Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[client] Fix #19351 - vFillBuffer fix uint16 summation overflow. #19540

Closed
wants to merge 2 commits into from
Closed

[client] Fix #19351 - vFillBuffer fix uint16 summation overflow. #19540

wants to merge 2 commits into from

Conversation

turon
Copy link
Contributor

@turon turon commented Jun 13, 2022
edited
Loading

Problem

Fix #19351
NCC-E003350-HRX

uint16 overflow issue in vFillBuffer() flagged by security audit.

Change overview

suggested fix

Testing

CI

@boring-cyborg boring-cyborg bot added the app label Jun 13, 2022
@turon turon added the security label Jun 13, 2022
@restyled-io restyled-io bot mentioned this pull request Jun 13, 2022
Closed
@turon turon force-pushed the security/NCC-E003350-HRX branch from acb077e to 946776c Compare June 13, 2022 21:57
@github-actions
Copy link

github-actions bot commented Jun 13, 2022
edited
Loading

PR #19540: Size comparison from 3605ef9 to 946776c

Increases (5 builds for k32w, linux, nrfconnect, telink)
platform target config section 3605ef9 946776c change % change
k32w light k32w061+release (read/write) 657232 657248 16 0.0
.text 579656 579672 16 0.0
linux all-clusters-app debug (read only) 2923761 2923777 16 0.0
.text 2489906 2489922 16 0.0
shell debug (read only) 2604841 2604857 16 0.0
.text 2215746 2215762 16 0.0
nrfconnect all-clusters-minimal-app nrf52840dk_nrf52840 text 791968 791972 4 0.0
telink lighting-app tlsr9518adk80d text 573324 573326 2 0.0
Decreases (3 builds for esp32, telink)
platform target config section 3605ef9 946776c change % change
esp32 all-clusters-app c3devkit (read only) 1012670 1012668 -2 -0.0
.flash.text 1012670 1012668 -2 -0.0
m5stack (read only) 1066979 1066975 -4 -0.0
.flash.text 1061595 1061591 -4 -0.0
telink light-switch-app tlsr9518adk80d (read/write) 786724 786716 -8 -0.0
text 556634 556632 -2 -0.0
Full report (36 builds for cc13x2_26x2, cyw30739, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 3605ef9 946776c change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 658295 658295 0 0.0
(read/write) 192592 192592 0 0.0
.bss 73780 73780 0 0.0
.data 3416 3416 0 0.0
.rodata 87023 87023 0 0.0
.text 570960 570960 0 0.0
all-clusters-minimal-app LP_CC2652R7 (read only) 644835 644835 0 0.0
(read/write) 157276 157276 0 0.0
.bss 73004 73004 0 0.0
.data 3356 3356 0 0.0
.rodata 90035 90035 0 0.0
.text 554480 554480 0 0.0
lock-ftd LP_CC2652R7 (read only) 687707 687707 0 0.0
(read/write) 154252 154252 0 0.0
.bss 71740 71740 0 0.0
.data 3280 3280 0 0.0
.rodata 98859 98859 0 0.0
.text 588364 588364 0 0.0
lock-mtd LP_CC2652R7 (read only) 637115 637115 0 0.0
(read/write) 144872 144872 0 0.0
.bss 67476 67476 0 0.0
.data 3280 3280 0 0.0
.rodata 98739 98739 0 0.0
.text 537884 537884 0 0.0
pump-app LP_CC2652R7 (read only) 669083 669083 0 0.0
(read/write) 173788 173788 0 0.0
.bss 71884 71884 0 0.0
.data 3316 3316 0 0.0
.rodata 86979 86979 0 0.0
.text 581620 581620 0 0.0
pump-controller-app LP_CC2652R7 (read only) 659655 659655 0 0.0
(read/write) 183320 183320 0 0.0
.bss 71988 71988 0 0.0
.data 3276 3276 0 0.0
.rodata 84879 84879 0 0.0
.text 574292 574292 0 0.0
shell LP_CC2652R7 (read only) 688446 688446 0 0.0
(read/write) 157936 157936 0 0.0
.bss 76076 76076 0 0.0
.data 3420 3420 0 0.0
.rodata 110094 110094 0 0.0
.text 578040 578040 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 606562 606562 0 0.0
.app_xip_area 465060 465060 0 0.0
.bss 84432 84432 0 0.0
.data 756 756 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
lock cyw930739m2evb_01 (read/write) 603678 603678 0 0.0
.app_xip_area 462032 462032 0 0.0
.bss 84608 84608 0 0.0
.data 724 724 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 611382 611382 0 0.0
.app_xip_area 470808 470808 0 0.0
.bss 83616 83616 0 0.0
.data 644 644 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
esp32 all-clusters-app c3devkit (read only) 1012670 1012668 -2 -0.0
(read/write) 1483282 1483282 0 0.0
.dram0.bss 69408 69408 0 0.0
.dram0.data 14696 14696 0 0.0
.flash.rodata 213744 213744 0 0.0
.flash.text 1012670 1012668 -2 -0.0
.iram0.text 62902 62902 0 0.0
m5stack (read only) 1066979 1066975 -4 -0.0
(read/write) 485392 485392 0 0.0
.dram0.bss 74936 74936 0 0.0
.dram0.data 34224 34224 0 0.0
.flash.rodata 244236 244236 0 0.0
.flash.text 1061595 1061591 -4 -0.0
.iram0.text 123267 123267 0 0.0
k32w light k32w061+release (read/write) 657232 657248 16 0.0
.bss 69748 69748 0 0.0
.data 2028 2028 0 0.0
.text 579656 579672 16 0.0
lock k32w061+release (read/write) 718860 718860 0 0.0
.bss 70180 70180 0 0.0
.data 2000 2000 0 0.0
.text 640880 640880 0 0.0
linux all-clusters-app debug (read only) 2923761 2923777 16 0.0
(read/write) 188528 188528 0 0.0
.bss 95776 95776 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 84488 84488 0 0.0
.dynamic 608 608 0 0.0
.got 4544 4544 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258205 258205 0 0.0
.text 2489906 2489922 16 0.0
all-clusters-minimal-app debug (read only) 2769193 2769193 0 0.0
(read/write) 179888 179888 0 0.0
.bss 94944 94944 0 0.0
.data 1920 1920 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258621 258621 0 0.0
.text 2337458 2337458 0 0.0
bridge-app debug+rpc (read only) 2247553 2247553 0 0.0
(read/write) 158752 158752 0 0.0
.bss 82976 82976 0 0.0
.data 3760 3760 0 0.0
.data.rel.ro 66232 66232 0 0.0
.dynamic 608 608 0 0.0
.got 4400 4400 0 0.0
.init 27 27 0 0.0
.init_array 728 728 0 0.0
.rodata 191040 191040 0 0.0
.text 1896530 1896530 0 0.0
chip-tool debug (read only) 9815973 9815973 0 0.0
(read/write) 623496 623496 0 0.0
.bss 25440 25440 0 0.0
.data 1088 1088 0 0.0
.data.rel.ro 590696 590696 0 0.0
.dynamic 624 624 0 0.0
.got 5000 5000 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 506805 506805 0 0.0
.text 7868549 7868549 0 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9563860 9563860 0 0.0
(read/write) 689841 689841 0 0.0
.bss 43697 43697 0 0.0
.data 1152 1152 0 0.0
.data.rel.ro 626128 626128 0 0.0
.dynamic 528 528 0 0.0
.got 15056 15056 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 468788 468788 0 0.0
.text 7518980 7518980 0 0.0
lighting-app debug+rpc (read only) 2504745 2504745 0 0.0
(read/write) 163864 163864 0 0.0
.bss 84544 84544 0 0.0
.data 2000 2000 0 0.0
.data.rel.ro 71432 71432 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 816 816 0 0.0
.rodata 207304 207304 0 0.0
.text 2128770 2128770 0 0.0
lock-app debug (read only) 2443465 2443465 0 0.0
(read/write) 158488 158488 0 0.0
.bss 82944 82944 0 0.0
.data 1552 1552 0 0.0
.data.rel.ro 68120 68120 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 784 784 0 0.0
.rodata 221192 221192 0 0.0
.text 2059074 2059074 0 0.0
ota-provider-app debug (read only) 2281729 2281729 0 0.0
(read/write) 152688 152688 0 0.0
.bss 82624 82624 0 0.0
.data 1784 1784 0 0.0
.data.rel.ro 62456 62456 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 680 680 0 0.0
.rodata 197336 197336 0 0.0
.text 1923202 1923202 0 0.0
ota-requestor-app debug (read only) 2329289 2329289 0 0.0
(read/write) 155504 155504 0 0.0
.bss 83328 83328 0 0.0
.data 1976 1976 0 0.0
.data.rel.ro 64392 64392 0 0.0
.dynamic 608 608 0 0.0
.got 4456 4456 0 0.0
.init 27 27 0 0.0
.init_array 712 712 0 0.0
.rodata 199520 199520 0 0.0
.text 1964738 1964738 0 0.0
shell debug (read only) 2604841 2604857 16 0.0
(read/write) 219384 219384 0 0.0
.bss 134568 134568 0 0.0
.data 1392 1392 0 0.0
.data.rel.ro 77672 77672 0 0.0
.dynamic 608 608 0 0.0
.got 4176 4176 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 229778 229778 0 0.0
.text 2215746 2215762 16 0.0
thermostat-no-ble arm64 (read only) 2557916 2557916 0 0.0
(read/write) 191409 191409 0 0.0
.bss 99377 99377 0 0.0
.data 1560 1560 0 0.0
.data.rel.ro 82376 82376 0 0.0
.dynamic 528 528 0 0.0
.got 5080 5080 0 0.0
.init 24 24 0 0.0
.init_array 400 400 0 0.0
.rodata 161332 161332 0 0.0
.text 2158912 2158912 0 0.0
tv-app debug (read only) 3050873 3050873 0 0.0
(read/write) 289864 289864 0 0.0
.bss 200200 200200 0 0.0
.data 4688 4688 0 0.0
.data.rel.ro 78528 78528 0 0.0
.dynamic 608 608 0 0.0
.got 4848 4848 0 0.0
.init 27 27 0 0.0
.init_array 952 952 0 0.0
.rodata 242720 242720 0 0.0
.text 2622370 2622370 0 0.0
tv-casting-app debug (read only) 5349977 5349977 0 0.0
(read/write) 232312 232312 0 0.0
.bss 88072 88072 0 0.0
.data 2480 2480 0 0.0
.data.rel.ro 135528 135528 0 0.0
.dynamic 608 608 0 0.0
.got 4712 4712 0 0.0
.init 27 27 0 0.0
.init_array 872 872 0 0.0
.rodata 342368 342368 0 0.0
.text 4656338 4656338 0 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2433784 2433784 0 0.0
.bss 209196 209196 0 0.0
.data 5864 5864 0 0.0
.text 1396428 1396428 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1198315 1198315 0 0.0
bss 141617 141617 0 0.0
rodata 156100 156100 0 0.0
text 821652 821652 0 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1143531 1143531 0 0.0
bss 140808 140808 0 0.0
rodata 131828 131828 0 0.0
text 791968 791972 4 0.0
p6 all-clusters-app default (read/write) 2551672 2551672 0 0.0
.bss 143408 143408 0 0.0
.data 2832 2832 0 0.0
.text 1509936 1509936 0 0.0
all-clusters-minimal-app default (read/write) 2494128 2494128 0 0.0
.bss 142624 142624 0 0.0
.data 2776 2776 0 0.0
.text 1452392 1452392 0 0.0
light-app default (read/write) 2425560 2425560 0 0.0
.bss 135736 135736 0 0.0
.data 2624 2624 0 0.0
.text 1383824 1383824 0 0.0
lock-app default (read/write) 2445968 2445968 0 0.0
.bss 135560 135560 0 0.0
.data 2600 2600 0 0.0
.text 1404232 1404232 0 0.0
telink light-switch-app tlsr9518adk80d (read/write) 786724 786716 -8 -0.0
bss 70876 70876 0 0.0
noinit 40416 40416 0 0.0
text 556634 556632 -2 -0.0
lighting-app tlsr9518adk80d (read/write) 806704 806704 0 0.0
bss 71128 71128 0 0.0
noinit 40416 40416 0 0.0
text 573324 573326 2 0.0

@turon turon requested a review from msandstedt June 13, 2022 23:30
@github-actions
Copy link

github-actions bot commented Jun 13, 2022
edited
Loading

PR #19540: Size comparison from 3605ef9 to 98dfe03

Increases (41 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 3605ef9 98dfe03 change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 658295 658927 632 0.1
.text 570960 571592 632 0.1
all-clusters-minimal-app LP_CC2652R7 (read only) 644835 645467 632 0.1
.text 554480 555112 632 0.1
lock-ftd LP_CC2652R7 (read only) 687707 688323 616 0.1
.text 588364 588980 616 0.1
lock-mtd LP_CC2652R7 (read only) 637115 637739 624 0.1
.text 537884 538508 624 0.1
pump-app LP_CC2652R7 (read only) 669083 669723 640 0.1
.text 581620 582260 640 0.1
pump-controller-app LP_CC2652R7 (read only) 659655 660279 624 0.1
.text 574292 574916 624 0.1
shell LP_CC2652R7 (read only) 688446 689070 624 0.1
.text 578040 578664 624 0.1
cyw30739 light cyw930739m2evb_01 (read/write) 606562 607170 608 0.1
.app_xip_area 465060 465668 608 0.1
lock cyw930739m2evb_01 (read/write) 603678 604286 608 0.1
.app_xip_area 462032 462640 608 0.1
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 611382 612006 624 0.1
.app_xip_area 470808 471432 624 0.1
efr32 lighting-app BRD4161A (read only) 919264 920296 1032 0.1
.text 919256 920288 1032 0.1
BRD4161A+rpc (read only) 954912 955960 1048 0.1
.text 954904 955952 1048 0.1
BRD4161A+rs911x (read only) 794388 795420 1032 0.1
.text 794380 795412 1032 0.1
lock-app BRD4161A+wf200 (read only) 962532 963396 864 0.1
.text 962524 963388 864 0.1
window-app BRD4161A (read only) 904168 905192 1024 0.1
.text 904160 905184 1024 0.1
esp32 all-clusters-app c3devkit (read only) 1012670 1013592 922 0.1
(read/write) 1483282 1483474 192 0.0
.flash.rodata 213744 213936 192 0.1
.flash.text 1012670 1013592 922 0.1
m5stack (read only) 1066979 1067867 888 0.1
(read/write) 485392 485568 176 0.0
.flash.rodata 244236 244412 176 0.1
.flash.text 1061595 1062483 888 0.1
k32w light k32w061+release (read/write) 657232 658120 888 0.1
.text 579656 580544 888 0.2
lock k32w061+release (read/write) 718860 719740 880 0.1
.text 640880 641760 880 0.1
linux all-clusters-app debug (read only) 2923761 2925345 1584 0.1
.text 2489906 2491490 1584 0.1
all-clusters-minimal-app debug (read only) 2769193 2770761 1568 0.1
.text 2337458 2339026 1568 0.1
bridge-app debug+rpc (read only) 2247553 2250161 2608 0.1
.rodata 191040 191072 32 0.0
.text 1896530 1899106 2576 0.1
chip-tool debug (read only) 9815973 9817845 1872 0.0
.text 7868549 7870421 1872 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9563860 9565452 1592 0.0
.rodata 468788 468812 24 0.0
.text 7518980 7520548 1568 0.0
lighting-app debug+rpc (read only) 2504745 2506905 2160 0.1
.rodata 207304 207336 32 0.0
.text 2128770 2130898 2128 0.1
lock-app debug (read only) 2443465 2445593 2128 0.1
.text 2059074 2061202 2128 0.1
ota-provider-app debug (read only) 2281729 2284161 2432 0.1
.rodata 197336 197368 32 0.0
.text 1923202 1925602 2400 0.1
ota-requestor-app debug (read only) 2329289 2331721 2432 0.1
.rodata 199520 199552 32 0.0
.text 1964738 1967138 2400 0.1
shell debug (read only) 2604841 2606457 1616 0.1
.rodata 229778 229810 32 0.0
.text 2215746 2217330 1584 0.1
thermostat-no-ble arm64 (read only) 2557916 2559588 1672 0.1
.rodata 161332 161356 24 0.0
.text 2158912 2160560 1648 0.1
tv-app debug (read only) 3050873 3053609 2736 0.1
.text 2622370 2625106 2736 0.1
tv-casting-app debug (read only) 5349977 5351545 1568 0.0
.text 4656338 4657906 1568 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read/write) 2433784 2434592 808 0.0
.text 1396428 1397236 808 0.1
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1198315 1198923 608 0.1
text 821652 822248 596 0.1
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1143531 1144139 608 0.1
text 791968 792568 600 0.1
p6 all-clusters-app default (read/write) 2551672 2552696 1024 0.0
.text 1509936 1510960 1024 0.1
all-clusters-minimal-app default (read/write) 2494128 2495184 1056 0.0
.text 1452392 1453448 1056 0.1
light-app default (read/write) 2425560 2426568 1008 0.0
.text 1383824 1384832 1008 0.1
lock-app default (read/write) 2445968 2446976 1008 0.0
.text 1404232 1405240 1008 0.1
telink light-switch-app tlsr9518adk80d (read/write) 786724 787596 872 0.1
text 556634 557506 872 0.2
lighting-app tlsr9518adk80d (read/write) 806704 807576 872 0.1
text 573324 574200 876 0.2
Decreases (5 builds for cc13x2_26x2)
platform target config section 3605ef9 98dfe03 change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read/write) 192592 191960 -632 -0.3
lock-ftd LP_CC2652R7 (read/write) 154252 153636 -616 -0.4
pump-app LP_CC2652R7 (read/write) 173788 173148 -640 -0.4
pump-controller-app LP_CC2652R7 (read/write) 183320 182696 -624 -0.3
shell LP_CC2652R7 (read/write) 157936 157312 -624 -0.4
Full report (41 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 3605ef9 98dfe03 change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 658295 658927 632 0.1
(read/write) 192592 191960 -632 -0.3
.bss 73780 73780 0 0.0
.data 3416 3416 0 0.0
.rodata 87023 87023 0 0.0
.text 570960 571592 632 0.1
all-clusters-minimal-app LP_CC2652R7 (read only) 644835 645467 632 0.1
(read/write) 157276 157276 0 0.0
.bss 73004 73004 0 0.0
.data 3356 3356 0 0.0
.rodata 90035 90035 0 0.0
.text 554480 555112 632 0.1
lock-ftd LP_CC2652R7 (read only) 687707 688323 616 0.1
(read/write) 154252 153636 -616 -0.4
.bss 71740 71740 0 0.0
.data 3280 3280 0 0.0
.rodata 98859 98859 0 0.0
.text 588364 588980 616 0.1
lock-mtd LP_CC2652R7 (read only) 637115 637739 624 0.1
(read/write) 144872 144872 0 0.0
.bss 67476 67476 0 0.0
.data 3280 3280 0 0.0
.rodata 98739 98739 0 0.0
.text 537884 538508 624 0.1
pump-app LP_CC2652R7 (read only) 669083 669723 640 0.1
(read/write) 173788 173148 -640 -0.4
.bss 71884 71884 0 0.0
.data 3316 3316 0 0.0
.rodata 86979 86979 0 0.0
.text 581620 582260 640 0.1
pump-controller-app LP_CC2652R7 (read only) 659655 660279 624 0.1
(read/write) 183320 182696 -624 -0.3
.bss 71988 71988 0 0.0
.data 3276 3276 0 0.0
.rodata 84879 84879 0 0.0
.text 574292 574916 624 0.1
shell LP_CC2652R7 (read only) 688446 689070 624 0.1
(read/write) 157936 157312 -624 -0.4
.bss 76076 76076 0 0.0
.data 3420 3420 0 0.0
.rodata 110094 110094 0 0.0
.text 578040 578664 624 0.1
cyw30739 light cyw930739m2evb_01 (read/write) 606562 607170 608 0.1
.app_xip_area 465060 465668 608 0.1
.bss 84432 84432 0 0.0
.data 756 756 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
lock cyw930739m2evb_01 (read/write) 603678 604286 608 0.1
.app_xip_area 462032 462640 608 0.1
.bss 84608 84608 0 0.0
.data 724 724 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 611382 612006 624 0.1
.app_xip_area 470808 471432 624 0.1
.bss 83616 83616 0 0.0
.data 644 644 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 919264 920296 1032 0.1
(read/write) 133440 133440 0 0.0
.bss 131320 131320 0 0.0
.data 2116 2116 0 0.0
.text 919256 920288 1032 0.1
BRD4161A+rpc (read only) 954912 955960 1048 0.1
(read/write) 150312 150312 0 0.0
.bss 147992 147992 0 0.0
.data 2320 2320 0 0.0
.text 954904 955952 1048 0.1
BRD4161A+rs911x (read only) 794388 795420 1032 0.1
(read/write) 129720 129720 0 0.0
.bss 127596 127596 0 0.0
.data 2124 2124 0 0.0
.text 794380 795412 1032 0.1
lock-app BRD4161A+wf200 (read only) 962532 963396 864 0.1
(read/write) 130060 130060 0 0.0
.bss 127972 127972 0 0.0
.data 2088 2088 0 0.0
.text 962524 963388 864 0.1
window-app BRD4161A (read only) 904168 905192 1024 0.1
(read/write) 133512 133512 0 0.0
.bss 131400 131400 0 0.0
.data 2108 2108 0 0.0
.text 904160 905184 1024 0.1
esp32 all-clusters-app c3devkit (read only) 1012670 1013592 922 0.1
(read/write) 1483282 1483474 192 0.0
.dram0.bss 69408 69408 0 0.0
.dram0.data 14696 14696 0 0.0
.flash.rodata 213744 213936 192 0.1
.flash.text 1012670 1013592 922 0.1
.iram0.text 62902 62902 0 0.0
m5stack (read only) 1066979 1067867 888 0.1
(read/write) 485392 485568 176 0.0
.dram0.bss 74936 74936 0 0.0
.dram0.data 34224 34224 0 0.0
.flash.rodata 244236 244412 176 0.1
.flash.text 1061595 1062483 888 0.1
.iram0.text 123267 123267 0 0.0
k32w light k32w061+release (read/write) 657232 658120 888 0.1
.bss 69748 69748 0 0.0
.data 2028 2028 0 0.0
.text 579656 580544 888 0.2
lock k32w061+release (read/write) 718860 719740 880 0.1
.bss 70180 70180 0 0.0
.data 2000 2000 0 0.0
.text 640880 641760 880 0.1
linux all-clusters-app debug (read only) 2923761 2925345 1584 0.1
(read/write) 188528 188528 0 0.0
.bss 95776 95776 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 84488 84488 0 0.0
.dynamic 608 608 0 0.0
.got 4544 4544 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258205 258205 0 0.0
.text 2489906 2491490 1584 0.1
all-clusters-minimal-app debug (read only) 2769193 2770761 1568 0.1
(read/write) 179888 179888 0 0.0
.bss 94944 94944 0 0.0
.data 1920 1920 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258621 258621 0 0.0
.text 2337458 2339026 1568 0.1
bridge-app debug+rpc (read only) 2247553 2250161 2608 0.1
(read/write) 158752 158752 0 0.0
.bss 82976 82976 0 0.0
.data 3760 3760 0 0.0
.data.rel.ro 66232 66232 0 0.0
.dynamic 608 608 0 0.0
.got 4400 4400 0 0.0
.init 27 27 0 0.0
.init_array 728 728 0 0.0
.rodata 191040 191072 32 0.0
.text 1896530 1899106 2576 0.1
chip-tool debug (read only) 9815973 9817845 1872 0.0
(read/write) 623496 623496 0 0.0
.bss 25440 25440 0 0.0
.data 1088 1088 0 0.0
.data.rel.ro 590696 590696 0 0.0
.dynamic 624 624 0 0.0
.got 5000 5000 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 506805 506805 0 0.0
.text 7868549 7870421 1872 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9563860 9565452 1592 0.0
(read/write) 689841 689841 0 0.0
.bss 43697 43697 0 0.0
.data 1152 1152 0 0.0
.data.rel.ro 626128 626128 0 0.0
.dynamic 528 528 0 0.0
.got 15056 15056 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 468788 468812 24 0.0
.text 7518980 7520548 1568 0.0
lighting-app debug+rpc (read only) 2504745 2506905 2160 0.1
(read/write) 163864 163864 0 0.0
.bss 84544 84544 0 0.0
.data 2000 2000 0 0.0
.data.rel.ro 71432 71432 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 816 816 0 0.0
.rodata 207304 207336 32 0.0
.text 2128770 2130898 2128 0.1
lock-app debug (read only) 2443465 2445593 2128 0.1
(read/write) 158488 158488 0 0.0
.bss 82944 82944 0 0.0
.data 1552 1552 0 0.0
.data.rel.ro 68120 68120 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 784 784 0 0.0
.rodata 221192 221192 0 0.0
.text 2059074 2061202 2128 0.1
ota-provider-app debug (read only) 2281729 2284161 2432 0.1
(read/write) 152688 152688 0 0.0
.bss 82624 82624 0 0.0
.data 1784 1784 0 0.0
.data.rel.ro 62456 62456 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 680 680 0 0.0
.rodata 197336 197368 32 0.0
.text 1923202 1925602 2400 0.1
ota-requestor-app debug (read only) 2329289 2331721 2432 0.1
(read/write) 155504 155504 0 0.0
.bss 83328 83328 0 0.0
.data 1976 1976 0 0.0
.data.rel.ro 64392 64392 0 0.0
.dynamic 608 608 0 0.0
.got 4456 4456 0 0.0
.init 27 27 0 0.0
.init_array 712 712 0 0.0
.rodata 199520 199552 32 0.0
.text 1964738 1967138 2400 0.1
shell debug (read only) 2604841 2606457 1616 0.1
(read/write) 219384 219384 0 0.0
.bss 134568 134568 0 0.0
.data 1392 1392 0 0.0
.data.rel.ro 77672 77672 0 0.0
.dynamic 608 608 0 0.0
.got 4176 4176 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 229778 229810 32 0.0
.text 2215746 2217330 1584 0.1
thermostat-no-ble arm64 (read only) 2557916 2559588 1672 0.1
(read/write) 191409 191409 0 0.0
.bss 99377 99377 0 0.0
.data 1560 1560 0 0.0
.data.rel.ro 82376 82376 0 0.0
.dynamic 528 528 0 0.0
.got 5080 5080 0 0.0
.init 24 24 0 0.0
.init_array 400 400 0 0.0
.rodata 161332 161356 24 0.0
.text 2158912 2160560 1648 0.1
tv-app debug (read only) 3050873 3053609 2736 0.1
(read/write) 289864 289864 0 0.0
.bss 200200 200200 0 0.0
.data 4688 4688 0 0.0
.data.rel.ro 78528 78528 0 0.0
.dynamic 608 608 0 0.0
.got 4848 4848 0 0.0
.init 27 27 0 0.0
.init_array 952 952 0 0.0
.rodata 242720 242720 0 0.0
.text 2622370 2625106 2736 0.1
tv-casting-app debug (read only) 5349977 5351545 1568 0.0
(read/write) 232312 232312 0 0.0
.bss 88072 88072 0 0.0
.data 2480 2480 0 0.0
.data.rel.ro 135528 135528 0 0.0
.dynamic 608 608 0 0.0
.got 4712 4712 0 0.0
.init 27 27 0 0.0
.init_array 872 872 0 0.0
.rodata 342368 342368 0 0.0
.text 4656338 4657906 1568 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2433784 2434592 808 0.0
.bss 209196 209196 0 0.0
.data 5864 5864 0 0.0
.text 1396428 1397236 808 0.1
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1198315 1198923 608 0.1
bss 141617 141617 0 0.0
rodata 156100 156100 0 0.0
text 821652 822248 596 0.1
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1143531 1144139 608 0.1
bss 140808 140808 0 0.0
rodata 131828 131828 0 0.0
text 791968 792568 600 0.1
p6 all-clusters-app default (read/write) 2551672 2552696 1024 0.0
.bss 143408 143408 0 0.0
.data 2832 2832 0 0.0
.text 1509936 1510960 1024 0.1
all-clusters-minimal-app default (read/write) 2494128 2495184 1056 0.0
.bss 142624 142624 0 0.0
.data 2776 2776 0 0.0
.text 1452392 1453448 1056 0.1
light-app default (read/write) 2425560 2426568 1008 0.0
.bss 135736 135736 0 0.0
.data 2624 2624 0 0.0
.text 1383824 1384832 1008 0.1
lock-app default (read/write) 2445968 2446976 1008 0.0
.bss 135560 135560 0 0.0
.data 2600 2600 0 0.0
.text 1404232 1405240 1008 0.1
telink light-switch-app tlsr9518adk80d (read/write) 786724 787596 872 0.1
bss 70876 70876 0 0.0
noinit 40416 40416 0 0.0
text 556634 557506 872 0.2
lighting-app tlsr9518adk80d (read/write) 806704 807576 872 0.1
bss 71128 71128 0 0.0
noinit 40416 40416 0 0.0
text 573324 574200 876 0.2

@turon turon changed the title [client] Fix #19351 - fix uint16 summation overflow. NCC-E003350-HRX [client] Fix #19351 - vFillBuffer fix uint16 summation overflow. NCC-E003350-HRX Jun 14, 2022
@turon turon changed the title [client] Fix #19351 - vFillBuffer fix uint16 summation overflow. NCC-E003350-HRX [client] Fix #19351 - vFillBuffer fix uint16 summation overflow. Jun 14, 2022
bzbarsky-apple
bzbarsky-apple approved these changes Jun 14, 2022
View reviewed changes
src/app/util/client-api.cpp
@@ -210,7 +210,8 @@ static uint16_t vFillBuffer(uint8_t * buffer, uint16_t bufferLen, uint8_t frameC
// The destination buffer must be at least as large as the running total
// plus the length of the integer value (if applicable) plus the length of
// the data (if applicable).
if (bufferLen < bytes + dataLen + valueLen)
// Fix #19351 - Cast up to larger type during summation to prevent integer overflow issues.
if (bufferLen < (uint32_t) bytes + (uint32_t) dataLen + (uint32_t) valueLen)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine, but we should make #19291 compile and merge it...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I merged and updated #19291 a bit, hoping to be able to push that instead soon. So far blocked in CI queue

@andy31415
Copy link
Contributor

client-api.cpp was removed alltogether

@andy31415 andy31415 closed this Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msandstedt msandstedt msandstedt approved these changes

@emargolis emargolis emargolis approved these changes

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@andy31415 andy31415 Awaiting requested review from andy31415

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@hawk248 hawk248 Awaiting requested review from hawk248

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@mrjerryjohns mrjerryjohns Awaiting requested review from mrjerryjohns

@mspang mspang Awaiting requested review from mspang

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tcarmelveilleux tcarmelveilleux Awaiting requested review from tcarmelveilleux

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

Assignees
No one assigned
Labels
app review - approved security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Integer Overflow Leading to Buffer Overflow in vFillBuffer()
5 participants
@turon @andy31415 @msandstedt @emargolis @bzbarsky-apple