Using Undefined Behavior to detect pointer arithmetic overflow in older version of libfdt #1967
Comments
jenswi-linaro
added a commit
to jenswi-linaro/optee_os
that referenced
this issue
Nov 23, 2017
Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Fixes: OP-TEE#1967
Signed-off-by: Jens Wiklander <[email protected]>
|
Fix in #1969 |
|
By the way, thanks for reporting. :-) |
|
seems I can close this issue now. |
jenswi-linaro
added a commit
to jenswi-linaro/optee_os
that referenced
this issue
Nov 23, 2017
Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Acked-by: Jerome Forissier <[email protected]>
Fixes: OP-TEE#1967
Signed-off-by: Jens Wiklander <[email protected]>
jforissier
pushed a commit
that referenced
this issue
Nov 23, 2017
Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Acked-by: Jerome Forissier <[email protected]>
Fixes: #1967
Signed-off-by: Jens Wiklander <[email protected]>
takuya-sakata
pushed a commit
to renesas-rcar/optee_os
that referenced
this issue
May 28, 2018
Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Acked-by: Jerome Forissier <[email protected]>
Fixes: OP-TEE/optee_os#1967
Signed-off-by: Jens Wiklander <[email protected]>
jordanrh1
pushed a commit
to ms-iot/optee_os
that referenced
this issue
Oct 16, 2018
Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").
Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.
To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.
Acked-by: Jerome Forissier <[email protected]>
Fixes: OP-TEE/optee_os#1967
Signed-off-by: Jens Wiklander <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all,
Our code scanner Pinpoint has reported an invalid testing for overflow in libfdt,
optee_os/core/lib/libfdt/fdt.c
Lines 77 to 91 in b1469ba
the following overflow detection is undefined behavior and might be discarded by compilers in different optimization levels[1].
this has been fixed in the upstream of libfdt:
dgibson/dtc@d0b3ab0#diff-842629fc73576aaea15c3de45cb95f93
Regards,
Alex, Sourcebrella Inc.
[1] Figure 4, Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
The text was updated successfully, but these errors were encountered: