From 9a2312d3512a27620d41b9a325338b6e7b3d42de Mon Sep 17 00:00:00 2001
From: Alexander Mohr <alexander.m.mohr@mercedes-benz.com>
Date: Mon, 17 Apr 2023 15:02:23 +0200
Subject: dlt-user: fix crash with certain strings (#463)

make sure that a string with exactly UINT16_MAX bytes does not
overflow the dlt buffer

Signed-off-by: Alexander Mohr <alexander.m.mohr@mercedes-benz.com>
---
 src/lib/dlt_user.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'src')

diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c
index f11d522..52a30e1 100644
--- a/src/lib/dlt_user.c
+++ b/src/lib/dlt_user.c
@@ -221,7 +221,7 @@ static void dlt_user_trace_network_segmented_thread_segmenter(s_segmented_data *
 #endif
 
 static DltReturnValue dlt_user_log_write_string_utils_attr(DltContextData *log, const char *text, const enum StringType type, const char *name, bool with_var_info);
-static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData *log, const char *text, uint16_t length, const enum StringType type, const char *name, bool with_var_info);
+static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData *log, const char *text, size_t length, const enum StringType type, const char *name, bool with_var_info);
 
 
 static DltReturnValue dlt_unregister_app_util(bool force_sending_messages);
@@ -2606,7 +2606,7 @@ DltReturnValue dlt_user_log_write_sized_constant_utf8_string_attr(DltContextData
     return is_verbose_mode(dlt_user.verbose_mode, log) ? dlt_user_log_write_sized_utf8_string_attr(log, text, length, name) : DLT_RETURN_OK;
 }
 
-static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData *log, const char *text, uint16_t length, const enum StringType type, const char *name, bool with_var_info)
+static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData *log, const char *text, size_t length, const enum StringType type, const char *name, bool with_var_info)
 {
     if ((log == NULL) || (text == NULL))
         return DLT_RETURN_WRONG_PARAMETER;
@@ -2618,7 +2618,7 @@ static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData
 
     const uint16_t name_size = (name != NULL) ? strlen(name)+1 : 0;
 
-    uint16_t arg_size = (uint16_t) (length + 1);
+    size_t arg_size = (size_t) (length + 1);
 
     size_t new_log_size = log->size + arg_size + sizeof(uint16_t);
 
@@ -2643,13 +2643,13 @@ static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData
         ret = DLT_RETURN_USER_BUFFER_FULL;
 
         /* Re-calculate arg_size */
-        arg_size = (uint16_t) (dlt_user.log_buf_len - log->size - sizeof(uint16_t));
+        arg_size = (size_t) (dlt_user.log_buf_len - log->size - sizeof(uint16_t));
 
         size_t min_payload_str_truncate_msg = log->size + str_truncate_message_length + sizeof(uint16_t);
 
         if (is_verbose_mode(dlt_user.verbose_mode, log)) {
             min_payload_str_truncate_msg += sizeof(uint32_t);
-            arg_size -= (uint16_t) sizeof(uint32_t);
+            arg_size -= (size_t) sizeof(uint32_t);
             if (with_var_info) {
                 min_payload_str_truncate_msg += sizeof(uint16_t) + name_size;
                 arg_size -= sizeof(uint16_t) + name_size;
@@ -2687,7 +2687,7 @@ static DltReturnValue dlt_user_log_write_sized_string_utils_attr(DltContextData
             }
 
             max_payload_str_msg -= reduce_size;
-            arg_size -= (uint16_t) reduce_size;
+            arg_size -= (size_t) reduce_size;
         }
     }
 
@@ -2766,7 +2766,7 @@ static DltReturnValue dlt_user_log_write_string_utils_attr(DltContextData *log,
     if ((log == NULL) || (text == NULL))
         return DLT_RETURN_WRONG_PARAMETER;
 
-    uint16_t length = (uint16_t) strlen(text);
+    size_t length = strlen(text);
     return dlt_user_log_write_sized_string_utils_attr(log, text, length, type, name, with_var_info);
 }
 
@@ -3276,7 +3276,7 @@ DltReturnValue dlt_user_trace_network_segmented(DltContext *handle,
         return DLT_RETURN_ERROR;
 
     /* Send as normal trace if possible */
-    if (header_len + payload_len + (uint16_t) sizeof(uint16_t) < dlt_user.log_buf_len)
+    if (header_len + payload_len + sizeof(uint16_t) < dlt_user.log_buf_len)
         return dlt_user_trace_network(handle, nw_trace_type, header_len, header, payload_len, payload);
 
     /* Allocate Memory */
@@ -3406,7 +3406,7 @@ DltReturnValue dlt_user_trace_network_truncated(DltContext *handle,
             header_len = 0;
 
         /* If truncation is allowed, check if we must do it */
-        if ((allow_truncate > 0) && ((header_len + payload_len + (uint16_t) sizeof(uint16_t)) > dlt_user.log_buf_len)) {
+        if ((allow_truncate > 0) && ((header_len + payload_len + sizeof(uint16_t)) > dlt_user.log_buf_len)) {
             /* Identify as truncated */
             if (dlt_user_log_write_string(&log, DLT_TRACE_NW_TRUNCATED) < DLT_RETURN_OK) {
                 dlt_user_free_buffer(&(log.buffer));
-- 
cgit v1.2.1