diff options
author | Fred Wright <fw@fwright.net> | 2016-01-04 13:58:48 -0500 |
---|---|---|
committer | Eric S. Raymond <esr@thyrsus.com> | 2016-01-04 13:58:48 -0500 |
commit | 227605a14b89e2cb9d85e148db7f99fe825f3fe2 (patch) | |
tree | 1cfbf9304e32c360216542bd73877d5344bed4de /test_json.c | |
parent | b6807735feafa583329b2ce4bc0d48287a64b9e8 (diff) | |
download | gpsd-227605a14b89e2cb9d85e148db7f99fe825f3fe2.tar.gz |
Address Savannah bug #46804: JSON satellite view parsing is somewhat broken.
Fred Wright <fhgwright> writes:
While trying the regression tests on a MacBook (PowerPC), I ran across
some failures in the JSON unit test. Although this is ostensibly an
endian issue, it turns out that the code for parsing satellite view
data is actually incorrect for all processors, albeit more so for
big-endian processors.
The problem is that the three "integer" fields in struct satellite_t
are defined as shorts, but parsed as ints by the JSON parser. On a
big-endian processor, this causes the values to be misaddressed and
hence have incorrect values, but even on a little-endian processor
this is incorrect since it's storing four-byte values into two-byte
fields. The unit tests don't catch this aspect, since the fields are
favorably ordered such that the clobbered fields are clobbered before
being written pseudo-correctly.
I was able to demonstrate the "buffer overflow" misbehavior by
modifying the test data for the last satellite to provide the fields
in the reverse order from their order in the structure.
The simple fix for this would be just to change the shorts to ints in
the definition of struct satellite_t. On most processors, this doesn't
even cost any memory, since the presence of the double forces
eight-bye alignment, so the padded structure is 24 bytes regardless of
whether the three fields in question are shorts or ints. However,
there might be some processors with less strict alignment requirements
where using shorts would actually be helpful.
With the existing layout, the only possible fix is to add support for
shorts to the JSON parser, and adjust the satellite-view parsing
accordingly. The attached patch does that, as well as adding u_short
support for completeness (though it's not currently used). It also
provides the aforementioned change in the test data, in keeping with
the philosophy of "create a test for what just failed, so it doesn't
happen again".
Note that using shorts for these fields would be more effective if the
"used" field were also reduced to a short, instead of inheriting "int"
from "bool". That would shrink the structure to 16 bytes. It could be
further reduced to 12 bytes by using a float instead of a double for
the "ss" field (and even a float is gross overkill for this
purpose). This could all be more significant when MAXCHANNELS needs to
be increased (again) to accommodate the deployment of the newer
GNSSes.
Diffstat (limited to 'test_json.c')
-rw-r--r-- | test_json.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/test_json.c b/test_json.c index 03d039fd..aff1aa08 100644 --- a/test_json.c +++ b/test_json.c @@ -90,7 +90,12 @@ static const char json_str1[] = "{\"class\":\"TPV\",\ \"time\":\"2005-06-19T08:12:41.89Z\",\"lon\":46.498203637,\"lat\":7.568074350,\ \"alt\":1327.780,\"epx\":21.000,\"epy\":23.000,\"epv\":124.484,\"mode\":3}"; -/* Case 2: SKY report */ +/* + * Case 2: SKY report + * + * The fields of the last satellite entry are arranged in the reverse order + * of the structure fields, in order to test for field overflow. + */ static const char *json_str2 = "{\"class\":\"SKY\",\ \"time\":\"2005-06-19T12:12:42.03Z\", \ @@ -101,7 +106,7 @@ static const char *json_str2 = "{\"class\":\"SKY\",\ {\"PRN\":26,\"el\":51,\"az\":304,\"ss\":43,\"used\":true},\ {\"PRN\":8,\"el\":44,\"az\":58,\"ss\":41,\"used\":true},\ {\"PRN\":27,\"el\":16,\"az\":66,\"ss\":39,\"used\":true},\ - {\"PRN\":21,\"el\":10,\"az\":301,\"ss\":0,\"used\":false}]}"; + {\"az\":301,\"el\":10,\"PRN\":21,\"used\":false,\"ss\":0}]}"; /* Case 3: String list syntax */ |