-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(freertos): Limit idle task name length copy operation and ensure null-termination of the idle task name string #1203
Conversation
fdaaa9e
to
7eedbf7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing this means you no longer need the logic within the for loop that limits how many characters are copied into the buffer. you might as well remove that logic as well. Also, since you are already using strlen why not just replace all of this code with strncpy? https://cplusplus.com/reference/cstring/strncpy/ with n set to to the max length?
7eedbf7
to
d2accc9
Compare
@jasonpcarroll I've removed the On a second note, just discovered that there is a potential problem in handling the null-termination of the I've updated the logic to use strncat instead. |
d2accc9
to
d847f2c
Compare
@jasonpcarroll Looks like I would need an additional review on SonarQube for using |
910d17a
to
b17ebab
Compare
@jasonpcarroll Could you let me know if this PR is reviewable as is or do I need to make some changes for the checks to pass. Thanks. |
We try to avoid |
4b8401c
to
89d32c9
Compare
Thanks for the inputs @aggarg! I've incorporated your suggestions but since it did not address the out-of-bound mem copy operation warnings flagged by static code analyzers, I have added a fix for it as well. PTAL. Thanks. |
…rmination This commit: - Limits the idle task name length copy operation to prevent Out-of-bounds memory access warnings from static code analyzers. - Fixes a bug where in the idle task name could be non null-terminated string for SMP configuration. Signed-off-by: Sudeep Mohanty <sudeep.mohanty@espressif.com>
89d32c9
to
47d9407
Compare
Updated corresponding unit test in FreeRTOS PR #1314. |
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
PR Link - FreeRTOS/FreeRTOS-Kernel#1203. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
This allows using pointer to string for configIDLE_TASK_NAME. Coverage tests do that. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Fix coverage tests for Kernel PR 1203 PR Link - FreeRTOS/FreeRTOS-Kernel#1203. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Quality Gate passedIssues Measures |
Thank you for helping merge the PR, @aggarg! |
This PR:
- Limits the idle task name length copy operation to prevent Out-of-bounds memory access warnings from static code analyzers.
- Fixes a bug where in the idle task name could be non null-terminated string for SMP configuration.
Description
prvCreateIdleTasks()
, we have the operation -configIDLE_TASK_NAME
as an array of 5 bytes (I, D, L, E, \0) but the loop running forconfigMAX_TASK_NAME_LEN
iterations which could be more than 5.\0
character is present in theconfigIDLE_TASK_NAME
array and hence can not predict that the loop will break before an Out-of-bounds memory access is made.configIDLE_TASK_NAME
orconfigMAX_TASK_NAME_LEN
. This ensures that the copy operation runs for exactly the required number of iterations to copy the idle task name, 5 by default.IDLE
task name ifstrlen(configIDLE_TASK_NAME) = configMAX_TASK_NAME_LEN - 1
when SMP configuration is enabled. The current code would append the core ID to the task name and in the process overwrites the null terminator. It then exists the loop as there is no more space to add a null terminator.Test Steps
tasks.c
on a tool like Coverity.Checklist:
Related Issue
None
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.