From e584855b2289fd8155b837f00f67343cc9cd8f66 Mon Sep 17 00:00:00 2001 From: Martin Willers Date: Tue, 17 Nov 2020 01:27:36 +0100 Subject: Avoid memory access errors with 4-chars context ids (#250) For a 4-chars CTXID, i.e. one that does not include a null character, the strlen() calls were happily accessing memory until they eventually encountered a null character somewhere in memory. This was detected by valgrind, which reported a memory error when using a CTXID such as "INTM": ==21924== Conditional jump or move depends on uninitialised value(s) ==21924== at 0x4C30F78: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21924== by 0x4E4B5A0: dlt_print_id (dlt_common.c:303) ==21924== by 0x4E4CF47: dlt_message_header_flags (dlt_common.c:687) ==21924== by 0x4E51434: dlt_message_print_ascii (dlt_common.c:3169) ==21924== by 0x4E4247A: dlt_user_print_msg (dlt_user.c:4108) ==21924== by 0x4E46D92: dlt_user_log_send_log (dlt_user.c:3670) ==21924== by 0x4E46F14: dlt_user_log_write_finish (dlt_user.c:1611) Sanitize some code Using memset() and memcpy() is always preferable to hand-rolled loops, because compilers have built-in support for them. Signed-off-by: Martin Willers --- include/dlt/dlt_common.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'include') diff --git a/include/dlt/dlt_common.h b/include/dlt/dlt_common.h index 166395e..9bbd544 100644 --- a/include/dlt/dlt_common.h +++ b/include/dlt/dlt_common.h @@ -87,6 +87,12 @@ # include # endif +# if defined(__GNUC__) +# define PURE_FUNCTION __attribute__((pure)) +# else +# define PURE_FUNCTION /* nothing */ +# endif + # if !defined (__WIN32__) && !defined(_MSC_VER) # include # endif @@ -860,6 +866,17 @@ DltReturnValue dlt_print_mixed_string(char *text, int textlength, uint8_t *ptr, */ DltReturnValue dlt_print_char_string(char **text, int textlength, uint8_t *ptr, int size); +/** + * Helper function to determine a bounded length of a string. + * This function returns zero if @a str is a null pointer, + * and it returns @a maxsize if the null character was not found in the first @a maxsize bytes of @a str. + * This is a re-implementation of C11's strnlen_s, which we cannot yet assume to be available. + * @param text pointer to string whose length is to be determined + * @param maxsize maximal considered length of @a str + * @return the bounded length of the string + */ +PURE_FUNCTION size_t dlt_strnlen_s(const char* str, size_t maxsize); + /** * Helper function to print an id. * @param text pointer to ASCII string where to write the id -- cgit v1.2.1