cbor: bounds checking on read and no_copy string deserialization

[OlegHahm]

Since @luciotorre seems to be not working on #3843, I adopted parts of it. I refactored that commits and cut out the parts that I didn't understand or which seem unrelated.

@krf, can you take a brief look?

[cgundogan]

I can imagine the compiler to complain for 8-and 16-bits architectures without luciotorre@2df5b2b

[OlegHahm]

I can imagine the compiler to complain for 8-and 16-bits architectures without luciotorre/RIOT@2df5b2b

But this is untouched code - shouldn't the CI have whined about this before?

[cgundogan]

But this is untouched code - shouldn't the CI have whined about this before?

yeah weird .. nevermind then

[cgundogan]

@OlegHahm commented 2 days ago in #3843
Sorry, feature freeze.

[OlegHahm]

Feature freeze is over.

[kYc0o]

This function names respect our coding conventions?

[OlegHahm]

This is part of embUnit's API (sys/include/embUnit/TestCaller.h).

[kYc0o]

Can you rebase and remake the tests? Anyways it won't make it for this release so I'll postpone it.

[OlegHahm]

What do you mean by "remake the tests"?

[kYc0o]

I thought you have made some test for this PR, I mean, testing functionality. Anyways it's marked for the next release. But if you think this can be merged soon let's do it :)

[BytesGalore]

is there a case where the cbor_stream_t *s can be NULL?
The question also applies for all other cases where we pass a pointer to a macro.

[BytesGalore]

I know we check the case here, but in other cases we don't (e.g. [encode][decode]_bytes(...))

[OlegHahm]

Valid point, but IMO out of scope of this PR. I would propose to open a follow-up PR that adds some assertions to check for null pointers. Okay?

[miri64]

Postponed due to feature freeze

[miri64]

@OlegHahm can you please rebase?

[OlegHahm]

Rebased. @BytesGalore's comment should IMO be addressed in a separate PR.

[miri64]

Quoting yourself in #2189 (comment)

Concerning the pragmas: they should be avoided wherever possible. @Kijewski, any way to get rid of them?

I'm not sure I understand the context of the comment, the pragma and the packed attribute, so please provide better context.

[OlegHahm]

Not sure, I understand it myself - I'm only a caretaker of this PR. But I will try my best.

[miri64]

(sorry, forgot that you adapted the PR :-/)

[OlegHahm]

No worries - your comment is valid anyway.

[OlegHahm]

However, after thinking about this a little bit, my conclusion is:
1.) I would rephrase my own comment from #2198 to: "pragmas that may lead to different output on different compilers should be avoided wherever possible".
2.) I don't quite understand which bug in GCC this refers to.
3.) The pragma would only add one more switch to GCC which IMO should not create a problem.

[OlegHahm]

It is not ignored - on the contrary, it will raise an error.

[Kijewski]

Ahh, I like that. 👍 How much would break if we'd enable -Wcast-align globally?

[OlegHahm]

Everything. ;-)

/home/oleg/git/RIOT/sys/include/net/gnrc/ipv6/netif.h: In function 'gnrc_ipv6_netif_addr_get'
/home/oleg/git/RIOT/core/include/kernel_defines.h:53:14: error: cast increases required alignment of target type [-Werror=cast-align]
             ((TYPE *) ((char *) __m____ - offsetof(TYPE, MEMBER))); \

[OlegHahm]

@Kijewski, okay to leave as is?

[miri64]

Okay, if this is only concerning GCC, I'm okay with this special case.

[miri64]

Jenkins reports

cbor.c:108:6: error: ISO C99 doesn't support unnamed structs/unions [-Werror=pedantic]

But let's see what Murdock has to say also.

[miri64]

Union needs a member name (that's what Jenkins is complaining about)

[miri64]

Please add the following patch for the other errors reported by Jenkins:

diff --git a/sys/cbor/cbor.c b/sys/cbor/cbor.c
index f3c7995..9319480 100644
--- a/sys/cbor/cbor.c
+++ b/sys/cbor/cbor.c
@@ -95,19 +95,18 @@
 #define NAN (0.0/0.0)
 #endif
 
-#ifndef CBOR_NO_FLOAT
-
 /* pack to force aligned access on ARMv7 (buggy GCC) */
 #pragma GCC diagnostic error "-Wcast-align"
-typedef struct cast_align_u8 {
+typedef struct  __attribute__((packed)) {
     unsigned char u8;
     union {
         uint16_t u16;
         uint32_t u32;
         uint64_t u64;
     };
-} __attribute__((packed)) cast_align_u8_t;
+} cast_align_u8_t;
 
+#ifndef CBOR_NO_FLOAT
 /**
  * Convert float @p x to network format
  */

[OlegHahm]

updated

[miri64]

Waiting for @Kijewski's approval, but in general: ACK, please squash.

[OlegHahm]

squashed

[miri64]

->u.u32

[miri64]

->u.u64

[miri64]

Please resquash

[OlegHahm]

resquashed

[cgundogan]

on my machine:

RIOT/tests/unittests % make tests-cbor
Building application "unittests" for "native" with MCU "native".
RIOT/sys/cbor/cbor.c:108:6: error: ISO C99 doesn’t support unnamed structs/unions [-Werror=pedantic]
     };

[miri64]

@cgundogan that was fixed... Are you sure you have the most current version of @OlegHahm's branch?

[cgundogan]

Are you sure you have the most current version of @OlegHahm's branch?

yup, just checked. Problem persists for me.

[miri64]

But neither is the line you are referring to still at 108, nor is it unnamed

[cgundogan]

weird. I did a clean checkout and now it notices the different commit history. Thanks for the pointer, seems to be OK.

[OlegHahm]

@Kijewski, are you okay with the pragma?

[Kijewski]

I'm okay with the pragma.