diff options
3 files changed, 132 insertions, 0 deletions
diff --git a/meta-optee/recipes-security/optee/optee-test/regression-4011-correct-potential-overflow.patch b/meta-optee/recipes-security/optee/optee-test/regression-4011-correct-potential-overflow.patch new file mode 100644 index 00000000..dfe33df5 --- /dev/null +++ b/meta-optee/recipes-security/optee/optee-test/regression-4011-correct-potential-overflow.patch @@ -0,0 +1,68 @@ +From ee5e039664065e7df44118c0a25967c9e16ab5fa Mon Sep 17 00:00:00 2001 +From: Etienne Carriere <etienne.carriere@linaro.org> +Date: Fri, 21 Dec 2018 15:36:25 +0100 +Subject: [PATCH 1/2] regression 4011: correct potential overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix issues reported by GCC 8.2.0. + +build/optee_test/host/xtest/regression_4000.c: In function ‘xtest_tee_test_4011’: +build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ pointer overflow between offset [0, 8] and size [4294967295, 2147483647] accessing array ‘tmp’ with type ‘uint8_t[1024]’ {aka ‘unsigned char[1024]’} [-Werror=array-bounds] + memmove(tmp + n + i, tmp + m, tmp_size - m); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +build/optee_test/host/xtest/regression_4000.c:4927:10: note: array ‘tmp’ declared here + uint8_t tmp[1024]; + ^~~ +build/optee_test/host/xtest/regression_4000.c:5029:3: error: ‘memmove’ specified size 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] + memmove(tmp + n + i, tmp + m, tmp_size - m); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors + +Reported-by: Simon Hughes <simon.hughes@arm.com> +Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> +Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> +--- + host/xtest/regression_4000.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/host/xtest/regression_4000.c b/host/xtest/regression_4000.c +index 380bdf4..08c814b 100644 +--- a/host/xtest/regression_4000.c ++++ b/host/xtest/regression_4000.c +@@ -5006,18 +5006,28 @@ static void xtest_tee_test_4011(ADBG_Case_t *c) + out, out_size, tmp, &tmp_size))) + goto out; + ++ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, tmp_size, <=, sizeof(tmp))) ++ goto out; ++ + /* 4.1 */ +- for (n = 0; n < tmp_size; n++) ++ for (n = 0; n < tmp_size - i; n++) + if (tmp[n] == 0xff) + break; ++ ++ /* Shall find at least a padding start before buffer end */ ++ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, n, <, tmp_size - i - 1)) ++ goto out; ++ + for (m = n + 1; m < tmp_size; m++) + if (tmp[m] != 0xff) + break; ++ + /* 4.2 */ + memmove(tmp + n + i, tmp + m, tmp_size - m); ++ + /* 4.3 */ +- for (n = n + tmp_size - m + i; n < tmp_size; n++) +- tmp[n] = 0; ++ n = n + i + tmp_size - m; ++ memset(tmp + n, 0, tmp_size - n); + + /* 5 */ + out_size = sizeof(out); +-- +2.17.1 + diff --git a/meta-optee/recipes-security/optee/optee-test/xtest-prevent-unexpected-build-warning-with-strncpy.patch b/meta-optee/recipes-security/optee/optee-test/xtest-prevent-unexpected-build-warning-with-strncpy.patch new file mode 100644 index 00000000..aabc0815 --- /dev/null +++ b/meta-optee/recipes-security/optee/optee-test/xtest-prevent-unexpected-build-warning-with-strncpy.patch @@ -0,0 +1,62 @@ +From 2559e0f4acbcffeafbdf990d288f647a88608b92 Mon Sep 17 00:00:00 2001 +From: Etienne Carriere <etienne.carriere@linaro.org> +Date: Fri, 21 Dec 2018 15:36:00 +0100 +Subject: [PATCH 2/2] xtest: prevent unexpected build warning with strncpy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This change modifies adbg_run.c to prevent a false positive +warning reported by GCC 8.2 on usage of strncpy(): + + build/optee_test/host/xtest/adbg/src/adbg_run.c: In function ‘Do_ADBG_AppendToSuite’: + build/optee_test/host/xtest/adbg/src/adbg_run.c:103:3: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] + strncpy(p, Source_p->SuiteID_p, size); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + build/optee_test/host/xtest/adbg/src/adbg_run.c:88:9: note: length computed here + size = strlen(Source_p->SuiteID_p); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~ + cc1: all warnings being treated as errors + +From [1]: + Using strncpy Safely + In general, it is not possible to avoid string truncation by strncpy + except by sizing the destination to be at least a byte larger than + the length of the source string. With that approach, however, using + strncpy becomes unnecessary and the function can be avoided in favor + of other APIs such as strcpy or (less preferably) memcpy. Much has + been written about the problems with strncpy and we recommend to + avoid it whenever possible. It is, however, worth keeping in mind + that unlike other standard string-handling functions, strncpy always + writes exactly as many characters as specified by the third argument; + if the source string is shorter, the function fills the remaining + bytes with NULs. + +This change prefers using a snprintf() as used in the alternate +instruction block of the strncpy() call. + +[1] https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/ + +Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> +Signed-off-by: Simon Hughes <simon.hughes@arm.com> +Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> +--- + host/xtest/adbg/src/adbg_run.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/host/xtest/adbg/src/adbg_run.c b/host/xtest/adbg/src/adbg_run.c +index 406e429..2739db5 100644 +--- a/host/xtest/adbg/src/adbg_run.c ++++ b/host/xtest/adbg/src/adbg_run.c +@@ -100,7 +100,7 @@ int Do_ADBG_AppendToSuite( + snprintf(p, size, "%s+%s", Dest_p->SuiteID_p, + Source_p->SuiteID_p); + else +- strncpy(p, Source_p->SuiteID_p, size); ++ snprintf(p, size, "%s", Source_p->SuiteID_p); + free((void *)Dest_p->SuiteID_p); + Dest_p->SuiteID_p = p; + +-- +2.17.1 + diff --git a/meta-optee/recipes-security/optee/optee-test_git.bb b/meta-optee/recipes-security/optee/optee-test_git.bb index c359192c..8f2a761f 100644 --- a/meta-optee/recipes-security/optee/optee-test_git.bb +++ b/meta-optee/recipes-security/optee/optee-test_git.bb @@ -12,6 +12,8 @@ PV = "3.3.0+git${SRCPV}" SRC_URI = "git://github.com/OP-TEE/optee_test.git \ file://fix-build-failure-with-GCC6.patch \ + file://regression-4011-correct-potential-overflow.patch \ + file://xtest-prevent-unexpected-build-warning-with-strncpy.patch \ " S = "${WORKDIR}/git" |