ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve strncpy_s src/dst overlap check

Browse Source 
Let m = user estimate of the (max) src string length, low = smaller
address of (src, dst), hi = larger address (src, dst).

if (low + (m - 1) >= hi), we have a *potential* overlapping copy which
is not allowed. Before we declare overlap - and return an error -
retry the check with m = actual src string length.

The resulting "test string" failure affected aarch64 (only) because of
differences in test code stack variable placement / alignment.

Change-Id: I2931d1ce2c61af3d3880075b033d2a4c4e421f09
Signed-off-by: Dave Barach <dave@barachs.net>
This commit is contained in:
Dave Barach
2018-12-05 08:41:11 -05:00
committed by Florin Coras
parent eaec2a6d9a
commit d08ae85ee4
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/vppinfra/string.h
View File

@ -1031,10 +1031,20 @@ strncpy_s_inline (char *__restrict__ dest, rsize_t dmax,
low = (uword) (src < dest ? src : dest);
hi = (uword) (src < dest ? dest : src);
/*
* This check may fail innocently if src + dmax >= dst, but
* src + strlen(src) < dst. If it fails, check more carefully before
* blowing the whistle.
*/
if (PREDICT_FALSE (low + (m - 1) >= hi))
{
clib_c11_violation ("src/dest overlap");
return EINVAL;
m = clib_strnlen (src, m);
if (low + (m - 1) >= hi)
{
clib_c11_violation ("src/dest overlap");
return EINVAL;
}
}
clib_memcpy_fast (dest, src, m);