From patchwork Tue Nov  7 15:08:53 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Colin Ian King <colin.king@canonical.com>
X-Patchwork-Id: 835306
Return-Path: <fwts-devel-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=fwts-devel-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3yWXrW1MG7z9s7C;
	Wed,  8 Nov 2017 02:08:59 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <fwts-devel-bounces@lists.ubuntu.com>)
	id 1eC5Um-0003OB-SL; Tue, 07 Nov 2017 15:08:56 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <colin.king@canonical.com>)
	id 1eC5Uk-0003Nz-He
	for fwts-devel@lists.ubuntu.com; Tue, 07 Nov 2017 15:08:54 +0000
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.76) (envelope-from <colin.king@canonical.com>)
	id 1eC5Uk-0006sx-42; Tue, 07 Nov 2017 15:08:54 +0000
From: Colin King <colin.king@canonical.com>
To: fwts-devel@lists.ubuntu.com
Subject: [PATCH] lib: fwts_safe_mem: fix buffer end calculation
Date: Tue,  7 Nov 2017 15:08:53 +0000
Message-Id: <20171107150853.31901-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.14.1
MIME-Version: 1.0
X-BeenThere: fwts-devel@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Firmware Test Suite Development <fwts-devel.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/fwts-devel>,
	<mailto:fwts-devel-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/fwts-devel>
List-Post: <mailto:fwts-devel@lists.ubuntu.com>
List-Help: <mailto:fwts-devel-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/fwts-devel>,
	<mailto:fwts-devel-request@lists.ubuntu.com?subject=subscribe>
Errors-To: fwts-devel-bounces@lists.ubuntu.com
Sender: "fwts-devel" <fwts-devel-bounces@lists.ubuntu.com>

From: Colin Ian King <colin.king@canonical.com>

The calculation of the end of the buffer needs to take into account
the size of the elements in the buffer; divide by the element size
to get the correct size.

Detected by CoverityScan, CID#1382558 ("Incorrect expression") and
CID#1382559 ("Memory Corruptions")

Fixes: ee769ccf294c ("hpet: fix the false alarm of hpet configuration test")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Alex Hung <alex.hung@canonical.com>
Acked-by: Anthony Wong <anthony.wong@canonical.com>
---
 src/lib/src/fwts_safe_mem.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lib/src/fwts_safe_mem.c b/src/lib/src/fwts_safe_mem.c
index c6b09f9d..08ef8846 100644
--- a/src/lib/src/fwts_safe_mem.c
+++ b/src/lib/src/fwts_safe_mem.c
@@ -93,12 +93,20 @@ int OPTIMIZE0 fwts_safe_memread(const void *src, const size_t n)
 	return FWTS_OK;
 }
 
+/*
+ *  fwts_safe_memread()
+ *	check we can safely read a region of memory. This catches
+ *	SIGSEGV/SIGBUS errors and returns FWTS_ERROR if it is not
+ *	readable or FWTS_OK if it's OK.
+ *
+ *	n = number of of 32 bit words to check
+ */
 int OPTIMIZE0 fwts_safe_memread32(const void *src, const size_t n)
 {
 	static uint32_t buffer[256];
 	const uint32_t *ptr, *end = src + n;
 	uint32_t *bufptr;
-	const uint32_t *bufend = buffer + sizeof(buffer);
+	const uint32_t *bufend = buffer + (sizeof(buffer) / sizeof(*buffer));
 
 	if (sigsetjmp(jmpbuf, 1) != 0)
 		return FWTS_ERROR;