lib: c_lib: add a check logic to verify overflow in fwrite

Add a simple logic to validate parameters of fwrite(). If the result of size times nitems greater than the string length, return zero. Fixes zephyrproject-rtos#33491. Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
enjiamai · Apr 23, 2021 · 5111a77 · 5111a77
1 parent be226ca
commit 5111a77
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/lib/libc/minimal/source/stdout/stdout_console.c b/lib/libc/minimal/source/stdout/stdout_console.c
@@ -65,6 +65,10 @@ size_t z_impl_zephyr_fwrite(const void *_MLIBC_RESTRICT ptr, size_t size,
 		return 0;
 	}
 
+	if ((strlen(ptr) + 1) < (size * nitems)) {
+		return 0;
+	}
+
 	p = ptr;
 	i = nitems;
 	do {

diff --git a/tests/lib/sprintf/src/main.c b/tests/lib/sprintf/src/main.c
@@ -914,7 +914,7 @@ void test_fwrite(void)
 	zassert_equal(ret, 0, "fwrite failed!");
 
 	ret = fwrite("This 3", 4, 4, stdout);
-	zassert_not_equal(ret, 0, "fwrite failed!");
+	zassert_equal(ret, 0, "fwrite failed!");
 
 	ret = fwrite("This 3", 4, 4, stdin);
 	zassert_equal(ret, 0, "fwrite failed!");