EPICS_driver_modules/StreamDevice
0
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #44 from SLACer-garth/buffer-overflow-fix

Browse Source 
Buffer overflow fix
This commit is contained in:
Dirk Zimoch
2019-11-11 13:24:39 +01:00
committed by GitHub
parent f172f3d0a0 08ac900eda
commit aadecf1853
5 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/AsynDriverInterface.cc
View File

@ -162,7 +162,7 @@ class AsynDriverInterface : StreamBusInterface
double writeTimeout; double writeTimeout;
double readTimeout; double readTimeout;
double replyTimeout; double replyTimeout;
size_t expectedLength; ssize_t expectedLength;
unsigned long eventMask; unsigned long eventMask;
unsigned long receivedEvent; unsigned long receivedEvent;
StreamBuffer inputBuffer; StreamBuffer inputBuffer;
@ -187,7 +187,7 @@ class AsynDriverInterface : StreamBusInterface
bool writeRequest(const void* output, size_t size, bool writeRequest(const void* output, size_t size,
unsigned long writeTimeout_ms); unsigned long writeTimeout_ms);
bool readRequest(unsigned long replyTimeout_ms, bool readRequest(unsigned long replyTimeout_ms,
unsigned long readTimeout_ms, size_t expectedLength, bool async); unsigned long readTimeout_ms, ssize_t expectedLength, bool async);
bool acceptEvent(unsigned long mask, unsigned long replytimeout_ms); bool acceptEvent(unsigned long mask, unsigned long replytimeout_ms);
bool supportsEvent(); bool supportsEvent();
bool supportsAsyncRead(); bool supportsAsyncRead();
@ -800,7 +800,7 @@ writeHandler()
// interface function: we want to read something // interface function: we want to read something
bool AsynDriverInterface:: bool AsynDriverInterface::
readRequest(unsigned long replyTimeout_ms, unsigned long readTimeout_ms, readRequest(unsigned long replyTimeout_ms, unsigned long readTimeout_ms,
size_t _expectedLength, bool async) ssize_t _expectedLength, bool async)
{ {
debug("AsynDriverInterface::readRequest(%s, %ld msec reply, " debug("AsynDriverInterface::readRequest(%s, %ld msec reply, "
"%ld msec read, expect %" Z "u bytes, async=%s)\n", "%ld msec read, expect %" Z "u bytes, async=%s)\n",

11
src/ChecksumConverter.cc
View File

@ -706,13 +706,14 @@ scanPseudo(const StreamFormat& format, StreamBuffer& input, size_t& cursor)
debug("ChecksumConverter %s: input to check: \"%s\n", debug("ChecksumConverter %s: input to check: \"%s\n",
checksumMap[fnum].name, input.expand(start,length)()); checksumMap[fnum].name, input.expand(start,length)());
uint_fast8_t expectedLength = uint_fast8_t nDigits =
// get number of decimal digits from number of bytes: ceil(bytes*2.5) // get number of decimal digits from number of bytes: ceil(bytes*2.5)
format.flags & sign_flag ? (checksumMap[fnum].bytes + 1) * 25 / 10 - 2 : format.flags & sign_flag ? (checksumMap[fnum].bytes + 1) * 25 / 10 - 2 :
format.flags & (zero_flag|left_flag) ? 2 * checksumMap[fnum].bytes : format.flags & (zero_flag|left_flag) ? 2 * checksumMap[fnum].bytes :
checksumMap[fnum].bytes; checksumMap[fnum].bytes;
ssize_t expectedLength = nDigits;
if (input.length() - cursor < expectedLength) if ((ssize_t)( input.length() - cursor ) < expectedLength)
{ {
debug("ChecksumConverter %s: Input '%s' too short for checksum\n", debug("ChecksumConverter %s: Input '%s' too short for checksum\n",
checksumMap[fnum].name, input.expand(cursor)()); checksumMap[fnum].name, input.expand(cursor)());
@ -731,7 +732,7 @@ scanPseudo(const StreamFormat& format, StreamBuffer& input, size_t& cursor)
if (format.flags & sign_flag) // decimal if (format.flags & sign_flag) // decimal
{ {
uint32_t sumin = 0; uint32_t sumin = 0;
size_t i; ssize_t i;
for (i = 0; i < expectedLength; i++) for (i = 0; i < expectedLength; i++)
{ {
inchar = input[cursor+i]; inchar = input[cursor+i];
@ -753,7 +754,7 @@ scanPseudo(const StreamFormat& format, StreamBuffer& input, size_t& cursor)
{ {
if (format.flags & zero_flag) // ASCII if (format.flags & zero_flag) // ASCII
{ {
if (sscanf(input(cursor+2*i), "%2" SCNx8, &inchar) != 1) if (sscanf(input(cursor+2*i), "%2" SCNx8, (int8_t *) &inchar) != 1)
{ {
debug("ChecksumConverter %s: Input byte '%s' is not a hex byte\n", debug("ChecksumConverter %s: Input byte '%s' is not a hex byte\n",
checksumMap[fnum].name, input.expand(cursor+2*i,2)()); checksumMap[fnum].name, input.expand(cursor+2*i,2)());
@ -797,7 +798,7 @@ scanPseudo(const StreamFormat& format, StreamBuffer& input, size_t& cursor)
{ {
if (format.flags & zero_flag) // ASCII if (format.flags & zero_flag) // ASCII
{ {
sscanf(input(cursor+2*i), "%2" SCNx8, &inchar); sscanf(input(cursor+2*i), "%2" SCNx8, (int8_t *) &inchar);
} }
else else
if (format.flags & left_flag) // poor man's hex: 0x30 - 0x3F if (format.flags & left_flag) // poor man's hex: 0x30 - 0x3F

6
src/DebugInterface.cc
View File

@ -37,7 +37,7 @@ class DebugInterface : StreamBusInterface
bool writeRequest(const void* output, size_t size, bool writeRequest(const void* output, size_t size,
unsigned long writeTimeout_ms); unsigned long writeTimeout_ms);
bool readRequest(unsigned long replyTimeout_ms, bool readRequest(unsigned long replyTimeout_ms,
unsigned long readTimeout_ms, size_t expectedLength, bool async); unsigned long readTimeout_ms, ssize_t expectedLength, bool async);
protected: protected:
~DebugInterface(); ~DebugInterface();
@ -169,9 +169,9 @@ writeRequest(const void* output, size_t size, unsigned long writeTimeout_ms)
// Return false if the read request cannot be accepted. // Return false if the read request cannot be accepted.
bool DebugInterface:: bool DebugInterface::
readRequest(unsigned long replyTimeout_ms, unsigned long readTimeout_ms, readRequest(unsigned long replyTimeout_ms, unsigned long readTimeout_ms,
size_t expectedLength, bool async) ssize_t expectedLength, bool async)
{ {
debug("DebugInterface::readRequest(%s, %ld msec reply, %ld msec read, expect %" Z "u bytes, asyn=%s)\n", debug("DebugInterface::readRequest(%s, %ld msec reply, %ld msec read, expect %" Z "d bytes, asyn=%s)\n",
clientName(), replyTimeout_ms, readTimeout_ms, expectedLength, async?"yes":"no"); clientName(), replyTimeout_ms, readTimeout_ms, expectedLength, async?"yes":"no");
// Debug interface does not support async mode. // Debug interface does not support async mode.

2
src/StreamBusInterface.cc
View File

@ -118,7 +118,7 @@ writeRequest(const void*, size_t, unsigned long)
} }
bool StreamBusInterface:: bool StreamBusInterface::
readRequest(unsigned long, unsigned long, size_t, bool) readRequest(unsigned long, unsigned long, ssize_t, bool)
{ {
return false; return false;
} }

4
src/StreamBusInterface.h
View File

@ -76,7 +76,7 @@ public:
return businterface && businterface->writeRequest(output, size, timeout_ms); return businterface && businterface->writeRequest(output, size, timeout_ms);
} }
bool busReadRequest(unsigned long replytimeout_ms, bool busReadRequest(unsigned long replytimeout_ms,
unsigned long readtimeout_ms, size_t expectedLength, unsigned long readtimeout_ms, ssize_t expectedLength,
bool async) { bool async) {
return businterface && businterface->readRequest(replytimeout_ms, return businterface && businterface->readRequest(replytimeout_ms,
readtimeout_ms, expectedLength, async); readtimeout_ms, expectedLength, async);
@ -133,7 +133,7 @@ protected:
virtual bool writeRequest(const void* output, size_t size, virtual bool writeRequest(const void* output, size_t size,
unsigned long timeout_ms); unsigned long timeout_ms);
virtual bool readRequest(unsigned long replytimeout_ms, virtual bool readRequest(unsigned long replytimeout_ms,
unsigned long readtimeout_ms, size_t expectedLength, unsigned long readtimeout_ms, ssize_t expectedLength,
bool async); bool async);
virtual bool supportsEvent(); // defaults to false virtual bool supportsEvent(); // defaults to false
virtual bool supportsAsyncRead(); // defaults to false virtual bool supportsAsyncRead(); // defaults to false