-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cbor: bounds checking on read and no_copy string deserialization #5203
Conversation
I can imagine the compiler to complain for 8-and 16-bits architectures without luciotorre@2df5b2b |
But this is untouched code - shouldn't the CI have whined about this before? |
yeah weird .. nevermind then |
Feature freeze is over. |
new_TestFixture(test_byte_string_invalid), | ||
new_TestFixture(test_unicode_string), | ||
new_TestFixture(test_unicode_string_no_copy), | ||
new_TestFixture(test_unicode_string_invalid), | ||
new_TestFixture(test_array), | ||
new_TestFixture(test_array_indefinite), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function names respect our coding conventions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is part of embUnit's API (sys/include/embUnit/TestCaller.h
).
Can you rebase and remake the tests? Anyways it won't make it for this release so I'll postpone it. |
What do you mean by "remake the tests"? |
I thought you have made some test for this PR, I mean, testing functionality. Anyways it's marked for the next release. But if you think this can be merged soon let's do it :) |
@@ -319,10 +335,14 @@ static size_t decode_int(const cbor_stream_t *s, size_t offset, uint64_t *val) | |||
|
|||
*val = 0; /* clear val first */ | |||
|
|||
CBOR_ENSURE_SIZE_READ(s, offset + 1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a case where the cbor_stream_t *s
can be NULL?
The question also applies for all other cases where we pass a pointer to a macro.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know we check the case here, but in other cases we don't (e.g. [encode][decode]_bytes(...)
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Valid point, but IMO out of scope of this PR. I would propose to open a follow-up PR that adds some assertions to check for null pointers. Okay?
Postponed due to feature freeze |
@OlegHahm can you please rebase? |
470b01a
to
123e56d
Compare
Rebased. @BytesGalore's comment should IMO be addressed in a separate PR. |
@@ -92,6 +96,18 @@ | |||
#endif | |||
|
|||
#ifndef CBOR_NO_FLOAT | |||
|
|||
/* pack to force aligned access on ARMv7 (buggy GCC) */ | |||
#pragma GCC diagnostic error "-Wcast-align" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quoting yourself in #2189 (comment)
Concerning the pragmas: they should be avoided wherever possible. @Kijewski, any way to get rid of them?
I'm not sure I understand the context of the comment, the pragma and the packed
attribute, so please provide better context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure, I understand it myself - I'm only a caretaker of this PR. But I will try my best.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(sorry, forgot that you adapted the PR :-/)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries - your comment is valid anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
However, after thinking about this a little bit, my conclusion is:
1.) I would rephrase my own comment from #2198 to: "pragmas that may lead to different output on different compilers should be avoided wherever possible".
2.) I don't quite understand which bug in GCC this refers to.
3.) The pragma would only add one more switch to GCC which IMO should not create a problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not ignored - on the contrary, it will raise an error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh, I like that. 👍 How much would break if we'd enable -Wcast-align
globally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything. ;-)
/home/oleg/git/RIOT/sys/include/net/gnrc/ipv6/netif.h: In function 'gnrc_ipv6_netif_addr_get'
/home/oleg/git/RIOT/core/include/kernel_defines.h:53:14: error: cast increases required alignment of target type [-Werror=cast-align]
((TYPE *) ((char *) __m____ - offsetof(TYPE, MEMBER))); \
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Kijewski, okay to leave as is?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, if this is only concerning GCC, I'm okay with this special case.
Jenkins reports
But let's see what Murdock has to say also. |
uint16_t u16; | ||
uint32_t u32; | ||
uint64_t u64; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Union needs a member name (that's what Jenkins is complaining about)
Please add the following patch for the other errors reported by Jenkins: diff --git a/sys/cbor/cbor.c b/sys/cbor/cbor.c
index f3c7995..9319480 100644
--- a/sys/cbor/cbor.c
+++ b/sys/cbor/cbor.c
@@ -95,19 +95,18 @@
#define NAN (0.0/0.0)
#endif
-#ifndef CBOR_NO_FLOAT
-
/* pack to force aligned access on ARMv7 (buggy GCC) */
#pragma GCC diagnostic error "-Wcast-align"
-typedef struct cast_align_u8 {
+typedef struct __attribute__((packed)) {
unsigned char u8;
union {
uint16_t u16;
uint32_t u32;
uint64_t u64;
};
-} __attribute__((packed)) cast_align_u8_t;
+} cast_align_u8_t;
+#ifndef CBOR_NO_FLOAT
/**
* Convert float @p x to network format
*/ |
updated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Waiting for @Kijewski's approval, but in general: ACK, please squash.
1c8c2cf
to
6820478
Compare
squashed |
@@ -521,7 +578,7 @@ size_t cbor_deserialize_float(const cbor_stream_t *stream, size_t offset, float | |||
unsigned char *data = &stream->data[offset]; | |||
|
|||
if (*data == CBOR_FLOAT32) { | |||
*val = ntohf(*(uint32_t *)(data + 1)); | |||
*val = ntohf(((cast_align_u8_t *)data)->u32); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
->u.u32
if (CBOR_TYPE(stream, offset) != CBOR_7 || !val) { | ||
return 0; | ||
} | ||
|
||
unsigned char *data = &stream->data[offset]; | ||
|
||
if (*data == CBOR_FLOAT64) { | ||
*val = ntohd(*(uint64_t *)(data + 1)); | ||
CBOR_ENSURE_SIZE_READ(stream, offset + 9); | ||
*val = ntohd(((cast_align_u8_t *)data)->u64); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
->u.u64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please resquash
This can happen due to cast using buggy GCC on ARMv7 Credit to our shy french pal
bbf9f70
to
63bcccf
Compare
resquashed |
on my machine:
|
@cgundogan that was fixed... Are you sure you have the most current version of @OlegHahm's branch? |
yup, just checked. Problem persists for me. |
But neither is the line you are referring to still at 108, nor is it unnamed |
weird. I did a clean checkout and now it notices the different commit history. Thanks for the pointer, seems to be OK. |
@Kijewski, are you okay with the pragma? |
I'm okay with the pragma. |
Since @luciotorre seems to be not working on #3843, I adopted parts of it. I refactored that commits and cut out the parts that I didn't understand or which seem unrelated.
@krf, can you take a brief look?