Add usb_rx_helper buffer overflow testcase

Author: keepkeyjon

lib/board/msg_dispatch.c

@@ -260,7 +260,7 @@ static void raw_dispatch(const MessagesMap_t *entry, uint8_t *msg, uint32_t msg_
  * OUTPUT
  *      none
  */
-static void usb_rx_helper(UsbMessage *msg, MessageMapType type)
+void usb_rx_helper(UsbMessage *msg, MessageMapType type)
 {
     static TrezorFrameHeaderFirst last_frame_header = { .id = 0xffff, .len = 0 };
     static uint8_t content_buf[MAX_FRAME_SIZE];

unittests/firmware/CMakeLists.txt

@@ -1,7 +1,8 @@
 set(sources
     ethereum.cpp
     recovery.cpp
-    storage.cpp)
+    storage.cpp
+    usb_rx.cpp)
 
 include_directories(
     ${CMAKE_SOURCE_DIR}/include

unittests/firmware/usb_rx.cpp

@@ -0,0 +1,37 @@
+extern "C" {
+#include "keepkey/board/msg_dispatch.h"
+#include "keepkey/board/usb_driver.h"
+#include "keepkey/firmware/fsm.h"
+}
+
+#include "gtest/gtest.h"
+
+extern "C" {
+void usb_rx_helper(UsbMessage *msg, MessageMapType type);
+}
+
+TEST(USBRX, Overflow) {
+    fsm_init();
+
+    UsbMessage msg;
+    TrezorFrame *frame = (TrezorFrame *)(msg.message);
+    TrezorFrameFragment *frame_fragment = (TrezorFrameFragment *)(msg.message);
+
+    msg.len = sizeof(msg.message);
+    frame->usb_header.hid_type = '?';
+    frame->header.pre1 = '#';
+    frame->header.pre2 = '#';
+    frame->header.id = __builtin_bswap16(MessageType_MessageType_Initialize);
+    frame->header.len = __builtin_bswap32(0xffffffff);
+    usb_rx_helper(&msg, NORMAL_MSG);
+
+    frame->header.pre1 = '0';
+    frame->header.pre2 = '0';
+    msg.len = 63;
+
+    for (unsigned i=0; i < 69273665; i++)
+        usb_rx_helper(&msg, NORMAL_MSG);
+
+    // Boom!
+    usb_rx_helper(&msg, NORMAL_MSG);
+}