Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix overlapping memcpy in t1oi2c library #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

calvin-quilt
Copy link

phNxpEseProro7816_SaveRxframeData() makes memcpy() calls with overlapping source/destination ranges. ASAN catches it immediately:

ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0xfffffffff609,0xfffffffff612) and [0xfffffffff60c, 0xfffffffff615) overlap
#0 0xfffff789bd84 in __interceptor_memcpy /data/jenkins/workspace/GNU-toolchain/arm-12/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
#1 0x448d7c in phNxpEse_memcpy (/root/nano_package_test+0x448d7c)
#2 0x44a104 in phNxpEseProro7816_SaveRxframeData (/root/nano_package_test+0x44a104)
#3 0x44a410 in phNxpEseProto7816_DecodeFrame (/root/nano_package_test+0x44a410)
#4 0x44aea0 in phNxpEseProto7816_ProcessResponse (/root/nano_package_test+0x44aea0)
#5 0x44b1dc in TransceiveProcess (/root/nano_package_test+0x44b1dc)
#6 0x44b2a4 in phNxpEseProto7816_Transceive (/root/nano_package_test+0x44b2a4)
#7 0x44852c in phNxpEse_Transceive (/root/nano_package_test+0x44852c)
#8 0x4477f4 in smComT1oI2C_TransceiveRaw (/root/nano_package_test+0x4477f4)
#9 0x4412a4 in Se05x_API_SessionOpen (/root/nano_package_test+0x4412a4)

Because memcpy() corrupts data when the source/destination improperly overlap, fix by replacing the offending memcpy() with memmove().

phNxpEseProro7816_SaveRxframeData() makes memcpy() calls with
overlapping source/destination ranges. ASAN catches it immediately:

    ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0xfffffffff609,0xfffffffff612) and [0xfffffffff60c, 0xfffffffff615) overlap
    #0 0xfffff789bd84 in __interceptor_memcpy /data/jenkins/workspace/GNU-toolchain/arm-12/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
    NXPPlugNTrust#1 0x448d7c in phNxpEse_memcpy (/root/nano_package_test+0x448d7c)
    NXPPlugNTrust#2 0x44a104 in phNxpEseProro7816_SaveRxframeData (/root/nano_package_test+0x44a104)
    NXPPlugNTrust#3 0x44a410 in phNxpEseProto7816_DecodeFrame (/root/nano_package_test+0x44a410)
    NXPPlugNTrust#4 0x44aea0 in phNxpEseProto7816_ProcessResponse (/root/nano_package_test+0x44aea0)
    NXPPlugNTrust#5 0x44b1dc in TransceiveProcess (/root/nano_package_test+0x44b1dc)
    NXPPlugNTrust#6 0x44b2a4 in phNxpEseProto7816_Transceive (/root/nano_package_test+0x44b2a4)
    NXPPlugNTrust#7 0x44852c in phNxpEse_Transceive (/root/nano_package_test+0x44852c)
    #8 0x4477f4 in smComT1oI2C_TransceiveRaw (/root/nano_package_test+0x4477f4)
    #9 0x4412a4 in Se05x_API_SessionOpen (/root/nano_package_test+0x4412a4)

Because memcpy() corrupts data when the source/destination improperly
overlap, fix by replacing the offending memcpy() with memmove().
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant