Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :208923] Out-of-bounds read in drivers/sensor/adxl345/adxl345.c #23577

Closed
zephyrbot opened this issue Mar 18, 2020 · 2 comments
Closed

[Coverity CID :208923] Out-of-bounds read in drivers/sensor/adxl345/adxl345.c #23577

zephyrbot opened this issue Mar 18, 2020 · 2 comments
Assignees
@MaureenHelm
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/master/drivers/sensor/adxl345/adxl345.c#L104

Category: Memory - illegal accesses
Function: adxl345_channel_get
Component: Drivers
CID: 208923

Details:

107         case SENSOR_CHAN_ACCEL_Z:
108             adxl345_accel_convert(val, data->bufz[data->sample_number]);
109             data->sample_number++;
110             break;
111         case SENSOR_CHAN_ACCEL_XYZ:
112             adxl345_accel_convert(val++, data->bufx[data->sample_number]);
>>>     CID 208923:    (OVERRUN)
>>>     Overrunning array "data->bufy" of 32 2-byte elements at element index 32 (byte offset 65) using index "data->sample_number" (which evaluates to 32).
113             adxl345_accel_convert(val++, data->bufy[data->sample_number]);
114             adxl345_accel_convert(val,   data->bufz[data->sample_number]);
115             data->sample_number++;
116             break;
117         default:
118             return -ENOTSUP;
98         switch (chan) {
99         case SENSOR_CHAN_ACCEL_X:
100             adxl345_accel_convert(val, data->bufx[data->sample_number]);
101             data->sample_number++;
102             break;
103         case SENSOR_CHAN_ACCEL_Y:
>>>     CID 208923:    (OVERRUN)
>>>     Overrunning array "data->bufy" of 32 2-byte elements at element index 32 (byte offset 65) using index "data->sample_number" (which evaluates to 32).
104             adxl345_accel_convert(val, data->bufy[data->sample_number]);
105             data->sample_number++;
106             break;
107         case SENSOR_CHAN_ACCEL_Z:
108             adxl345_accel_convert(val, data->bufz[data->sample_number]);
109             data->sample_number++;

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug labels Mar 18, 2020
@mateusz-holenko
Copy link
Collaborator

We'll look into this

@mateusz-holenko mateusz-holenko mentioned this issue Mar 30, 2020
Merged
mateusz-holenko pushed a commit to antmicro/zephyr that referenced this issue Apr 22, 2020
@kamilrakoczy @mateusz-holenko
Sensor: ADXL345: Fix ADXL345 driver
6886137 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
carlescufi pushed a commit that referenced this issue Apr 22, 2020
@kamilrakoczy @carlescufi
Sensor: ADXL345: Fix ADXL345 driver
415065a 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in #23577, #23581 and #23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
@carlescufi
Copy link
Member

Fixed by #23931

sandeepbrcm pushed a commit to Broadcom/zephyr that referenced this issue Apr 30, 2020
@kamilrakoczy
Sensor: ADXL345: Fix ADXL345 driver
0ceea6e 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
hakehuang pushed a commit to hakehuang/zephyr that referenced this issue Jun 20, 2020
@kamilrakoczy @hakehuang
Sensor: ADXL345: Fix ADXL345 driver
bc51c0b 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaureenHelm MaureenHelm

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mateusz-holenko @MaureenHelm @carlescufi @zephyrbot