Skip to content

zephyr: fix overflow and overlap checks in memcpy_s #9769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kv2019i merged 1 commit into from
Jan 9, 2025
Merged

zephyr: fix overflow and overlap checks in memcpy_s #9769

kv2019i merged 1 commit into from
Jan 9, 2025

Conversation

@tmleman
Copy link
Contributor

@tmleman tmleman commented Jan 8, 2025

This patch addresses an issue in the memcpy_s function within the Zephyr RTOS string header. The issue was identified during IPC3 fuzz testing with UndefinedBehaviorSanitizer enabled.

Changes include:

  • Adding stdint.h for uintptr_t type.
  • Adding checks to prevent overflow in pointer arithmetic.
  • Adjusting overlap checks to avoid overflow.

These changes ensure that the memcpy_s function correctly handles edge cases, preventing undefined behavior due to pointer arithmetic overflow and memory overlap.

Fixes #9768

@kv2019i kv2019i added the backport-to-stable PRs that should be backported to stable branches label Jan 8, 2025
@lgirdwood
Copy link
Member

lgirdwood commented Jan 8, 2025

@tmleman can you update, rebase and force push - fix just merged for GH actions to pass. Thanks !

@tmleman tmleman force-pushed the topic/upstream/pr/memcpy_s/fix/undefined_behavior branch from 7a32b9f to bb98202 Compare January 8, 2025 20:09
@tmleman
zephyr: fix overflow and overlap checks in memcpy_s
bb98202 
This patch addresses an issue in the `memcpy_s` function within the
Zephyr RTOS string header. The issue was identified during IPC3 fuzz
testing with UndefinedBehaviorSanitizer enabled.

Changes include:
- Adding `stdint.h` for `uintptr_t` type.
- Adding checks to prevent overflow in pointer arithmetic.
- Adjusting overlap checks to avoid overflow.

These changes ensure that the `memcpy_s` function correctly handles edge
cases, preventing undefined behavior due to pointer arithmetic overflow
and memory overlap.

Fixes thesofproject#9768

Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
@kv2019i kv2019i merged commit 7d11802 into thesofproject:main Jan 9, 2025
46 of 49 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lyakh lyakh lyakh approved these changes

@lgirdwood lgirdwood lgirdwood approved these changes

@kv2019i kv2019i kv2019i approved these changes

@iuliana-prodan iuliana-prodan Awaiting requested review from iuliana-prodan iuliana-prodan is a code owner

@dbaluta dbaluta Awaiting requested review from dbaluta dbaluta is a code owner

@abonislawski abonislawski Awaiting requested review from abonislawski abonislawski is a code owner

Assignees

No one assigned

Labels

backport-to-stable PRs that should be backported to stable branches

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] IPC3: Runtime error due to unsigned offset overflow in string.h during fuzz testing

4 participants

@tmleman @lgirdwood @lyakh @kv2019i