diff options
| author | Boris Mittelberg <bmbm@google.com> | 2022-11-16 16:17:57 -0800 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-11-28 21:39:25 +0000 |
| commit | 95e35a602341ea363c194144b7090062589091fb (patch) | |
| tree | 8dc82638c80f9eba08dcc77c1e396278a6470dd2 | |
| parent | cbacb3e5d0df3df0345b1a4a3462d997310340db (diff) | |
| download | chrome-ec-95e35a602341ea363c194144b7090062589091fb.tar.gz | |
motion_sense: avoid possible invalid memory access
Returning SENSOR_CONFIG_MAX will cause out of bound read.
Return one of the legal values.
BUG=b:64477774
BRANCH=none
TEST=make -j buildall
Signed-off-by: Boris Mittelberg <bmbm@google.com>
Change-Id: I1d2b407cb42da8b6fa78fb61be39d05ea1d64401
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4032916
Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Reviewed-by: Ricardo Quesada <ricardoq@chromium.org>
Reviewed-by: caveh jalali <caveh@chromium.org>
| -rw-r--r-- | common/motion_sense.c | 5 | ||||
| -rw-r--r-- | include/motion_sense.h | 4 | ||||
| -rw-r--r-- | zephyr/test/drivers/default/src/motion_sense/motion_sense.c | 16 |
3 files changed, 23 insertions, 2 deletions
diff --git a/common/motion_sense.c b/common/motion_sense.c index ff9f186ee3..a309d29f8c 100644 --- a/common/motion_sense.c +++ b/common/motion_sense.c @@ -118,7 +118,8 @@ motion_sensor_time_to_read(const timestamp_t *ts, sensor->next_collection - motion_min_interval); } -static enum sensor_config motion_sense_get_ec_config(void) +STATIC_IF_NOT(CONFIG_ZTEST) +enum sensor_config motion_sense_get_ec_config(void) { switch (sensor_active) { case SENSOR_ACTIVE_S0: @@ -130,7 +131,7 @@ static enum sensor_config motion_sense_get_ec_config(void) default: CPRINTS("get_ec_config: Invalid active state: %x", sensor_active); - return SENSOR_CONFIG_MAX; + return SENSOR_CONFIG_EC_S5; } } /* motion_sense_set_data_rate diff --git a/include/motion_sense.h b/include/motion_sense.h index 750208d5cf..ac074055aa 100644 --- a/include/motion_sense.h +++ b/include/motion_sense.h @@ -360,4 +360,8 @@ ec_motion_sensor_fill_values(struct ec_response_motion_sensor_data *dst, dst->data[2] = v[2]; } +#ifdef CONFIG_ZTEST +enum sensor_config motion_sense_get_ec_config(void); +#endif + #endif /* __CROS_EC_MOTION_SENSE_H */ diff --git a/zephyr/test/drivers/default/src/motion_sense/motion_sense.c b/zephyr/test/drivers/default/src/motion_sense/motion_sense.c index c3f03e4ade..8291e0e1c6 100644 --- a/zephyr/test/drivers/default/src/motion_sense/motion_sense.c +++ b/zephyr/test/drivers/default/src/motion_sense/motion_sense.c @@ -8,6 +8,8 @@ #include <zephyr/ztest.h> +extern enum chipset_state_mask sensor_active; + ZTEST_SUITE(motion_sense, drivers_predicate_post_main, NULL, NULL, NULL, NULL); ZTEST_USER(motion_sense, ec_motion_sensor_fill_values) @@ -33,3 +35,17 @@ ZTEST_USER(motion_sense, ec_motion_sensor_clamp_i16) zassert_equal(ec_motion_sensor_clamp_i16(INT16_MIN - 1), INT16_MIN, NULL); } + +ZTEST_USER(motion_sense, ec_motion_sense_get_ec_config) +{ + /* illegal state, should be translated to S5 */ + sensor_active = 42; + zassert_equal(motion_sense_get_ec_config(), SENSOR_CONFIG_EC_S5); + /* all valid states */ + sensor_active = SENSOR_ACTIVE_S0; + zassert_equal(motion_sense_get_ec_config(), SENSOR_CONFIG_EC_S0); + sensor_active = SENSOR_ACTIVE_S3; + zassert_equal(motion_sense_get_ec_config(), SENSOR_CONFIG_EC_S3); + sensor_active = SENSOR_ACTIVE_S5; + zassert_equal(motion_sense_get_ec_config(), SENSOR_CONFIG_EC_S5); +} |