[BlueZ,4/8] shared/tester: Add early failure check

Message ID	20240805140840.1606239-5-hadess@hadess.net (mailing list archive)
State	New, archived
Headers	show Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54C6180BFF for <linux-bluetooth@vger.kernel.org>; Mon, 5 Aug 2024 14:08:43 +0000 (UTC) From: Bastien Nocera <hadess@hadess.net> To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera <hadess@hadess.net> Subject: [BlueZ 4/8] shared/tester: Add early failure check Date: Mon, 5 Aug 2024 16:06:42 +0200 Message-ID: <20240805140840.1606239-5-hadess@hadess.net> In-Reply-To: <20240805140840.1606239-1-hadess@hadess.net> References: <20240805140840.1606239-1-hadess@hadess.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fix a number of static analysis issues #6 \| expand [BlueZ,0/8] Fix a number of static analysis issues #6 [BlueZ,1/8] sdp: Ensure size doesn't overflow [BlueZ,2/8] tools/isotest: Ensure ret doesn't overflow [BlueZ,3/8] health: mcap: Ensure sent doesn't overflow [BlueZ,4/8] shared/tester: Add early failure check [BlueZ,5/8] mesh: Fix possible integer overflow [BlueZ,6/8] shared/gatt-db: Fix possible buffer overrun [BlueZ,7/8] shared/btsnoop: Avoid underflowing toread variable [BlueZ,8/8] monitor: Check for possible integer underflow

Message ID

20240805140840.1606239-5-hadess@hadess.net (mailing list archive)

State

New, archived

Headers

From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ 4/8] shared/tester: Add early failure check
Date: Mon,  5 Aug 2024 16:06:42 +0200
Message-ID: <20240805140840.1606239-5-hadess@hadess.net>
In-Reply-To: <20240805140840.1606239-1-hadess@hadess.net>
References: <20240805140840.1606239-1-hadess@hadess.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fix a number of static analysis issues #6 | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	fail	WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 7: B1 Line exceeds max length (107>80): "bluez-5.77/src/shared/tester.c:946:2: return_constant: Function call "io_send(io, iov, 1)" may return -107." 8: B1 Line exceeds max length (123>80): "bluez-5.77/src/shared/tester.c:946:2: assignment: Assigning: "len" = "io_send(io, iov, 1)". The value of "len" is now -107." 9: B1 Line exceeds max length (258>80): "bluez-5.77/src/shared/tester.c:948:2: overrun-buffer-arg: Calling "tester_monitor" with "iov->iov_base" and "len" is suspicious because of the very large index, 18446744073709551509. The index may be due to a negative parameter being interpreted as unsigned." 10: B3 Line contains hard tab characters (\t): "946\| len = io_send(io, iov, 1);" 12: B3 Line contains hard tab characters (\t): "948\|-> tester_monitor('<', 0x0004, 0x0000, iov->iov_base, len);" 14: B3 Line contains hard tab characters (\t): "950\| g_assert_cmpint(len, ==, iov->iov_len);"
tedd_an/IncrementalBuild	success	Incremental Build PASS

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

fail

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 7: B1 Line exceeds max length (107>80): "bluez-5.77/src/shared/tester.c:946:2: return_constant: Function call "io_send(io, iov, 1)" may return -107." 8: B1 Line exceeds max length (123>80): "bluez-5.77/src/shared/tester.c:946:2: assignment: Assigning: "len" = "io_send(io, iov, 1)". The value of "len" is now -107." 9: B1 Line exceeds max length (258>80): "bluez-5.77/src/shared/tester.c:948:2: overrun-buffer-arg: Calling "tester_monitor" with "iov->iov_base" and "len" is suspicious because of the very large index, 18446744073709551509. The index may be due to a negative parameter being interpreted as unsigned." 10: B3 Line contains hard tab characters (\t): "946| len = io_send(io, iov, 1);" 12: B3 Line contains hard tab characters (\t): "948|-> tester_monitor('<', 0x0004, 0x0000, iov->iov_base, len);" 14: B3 Line contains hard tab characters (\t): "950| g_assert_cmpint(len, ==, iov->iov_len);"

tedd_an/IncrementalBuild

success

Incremental Build PASS

Commit Message

Bastien Nocera Aug. 5, 2024, 2:06 p.m. UTC

Add a similar assertion to the other tests to avoid passing negative len
to tester_monitor() which might result in crashes.

Error: OVERRUN (CWE-119): [#def13] [important]
bluez-5.77/src/shared/tester.c:946:2: return_constant: Function call "io_send(io, iov, 1)" may return -107.
bluez-5.77/src/shared/tester.c:946:2: assignment: Assigning: "len" = "io_send(io, iov, 1)". The value of "len" is now -107.
bluez-5.77/src/shared/tester.c:948:2: overrun-buffer-arg: Calling "tester_monitor" with "iov->iov_base" and "len" is suspicious because of the very large index, 18446744073709551509. The index may be due to a negative parameter being interpreted as unsigned.
946|	len = io_send(io, iov, 1);
947|
948|->	tester_monitor('<', 0x0004, 0x0000, iov->iov_base, len);
949|
950|	g_assert_cmpint(len, ==, iov->iov_len);
---
 src/shared/tester.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/shared/tester.c b/src/shared/tester.c
index 56c8cba6f578..3053025d7945 100644
--- a/src/shared/tester.c
+++ b/src/shared/tester.c
@@ -945,6 +945,8 @@  static bool test_io_send(struct io *io, void *user_data)
 
 	len = io_send(io, iov, 1);
 
+	g_assert(len > 0);
+
 	tester_monitor('<', 0x0004, 0x0000, iov->iov_base, len);
 
 	g_assert_cmpint(len, ==, iov->iov_len);