From 14123028502e1d13cea32d3796fa240afe04478d Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Wed, 28 Sep 2016 15:54:43 +0200 Subject: [PATCH 1/7] IntegerParameterType: Fix Min/Max XML import overflow In case XML data for Min and Max values are wrongly set (out of range). The Import function is not checking out of range format. In order to avoid roll over some additional boundary check need to be done. For exemple if we have Sign integer on 8 bits and we set Max value to 200 the new code will initialize the Max value to 127. Signed-off-by: Sebastien Guiriec --- parameter/IntegerParameterType.cpp | 35 ++++++++++++++++++++++++++---- parameter/IntegerParameterType.h | 3 +++ 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/parameter/IntegerParameterType.cpp b/parameter/IntegerParameterType.cpp index 48995145f..cc48ec4f2 100644 --- a/parameter/IntegerParameterType.cpp +++ b/parameter/IntegerParameterType.cpp @@ -93,6 +93,8 @@ void CIntegerParameterType::showProperties(string &strResult) const bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, CXmlSerializingContext &serializingContext) { + uint32_t iMax, iMin; + // Sign xmlElement.getAttribute("Signed", _bSigned); @@ -109,28 +111,43 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, // Signed means we have one less util bit sizeInBits--; + iMin = 1U << sizeInBits; + iMax = (1U << sizeInBits) - 1; if (!xmlElement.getAttribute("Min", (int32_t &)_uiMin)) { - _uiMin = 1U << sizeInBits; + _uiMin = iMin; } if (!xmlElement.getAttribute("Max", (int32_t &)_uiMax)) { - _uiMax = (1U << sizeInBits) - 1; + _uiMax = iMax; } + + signExtend((int32_t &)iMin); + signExtend((int32_t &)iMax); + // Check boundary Limits (in case Min and Max value are out of range inside XML) + _uiMin = (uint32_t)LimitValueAgainstRange((int32_t)_uiMin, (int32_t)iMin, (int32_t)iMax); + _uiMax = (uint32_t)LimitValueAgainstRange((int32_t)_uiMax, (int32_t)iMin, (int32_t)iMax); signExtend((int32_t &)_uiMin); signExtend((int32_t &)_uiMax); + } else { + iMin = 0; + iMax = ~0U >> (8 * sizeof(size_t) - sizeInBits); + if (!xmlElement.getAttribute("Min", _uiMin)) { - _uiMin = 0; + _uiMin = iMin; } if (!xmlElement.getAttribute("Max", _uiMax)) { - _uiMax = ~0U >> (8 * sizeof(size_t) - sizeInBits); + _uiMax = iMax; } + // Check boundary Limits (in case Min and Max value are out of range inside XML) + _uiMin = (uint32_t)LimitValueAgainstRange(_uiMin, iMin, iMax); + _uiMax = (uint32_t)LimitValueAgainstRange(_uiMax, iMin, iMax); } // Base @@ -431,6 +448,16 @@ bool CIntegerParameterType::checkValueAgainstRange(const string &strValue, type return true; } +// Limit Range accoridng to dynammic +template +type CIntegerParameterType::LimitValueAgainstRange(type value, + type minValue, type maxValue) const +{ + if (value > maxValue) return(maxValue); + if (value < minValue) return(minValue); + return (value); +} + // Adaptation element retrieval const CParameterAdaptation *CIntegerParameterType::getParameterAdaptation() const { diff --git a/parameter/IntegerParameterType.h b/parameter/IntegerParameterType.h index bf7bc973e..9c922a3c4 100644 --- a/parameter/IntegerParameterType.h +++ b/parameter/IntegerParameterType.h @@ -95,6 +95,9 @@ class CIntegerParameterType : public CParameterType bool checkValueAgainstRange(const std::string &strValue, type value, type minValue, type maxValue, CParameterAccessContext ¶meterAccessContext, bool bHexaValue) const; + // Limit Range checking + template + type LimitValueAgainstRange(type value, type minValue, type maxValue) const; // Adaptation element retrieval const CParameterAdaptation *getParameterAdaptation() const; From ba4e6aeb4859f10f53215b9b51a2d7050bf4379f Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Thu, 29 Sep 2016 11:20:10 +0200 Subject: [PATCH 2/7] IntegerParameter: Fix clang formatting This patch is fixing code formating according to clang Signed-off-by: Sebastien Guiriec --- parameter/IntegerParameterType.cpp | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/parameter/IntegerParameterType.cpp b/parameter/IntegerParameterType.cpp index cc48ec4f2..abcb67a89 100644 --- a/parameter/IntegerParameterType.cpp +++ b/parameter/IntegerParameterType.cpp @@ -111,8 +111,8 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, // Signed means we have one less util bit sizeInBits--; - iMin = 1U << sizeInBits; - iMax = (1U << sizeInBits) - 1; + iMin = 1U << sizeInBits; + iMax = (1U << sizeInBits) - 1; if (!xmlElement.getAttribute("Min", (int32_t &)_uiMin)) { @@ -127,14 +127,16 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, signExtend((int32_t &)iMin); signExtend((int32_t &)iMax); // Check boundary Limits (in case Min and Max value are out of range inside XML) - _uiMin = (uint32_t)LimitValueAgainstRange((int32_t)_uiMin, (int32_t)iMin, (int32_t)iMax); - _uiMax = (uint32_t)LimitValueAgainstRange((int32_t)_uiMax, (int32_t)iMin, (int32_t)iMax); + _uiMin = (uint32_t)LimitValueAgainstRange((int32_t)_uiMin, (int32_t)iMin, + (int32_t)iMax); + _uiMax = (uint32_t)LimitValueAgainstRange((int32_t)_uiMax, (int32_t)iMin, + (int32_t)iMax); signExtend((int32_t &)_uiMin); signExtend((int32_t &)_uiMax); } else { - iMin = 0; - iMax = ~0U >> (8 * sizeof(size_t) - sizeInBits); + iMin = 0; + iMax = ~0U >> (8 * sizeof(size_t) - sizeInBits); if (!xmlElement.getAttribute("Min", _uiMin)) { @@ -450,11 +452,12 @@ bool CIntegerParameterType::checkValueAgainstRange(const string &strValue, type // Limit Range accoridng to dynammic template -type CIntegerParameterType::LimitValueAgainstRange(type value, - type minValue, type maxValue) const +type CIntegerParameterType::LimitValueAgainstRange(type value, type minValue, type maxValue) const { - if (value > maxValue) return(maxValue); - if (value < minValue) return(minValue); + if (value > maxValue) + return (maxValue); + if (value < minValue) + return (minValue); return (value); } From 702cee68afc5420878117d50e6392895ae3e3b25 Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Thu, 29 Sep 2016 13:45:54 +0200 Subject: [PATCH 3/7] IntegerParameterType: Update Min/max check in order to reject bad XML In case XML Min/Max values are not well set the import is returning error. Signed-off-by: Sebastien Guiriec --- parameter/IntegerParameterType.cpp | 33 ++++++++++++++++++------------ parameter/IntegerParameterType.h | 4 ++-- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/parameter/IntegerParameterType.cpp b/parameter/IntegerParameterType.cpp index abcb67a89..b60b43ef4 100644 --- a/parameter/IntegerParameterType.cpp +++ b/parameter/IntegerParameterType.cpp @@ -127,10 +127,10 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, signExtend((int32_t &)iMin); signExtend((int32_t &)iMax); // Check boundary Limits (in case Min and Max value are out of range inside XML) - _uiMin = (uint32_t)LimitValueAgainstRange((int32_t)_uiMin, (int32_t)iMin, - (int32_t)iMax); - _uiMax = (uint32_t)LimitValueAgainstRange((int32_t)_uiMax, (int32_t)iMin, - (int32_t)iMax); + if (!minMaxValueAgainstRange((int32_t)_uiMin, (int32_t)_uiMax, (int32_t)iMin, + (int32_t)iMax)) { + return false; + } signExtend((int32_t &)_uiMin); signExtend((int32_t &)_uiMax); @@ -148,8 +148,9 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, _uiMax = iMax; } // Check boundary Limits (in case Min and Max value are out of range inside XML) - _uiMin = (uint32_t)LimitValueAgainstRange(_uiMin, iMin, iMax); - _uiMax = (uint32_t)LimitValueAgainstRange(_uiMax, iMin, iMax); + if (!minMaxValueAgainstRange(_uiMin, _uiMax, iMin, iMax)) { + return false; + } } // Base @@ -450,15 +451,21 @@ bool CIntegerParameterType::checkValueAgainstRange(const string &strValue, type return true; } -// Limit Range accoridng to dynammic +// MinMax Range check accoridng to dynammic template -type CIntegerParameterType::LimitValueAgainstRange(type value, type minValue, type maxValue) const +bool CIntegerParameterType::minMaxValueAgainstRange(type valueMin, type valueMax, type minValue, + type maxValue) const { - if (value > maxValue) - return (maxValue); - if (value < minValue) - return (minValue); - return (value); + if ((valueMin > maxValue) || (valueMin < minValue)) { + return false; + } + if ((valueMax > maxValue) || (valueMax < minValue)) { + return false; + } + if (valueMin > valueMax) { + return false; + } + return true; } // Adaptation element retrieval diff --git a/parameter/IntegerParameterType.h b/parameter/IntegerParameterType.h index 9c922a3c4..32a9b875f 100644 --- a/parameter/IntegerParameterType.h +++ b/parameter/IntegerParameterType.h @@ -95,9 +95,9 @@ class CIntegerParameterType : public CParameterType bool checkValueAgainstRange(const std::string &strValue, type value, type minValue, type maxValue, CParameterAccessContext ¶meterAccessContext, bool bHexaValue) const; - // Limit Range checking + // MinMax Range checking template - type LimitValueAgainstRange(type value, type minValue, type maxValue) const; + bool minMaxValueAgainstRange(type valueMin, type valueMax, type minValue, type maxValue) const; // Adaptation element retrieval const CParameterAdaptation *getParameterAdaptation() const; From ab177bb4f1ff4bf77be3aff84b8bebca09e23d30 Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Fri, 30 Sep 2016 08:22:32 +0200 Subject: [PATCH 4/7] IntegerParameterType: Fix Signed Min default value issue Minimum default value should be sign extended before boundary check. Signed-off-by: Sebastien Guiriec --- parameter/IntegerParameterType.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/parameter/IntegerParameterType.cpp b/parameter/IntegerParameterType.cpp index b60b43ef4..7560c5121 100644 --- a/parameter/IntegerParameterType.cpp +++ b/parameter/IntegerParameterType.cpp @@ -117,6 +117,7 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, if (!xmlElement.getAttribute("Min", (int32_t &)_uiMin)) { _uiMin = iMin; + signExtend((int32_t &)_uiMin); } if (!xmlElement.getAttribute("Max", (int32_t &)_uiMax)) { From b0ccc19e26d5a6cba30e05d8e07ab5dc291478bc Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Fri, 30 Sep 2016 08:16:44 +0200 Subject: [PATCH 5/7] IntegerParameterType: Add unit tests for Mix/Max boundary. This patch is improving IntegerParameter Type unit tests in order to check Min/max boundary when it is possible. Signed-off-by: Sebastien Guiriec --- test/functional-tests/CMakeLists.txt | 1 + test/functional-tests/Integer.cpp | 160 +++++++++++++++++++++++++++ 2 files changed, 161 insertions(+) create mode 100644 test/functional-tests/Integer.cpp diff --git a/test/functional-tests/CMakeLists.txt b/test/functional-tests/CMakeLists.txt index fdc0f6906..bece75f12 100644 --- a/test/functional-tests/CMakeLists.txt +++ b/test/functional-tests/CMakeLists.txt @@ -36,6 +36,7 @@ if(BUILD_TESTING) add_executable(parameterFunctionalTest Basic.cpp FloatingPoint.cpp + Integer.cpp Handle.cpp AutoSync.cpp) diff --git a/test/functional-tests/Integer.cpp b/test/functional-tests/Integer.cpp new file mode 100644 index 000000000..80765970a --- /dev/null +++ b/test/functional-tests/Integer.cpp @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2016, Intel Corporation + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * + * 3. Neither the name of the copyright holder nor the names of its contributors + * may be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "Config.hpp" +#include "ParameterFramework.hpp" +#include "ElementHandle.hpp" +#include "Test.hpp" +#include "BinaryCopy.hpp" + +#include + +#include + +using std::string; + +namespace parameterFramework +{ + +const auto validIntegerInstances = Config{&Config::instances, + // Size is fixed at 8 for test */ + R"( + + + + + + + + + + + + + + )"}; +const auto &invalidIntegerParameters = Tests{ + {"minimum > maximum", ""}, + {"S8 minimum > MaxRange", ""}, + {"S8 minimum < MinRange", ""}, + {"S8 maximum > MaxRange", ""}, + {"S8 maximum < MinRange", ""}, + {"U8 minimum > MaxRange", ""}, + {"U8 maximum > MaxRange", ""}, + {"S16 minimum > MaxRange", + ""}, + {"S16 minimum < MinRange", + ""}, + {"S16 maximum > MaxRange", + ""}, + {"S16 maximum < MinRange", + ""}, + {"U16 minimum > MaxRange", + ""}, + {"U16 maximum > MaxRange", + ""}}; + +struct IntegerPF : public ParameterFramework +{ + IntegerPF() : ParameterFramework{std::move(validIntegerInstances)} {} +}; + +SCENARIO_METHOD(LazyPF, "Invalid Integer types XML structure", "[Integer types]") +{ + for (auto &vec : invalidIntegerParameters) { + GIVEN ("intentional error: " + vec.title) { + create(Config{&Config::instances, vec.payload}); + THEN ("Start should fail") { + CHECK_THROWS_AS(mPf->start(), Exception); + } + } + } +} + +SCENARIO_METHOD(IntegerPF, "Integer types", "[Integer types]") +{ + GIVEN ("A valid XML structure file") { + THEN ("Start should succeed") { + CHECK_NOTHROW(start()); + REQUIRE_NOTHROW(setTuningMode(true)); + string path = "/test/test/nominal"; + + AND_THEN ("Set/Get a integer type parameter in real value space") { + + for (auto &vec : Tests{ + {"(too high)", "13"}, {"(too low)", "-51"}, {"(not a number)", "foobar"}, + }) { + GIVEN ("Invalid value " + vec.title) { + CHECK_THROWS_AS(setParameter(path, vec.payload), Exception); + } + } + for (auto &vec : Tests{ + {"(upper limit)", "12"}, {"(lower limit)", "-50"}, {"(inside range)", "0"}, + }) { + GIVEN ("A valid value " + vec.title) { + CHECK_NOTHROW(setParameter(path, vec.payload)); + string getValueBack; + REQUIRE_NOTHROW(getParameter(path, getValueBack)); + CHECK(getValueBack == vec.payload); + } + } + } + + AND_THEN ("Set/Get integer type parameter handle") { + ElementHandle handle{*this, path}; + /** @FIXME: 'set' operations on a ParameterHandle are silently + * ignored in tuning mode. Does it make sense ? */ + REQUIRE_NOTHROW(setTuningMode(false)); + + /* warning: even though the API below takes a double as + * argument, we need to define the test vector as integers in + * order to prevent rounding issues */ + for (auto &vec : Tests{ + {"(upper limit)", 12}, {"(lower limit)", -50}, {"(inside range)", 0}, + }) { + GIVEN ("A valid value " + vec.title) { + CHECK_NOTHROW(handle.setAsSignedInteger(vec.payload)); + int32_t getValueBack; + REQUIRE_NOTHROW(handle.getAsSignedInteger(getValueBack)); + CHECK(getValueBack == vec.payload); + } + } + for (auto &vec : Tests{ + {"(too high)", 13}, {"(too low)", -51}, + }) { + GIVEN ("An invalid value " + vec.title) { + CHECK_THROWS_AS(handle.setAsSignedInteger(vec.payload), Exception); + } + } + } + } + } +} +} From 4b2297e3ae3a74474ef245a9ddeaf61421055178 Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Fri, 30 Sep 2016 08:53:19 +0200 Subject: [PATCH 6/7] IntegerParameterType: Limit size to 32 bits. Due to Min and Max format storage the Size of Integer parameter should be limit to 32 bits. Signed-off-by: Sebastien Guiriec --- parameter/IntegerParameterType.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/parameter/IntegerParameterType.cpp b/parameter/IntegerParameterType.cpp index 7560c5121..898117482 100644 --- a/parameter/IntegerParameterType.cpp +++ b/parameter/IntegerParameterType.cpp @@ -103,6 +103,9 @@ bool CIntegerParameterType::fromXml(const CXmlElement &xmlElement, xmlElement.getAttribute("Size", sizeInBits); // Size + if (sizeInBits > 32) { + return false; + } setSize(sizeInBits / 8); // Min / Max From a7d3f0a29e27af0b2e84ec823772be39c2a43d74 Mon Sep 17 00:00:00 2001 From: Sebastien Guiriec Date: Fri, 30 Sep 2016 08:54:51 +0200 Subject: [PATCH 7/7] IntegerParameterType: Add Unit test for size above 32 bits. Enhance unit test in order to check data size above 32 bits. Signed-off-by: Sebastien Guiriec --- test/functional-tests/Integer.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/test/functional-tests/Integer.cpp b/test/functional-tests/Integer.cpp index 80765970a..508b7a7f5 100644 --- a/test/functional-tests/Integer.cpp +++ b/test/functional-tests/Integer.cpp @@ -61,6 +61,7 @@ const auto validIntegerInstances = Config{&Config::instances, )"}; const auto &invalidIntegerParameters = Tests{ + {"invalid Size(64)", ""}, {"minimum > maximum", ""}, {"S8 minimum > MaxRange", ""}, {"S8 minimum < MinRange", ""},