Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0

From:	Mason
Subject:	Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0
Date:	Wed, 23 May 2012 12:02:40 +0200
User-agent:	Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120429 Firefox/12.0 SeaMonkey/2.9.1

[ Switching to lwip-devel ]

bayard wrote:

> ABR : Buffer overflow, array index of 'hwaddr' may be out of bounds.
> Array 'hwaddr' of size 6 may use index value(s) 6..15 :
> lwip/src/core/dhcp.c : 1683 : Critical : Analyze

I assume line 1698 in the 1.4.x branch.

  for (i = 0; i < DHCP_CHADDR_LEN; i++) {
    /* copy netif hardware address, pad with zeroes */
    dhcp->msg_out->chaddr[i] = (i < netif->hwaddr_len) ? netif->hwaddr[i] : 0/* 
pad byte*/;
  }

DHCP_CHADDR_LEN      = 16U
NETIF_MAX_HWADDR_LEN =  6U

struct netif {
  ...
  /** number of bytes used in hwaddr */
  u8_t hwaddr_len;
  /** link level hardware address of this interface */
  u8_t hwaddr[NETIF_MAX_HWADDR_LEN];

It is the responsibility of the driver to ensure
ASSERT(hwaddr_len <= NETIF_MAX_HWADDR_LEN);

and, in fact, netif/etharp.c ASSERTS hwaddr_len == ETHARP_HWADDR_LEN.

The problem with static analysis tools is that they produce
too many false positives.

-- 
Regards.

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/18
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/18
  - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/18
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/20
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/22
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason <=
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/23
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Sylvain Rochet, 2012/05/23
    - Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/24
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/25
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/29
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/29
    - [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/30

Prev by Date: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0
Next by Date: Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0
Previous by thread: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0
Next by thread: Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0
Index(es):
- Date
- Thread