-terminated, it could theoretically write up to OS_MAX_LOCAL_PATH_LEN bytes into the destination, which is 128 by default. Because the pointers are only 32 bytes apart, this is why it gets flagged.

I am thinking of a possible workaround but in the meantime I'd suggest just adding -Wno-restrict to your compiler options.

@jphickey jphickey mentioned this issue Jan 23, 2023
Merged
2 tasks
dzbaker added a commit that referenced this issue Jan 26, 2023
@dzbaker
Merge pull request #1355 from jphickey/fix-1173-mountpt-string-append
963d357 
Fix #1173, separate append on volume_name to system_mountpt
@dzbaker dzbaker mentioned this issue Jan 26, 2023
Merged
2 tasks
@smparekh
Copy link

Thanks folks, I can confirm building of cFS on the latest commit.

@chillfig chillfig added this to the Draco milestone Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jphickey jphickey

Labels
bug draco-rc4
Projects
None yet
Milestone
Draco
Development

Successfully merging a pull request may close this issue.

Fix #1173, separate append on volume_name to system_mountpt jphickey/osal
6 participants
@smparekh @Jkillelea @jphickey @sunbrst @chillfig @ArielSAdamsNASA