You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2022/09/01 03:51:56 UTC

[incubator-nuttx] branch master updated: up_nputs: fix AddressSanitizer: global-buffer-overflow problem

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new b15d38246c up_nputs: fix AddressSanitizer: global-buffer-overflow problem
b15d38246c is described below

commit b15d38246c71367990f8f23e9bfc7865b31a810d
Author: wangbowen6 <wa...@xiaomi.com>
AuthorDate: Wed Aug 31 20:53:29 2022 +0800

    up_nputs: fix AddressSanitizer: global-buffer-overflow problem
    
    ==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
    READ of size 1 at 0x64d9e3c0 thread T0
        #0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
        #1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
        #2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
        #3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
        #4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
        #5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
        #6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
        #7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
        #8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
        #9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
        #10 0x598a601a in vsyslog syslog/lib_syslog.c:68
        #11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
        #12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
        #13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
        #14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
        #15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
        #16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
        #17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
        #18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
        #19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
    
    Signed-off-by: wangbowen6 <wa...@xiaomi.com>
---
 arch/arm/src/common/arm_nputs.c       | 2 +-
 arch/arm64/src/common/arm64_nputs.c   | 2 +-
 arch/avr/src/common/up_nputs.c        | 2 +-
 arch/ceva/src/common/up_nputs.c       | 2 +-
 arch/hc/src/common/up_nputs.c         | 2 +-
 arch/mips/src/common/mips_nputs.c     | 2 +-
 arch/or1k/src/common/up_nputs.c       | 2 +-
 arch/renesas/src/common/up_nputs.c    | 2 +-
 arch/risc-v/src/common/riscv_nputs.c  | 2 +-
 arch/sim/src/sim/up_nputs.c           | 2 +-
 arch/sparc/src/common/up_nputs.c      | 2 +-
 arch/x86/src/common/up_nputs.c        | 2 +-
 arch/x86_64/src/common/up_nputs.c     | 2 +-
 arch/xtensa/src/common/xtensa_nputs.c | 2 +-
 arch/z16/src/common/z16_nputs.c       | 2 +-
 arch/z80/src/common/z80_nputs.c       | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/arch/arm/src/common/arm_nputs.c b/arch/arm/src/common/arm_nputs.c
index 316ef260d3..1246e326c0 100644
--- a/arch/arm/src/common/arm_nputs.c
+++ b/arch/arm/src/common/arm_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/arm64/src/common/arm64_nputs.c b/arch/arm64/src/common/arm64_nputs.c
index 41277451bf..39587cafa1 100644
--- a/arch/arm64/src/common/arm64_nputs.c
+++ b/arch/arm64/src/common/arm64_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/avr/src/common/up_nputs.c b/arch/avr/src/common/up_nputs.c
index 2c1e0c7667..afc0049df6 100644
--- a/arch/avr/src/common/up_nputs.c
+++ b/arch/avr/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/ceva/src/common/up_nputs.c b/arch/ceva/src/common/up_nputs.c
index e2e18a5d78..a63994c24b 100644
--- a/arch/ceva/src/common/up_nputs.c
+++ b/arch/ceva/src/common/up_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/hc/src/common/up_nputs.c b/arch/hc/src/common/up_nputs.c
index 564b3d2ff2..0c979cd256 100644
--- a/arch/hc/src/common/up_nputs.c
+++ b/arch/hc/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/mips/src/common/mips_nputs.c b/arch/mips/src/common/mips_nputs.c
index c690ff7c67..569c6172b1 100644
--- a/arch/mips/src/common/mips_nputs.c
+++ b/arch/mips/src/common/mips_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/or1k/src/common/up_nputs.c b/arch/or1k/src/common/up_nputs.c
index 06287d703d..273b757df4 100644
--- a/arch/or1k/src/common/up_nputs.c
+++ b/arch/or1k/src/common/up_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/renesas/src/common/up_nputs.c b/arch/renesas/src/common/up_nputs.c
index 45c84a386f..61252cd881 100644
--- a/arch/renesas/src/common/up_nputs.c
+++ b/arch/renesas/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/risc-v/src/common/riscv_nputs.c b/arch/risc-v/src/common/riscv_nputs.c
index b87a2d5d36..04944752c1 100644
--- a/arch/risc-v/src/common/riscv_nputs.c
+++ b/arch/risc-v/src/common/riscv_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/sim/src/sim/up_nputs.c b/arch/sim/src/sim/up_nputs.c
index 72e444996b..9e92abf85b 100644
--- a/arch/sim/src/sim/up_nputs.c
+++ b/arch/sim/src/sim/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/sparc/src/common/up_nputs.c b/arch/sparc/src/common/up_nputs.c
index 106464b072..58971be1ac 100644
--- a/arch/sparc/src/common/up_nputs.c
+++ b/arch/sparc/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/x86/src/common/up_nputs.c b/arch/x86/src/common/up_nputs.c
index 6902cfba04..d36f640462 100644
--- a/arch/x86/src/common/up_nputs.c
+++ b/arch/x86/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/x86_64/src/common/up_nputs.c b/arch/x86_64/src/common/up_nputs.c
index 6c0935f7ff..5876d43777 100644
--- a/arch/x86_64/src/common/up_nputs.c
+++ b/arch/x86_64/src/common/up_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/xtensa/src/common/xtensa_nputs.c b/arch/xtensa/src/common/xtensa_nputs.c
index 46764e3b40..958ef81f7f 100644
--- a/arch/xtensa/src/common/xtensa_nputs.c
+++ b/arch/xtensa/src/common/xtensa_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/z16/src/common/z16_nputs.c b/arch/z16/src/common/z16_nputs.c
index 2915a60f80..91f95b57b1 100644
--- a/arch/z16/src/common/z16_nputs.c
+++ b/arch/z16/src/common/z16_nputs.c
@@ -39,7 +39,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }
diff --git a/arch/z80/src/common/z80_nputs.c b/arch/z80/src/common/z80_nputs.c
index 839b8318a2..41dee5dbd5 100644
--- a/arch/z80/src/common/z80_nputs.c
+++ b/arch/z80/src/common/z80_nputs.c
@@ -51,7 +51,7 @@
 
 void up_nputs(const char *str, size_t len)
 {
-  while (*str && len-- > 0)
+  while (len-- > 0 && *str)
     {
       up_putc(*str++);
     }