Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fortify error on Android Pie ('sendto: prevented 40-byte read from 24-byte buffer') #12334

Merged
merged 5 commits into from
Nov 29, 2021
Merged

Fix fortify error on Android Pie ('sendto: prevented 40-byte read from 24-byte buffer') #12334

merged 5 commits into from
Nov 29, 2021

Conversation

milezhacks
Copy link
Contributor

@milezhacks milezhacks commented Nov 29, 2021
edited
Loading

Problem

When running CHIP on Android Pie, I'm hitting the following error:

FORTIFY: sendto: prevented 40-byte read from 24-byte buffer

I've traced this to the call getifaddrs(&mAddrsList) on https://github.com/project-chip/connectedhomeip/blob/master/src/inet/InetInterface.cpp#L653

The implementation for this function (on Android) comes from:
https://github.com/project-chip/connectedhomeip/blob/master/src/inet/InetInterface.cpp#L54

I did NOT encounter this error on Android N. Incidentally, the Fortify check for send()/sendto() was added in Android O: https://android.googlesource.com/platform/bionic/+/master/docs/status.md

Upon reviewing the implementation for getifaddrs() in third_party/android/platform-libcore/android-platform-libcore/ifaddrs-android.h (line 182), it looks like the size of the buffer is swollen by the padding and alignment macros.

Incidentally, bionic has provided its own <ifaddrs.h> since at least Android L.

Change overview

Removed #include of android/libcore/ifaddrs-android.h in favor of sysroot <ifaddrs.h>

Testing

Tested on Android P using BLE commissioning for a matter-over-wifi device using both libcore/ifaddrs-android.h and native bionic ifaddrs.h.
On the former, the fortify check would fail and, with the latter, would pass.

@boring-cyborg boring-cyborg bot added the inet label Nov 29, 2021
@restyled-io restyled-io bot mentioned this pull request Nov 29, 2021
Closed
@github-actions
Copy link

github-actions bot commented Nov 29, 2021
edited
Loading

PR #12334: Size comparison from 3db5731 to b9077d3

Full report (38 builds for efr32, esp32, k32w, linux, mbed, nrfconnect, p6, qpg, telink)
platform target config section 3db5731 b9077d3 change % change
efr32 lighting-app BRD4161A (read only) 762200 762200 0 0.0
(read/write) 119836 119836 0 0.0
.bss 118012 118012 0 0.0
.data 1820 1820 0 0.0
.text 762192 762192 0 0.0
BRD4161A+rpc (read only) 790648 790648 0 0.0
(read/write) 138132 138132 0 0.0
.bss 136212 136212 0 0.0
.data 1920 1920 0 0.0
.text 790640 790640 0 0.0
lock-app BRD4161A (read only) 736144 736144 0 0.0
(read/write) 117540 117540 0 0.0
.bss 115764 115764 0 0.0
.data 1776 1776 0 0.0
.text 736136 736136 0 0.0
window-app BRD4161A (read only) 739208 739208 0 0.0
(read/write) 117972 117972 0 0.0
.bss 116188 116188 0 0.0
.data 1784 1784 0 0.0
.text 739200 739200 0 0.0
esp32 all-clusters-app c3devkit (read only) 836020 836020 0 0.0
(read/write) 1224474 1224474 0 0.0
.dram0.bss 59144 59144 0 0.0
.dram0.data 13988 13988 0 0.0
.flash.rodata 166080 166080 0 0.0
.flash.text 836020 836020 0 0.0
.iram0.text 61390 61390 0 0.0
m5stack (read only) 907959 907959 0 0.0
(read/write) 423692 423692 0 0.0
.dram0.bss 64536 64536 0 0.0
.dram0.data 33960 33960 0 0.0
.flash.rodata 193916 193916 0 0.0
.flash.text 902575 902575 0 0.0
.iram0.text 122943 122943 0 0.0
k32w lighting-app k32w061+se05x+release (read/write) 723316 723316 0 0.0
.bss 78292 78292 0 0.0
.data 1844 1844 0 0.0
.text 637380 637380 0 0.0
lock-app k32w061+debug (read/write) 612388 612388 0 0.0
.bss 68740 68740 0 0.0
.data 1808 1808 0 0.0
.text 536040 536040 0 0.0
shell k32w061+debug (read/write) 677712 677712 0 0.0
.bss 79892 79892 0 0.0
.data 1780 1780 0 0.0
.text 590240 590240 0 0.0
linux all-clusters-app debug (read only) 1775225 1775225 0 0.0
(read/write) 131416 131416 0 0.0
.bss 60144 60144 0 0.0
.data 1040 1040 0 0.0
.data.rel.ro 64928 64928 0 0.0
.dynamic 592 592 0 0.0
.got 4112 4112 0 0.0
.init 27 27 0 0.0
.init_array 576 576 0 0.0
.rodata 139093 139093 0 0.0
.text 1497762 1497762 0 0.0
bridge-app debug+rpc (read only) 1349405 1349405 0 0.0
(read/write) 77856 77856 0 0.0
.bss 41744 41744 0 0.0
.data 1680 1680 0 0.0
.data.rel.ro 29384 29384 0 0.0
.dynamic 592 592 0 0.0
.got 3984 3984 0 0.0
.init 27 27 0 0.0
.init_array 424 424 0 0.0
.rodata 113596 113596 0 0.0
.text 1135717 1135717 0 0.0
chip-tool debug (read only) 6095557 6095557 0 0.0
(read/write) 198744 198744 0 0.0
.bss 40096 40096 0 0.0
.data 1008 1008 0 0.0
.data.rel.ro 152048 152048 0 0.0
.dynamic 592 592 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 496 496 0 0.0
.rodata 293096 293096 0 0.0
.text 5413029 5413029 0 0.0
lighting-app debug+rpc (read only) 1629209 1629209 0 0.0
(read/write) 110976 110976 0 0.0
.bss 47440 47440 0 0.0
.data 1232 1232 0 0.0
.data.rel.ro 56976 56976 0 0.0
.dynamic 608 608 0 0.0
.got 4136 4136 0 0.0
.init 27 27 0 0.0
.init_array 552 552 0 0.0
.rodata 132017 132017 0 0.0
.text 1359474 1359474 0 0.0
ota-provider-app debug (read only) 1310401 1310401 0 0.0
(read/write) 76312 76312 0 0.0
.bss 44320 44320 0 0.0
.data 912 912 0 0.0
.data.rel.ro 25944 25944 0 0.0
.dynamic 592 592 0 0.0
.got 4048 4048 0 0.0
.init 27 27 0 0.0
.init_array 464 464 0 0.0
.rodata 114896 114896 0 0.0
.text 1095154 1095154 0 0.0
ota-requestor-app debug (read only) 1406889 1406889 0 0.0
(read/write) 80144 80144 0 0.0
.bss 46752 46752 0 0.0
.data 976 976 0 0.0
.data.rel.ro 27272 27272 0 0.0
.dynamic 592 592 0 0.0
.got 4032 4032 0 0.0
.init 27 27 0 0.0
.init_array 488 488 0 0.0
.rodata 126400 126400 0 0.0
.text 1177346 1177346 0 0.0
shell debug (read only) 820449 820449 0 0.0
(read/write) 66808 66808 0 0.0
.bss 23496 23496 0 0.0
.data 224 224 0 0.0
.data.rel.ro 38560 38560 0 0.0
.dynamic 592 592 0 0.0
.got 3560 3560 0 0.0
.init 27 27 0 0.0
.init_array 360 360 0 0.0
.rodata 79154 79154 0 0.0
.text 634610 634610 0 0.0
tv-app debug (read only) 1921361 1921361 0 0.0
(read/write) 318944 318944 0 0.0
.bss 250264 250264 0 0.0
.data 1504 1504 0 0.0
.data.rel.ro 61480 61480 0 0.0
.dynamic 592 592 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 161032 161032 0 0.0
.text 1611986 1611986 0 0.0
mbed all-clusters-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2295088 2295088 0 0.0
.bss 181884 181884 0 0.0
.data 5128 5128 0 0.0
.heap 849432 849432 0 0.0
.text 1257688 1257688 0 0.0
lighting-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2280368 2280368 0 0.0
.bss 172492 172492 0 0.0
.data 5488 5488 0 0.0
.heap 858464 858464 0 0.0
.text 1242968 1242968 0 0.0
lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2253448 2253448 0 0.0
.bss 171308 171308 0 0.0
.data 5472 5472 0 0.0
.heap 859664 859664 0 0.0
.text 1216048 1216048 0 0.0
pigweed-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 1139744 1139744 0 0.0
.bss 11752 11752 0 0.0
.data 4368 4368 0 0.0
.heap 1020328 1020328 0 0.0
.text 103128 103128 0 0.0
shell CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2051040 2051040 0 0.0
.bss 156496 156496 0 0.0
.data 4872 4872 0 0.0
.heap 875080 875080 0 0.0
.text 1013640 1013640 0 0.0
nrfconnect lighting-app nrf52840dk_nrf52840 (read/write) 875615 875615 0 0.0
bss 112660 112660 0 0.0
rodata 97296 97296 0 0.0
text 590116 590116 0 0.0
nrf52840dk_nrf52840+rpc (read/write) 838191 838191 0 0.0
bss 109012 109012 0 0.0
rodata 88544 88544 0 0.0
text 564432 564432 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 800650 800650 0 0.0
bss 114036 114036 0 0.0
rodata 92556 92556 0 0.0
text 519580 519580 0 0.0
lock-app nrf52840dk_nrf52840 (read/write) 846539 846539 0 0.0
bss 109700 109700 0 0.0
rodata 93084 93084 0 0.0
text 568388 568388 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 771810 771810 0 0.0
bss 111108 111108 0 0.0
rodata 88372 88372 0 0.0
text 497940 497940 0 0.0
pigweed-app nrf52840dk_nrf52840 (read/write) 497327 497327 0 0.0
bss 51824 51824 0 0.0
rodata 45780 45780 0 0.0
text 339436 339436 0 0.0
pump-app nrf52840dk_nrf52840 (read/write) 852511 852511 0 0.0
bss 109836 109836 0 0.0
rodata 94792 94792 0 0.0
text 572432 572432 0 0.0
pump-controller-app nrf52840dk_nrf52840 (read/write) 845615 845615 0 0.0
bss 109712 109712 0 0.0
rodata 92952 92952 0 0.0
text 567512 567512 0 0.0
shell nrf52840dk_nrf52840 (read/write) 778451 778451 0 0.0
bss 109180 109180 0 0.0
rodata 73192 73192 0 0.0
text 521576 521576 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 693482 693482 0 0.0
bss 110164 110164 0 0.0
rodata 67836 67836 0 0.0
text 442184 442184 0 0.0
p6 all-clusters-app default (read/write) 2311416 2311416 0 0.0
.bss 114688 114688 0 0.0
.data 2432 2432 0 0.0
.heap 916224 916224 0 0.0
.text 1269680 1269680 0 0.0
lock-app default (read/write) 2223232 2223232 0 0.0
.bss 100976 100976 0 0.0
.data 2304 2304 0 0.0
.heap 930064 930064 0 0.0
.text 1181496 1181496 0 0.0
qpg lighting-app qpg6100+debug (read only) 493652 493652 0 0.0
(read/write) 114144 114144 0 0.0
.bss 77464 77464 0 0.0
.data 920 920 0 0.0
.text 488332 488332 0 0.0
lock-app qpg6100+debug (read only) 466328 466328 0 0.0
(read/write) 114144 114144 0 0.0
.bss 76376 76376 0 0.0
.data 872 872 0 0.0
.text 461008 461008 0 0.0
persistent-storage-app qpg6100+debug (read only) 105612 105612 0 0.0
(read/write) 114138 114138 0 0.0
.bss 35218 35218 0 0.0
.data 276 276 0 0.0
.text 100292 100292 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 777398 777398 0 0.0
bss 79236 79236 0 0.0
noinit 37160 37160 0 0.0
text 540724 540724 0 0.0

@andy31415 andy31415 changed the title Issues/12326 Fix fortify error on Android Pie ('sendto: prevented 40-byte read from 24-byte buffer') Nov 29, 2021
@andy31415
Copy link
Contributor

fast track - trivial change, affects android only which was explicitly tested.

@andy31415 andy31415 merged commit 50c8e54 into project-chip:master Nov 29, 2021
@emargolis emargolis mentioned this pull request Aug 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andy31415 andy31415 andy31415 approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@balducci-apple balducci-apple Awaiting requested review from balducci-apple

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@carol-apple carol-apple Awaiting requested review from carol-apple

@cecille cecille Awaiting requested review from cecille

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@emargolis emargolis Awaiting requested review from emargolis

@franck-apple franck-apple Awaiting requested review from franck-apple

@hawk248 hawk248 Awaiting requested review from hawk248

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@kghost kghost Awaiting requested review from kghost

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@LuDuda LuDuda Awaiting requested review from LuDuda

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@mrjerryjohns mrjerryjohns Awaiting requested review from mrjerryjohns

@msandstedt msandstedt Awaiting requested review from msandstedt

@pan-apple pan-apple Awaiting requested review from pan-apple

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@turon turon Awaiting requested review from turon

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@yunhanw-google yunhanw-google Awaiting requested review from yunhanw-google

Assignees
No one assigned
Labels
fast track inet review - pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@milezhacks @andy31415