Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zephyr: fix overflow and overlap checks in memcpy_s #9769

Merged
merged 1 commit into from
Jan 9, 2025
Merged

zephyr: fix overflow and overlap checks in memcpy_s #9769

merged 1 commit into from
Jan 9, 2025

Conversation

tmleman
Copy link
Contributor

@tmleman tmleman commented Jan 8, 2025

This patch addresses an issue in the memcpy_s function within the Zephyr RTOS string header. The issue was identified during IPC3 fuzz testing with UndefinedBehaviorSanitizer enabled.

Changes include:

  • Adding stdint.h for uintptr_t type.
  • Adding checks to prevent overflow in pointer arithmetic.
  • Adjusting overlap checks to avoid overflow.

These changes ensure that the memcpy_s function correctly handles edge cases, preventing undefined behavior due to pointer arithmetic overflow and memory overlap.

Fixes #9768

@kv2019i kv2019i added the backport-to-stable PRs that should be backported to stable branches label Jan 8, 2025
@lgirdwood
Copy link
Member

@tmleman can you update, rebase and force push - fix just merged for GH actions to pass. Thanks !

@tmleman tmleman force-pushed the topic/upstream/pr/memcpy_s/fix/undefined_behavior branch from 7a32b9f to bb98202 Compare January 8, 2025 20:09
@tmleman
zephyr: fix overflow and overlap checks in memcpy_s
bb98202 
This patch addresses an issue in the `memcpy_s` function within the
Zephyr RTOS string header. The issue was identified during IPC3 fuzz
testing with UndefinedBehaviorSanitizer enabled.

Changes include:
- Adding `stdint.h` for `uintptr_t` type.
- Adding checks to prevent overflow in pointer arithmetic.
- Adjusting overlap checks to avoid overflow.

These changes ensure that the `memcpy_s` function correctly handles edge
cases, preventing undefined behavior due to pointer arithmetic overflow
and memory overlap.

Fixes thesofproject#9768

Signed-off-by: Tomasz Leman <[email protected]>
@kv2019i kv2019i merged commit 7d11802 into thesofproject:main Jan 9, 2025
46 of 49 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kv2019i kv2019i kv2019i approved these changes

@lgirdwood lgirdwood lgirdwood approved these changes

@lyakh lyakh lyakh approved these changes

@iuliana-prodan iuliana-prodan Awaiting requested review from iuliana-prodan iuliana-prodan is a code owner

@dbaluta dbaluta Awaiting requested review from dbaluta dbaluta is a code owner

@abonislawski abonislawski Awaiting requested review from abonislawski abonislawski is a code owner

Assignees
No one assigned
Labels
backport-to-stable PRs that should be backported to stable branches
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] IPC3: Runtime error due to unsigned offset overflow in string.h during fuzz testing
4 participants
@tmleman @lgirdwood @lyakh @kv2019i