Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :211507] Out-of-bounds read in drivers/wifi/eswifi/eswifi_socket_offload.c #27141

Closed
zephyrbot opened this issue Jul 25, 2020 · 1 comment · Fixed by #27187
Closed

[Coverity CID :211507] Out-of-bounds read in drivers/wifi/eswifi/eswifi_socket_offload.c #27141

zephyrbot opened this issue Jul 25, 2020 · 1 comment · Fixed by #27187
Assignees
@loicpoulain
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/565a61dd79b0f061056c9b3fe0adba11cbeca6ab/drivers/wifi/eswifi/eswifi_socket_offload.c#L469

Category: Memory - illegal accesses
Function: eswifi_socket_bind
Component: Drivers
CID: 211507

Details:

463             (sock > ESWIFI_OFFLOAD_MAX_SOCKETS)) {
464             return -EINVAL;
465         }
466    
467         eswifi_lock(eswifi);
468         socket = &eswifi->socket[sock];
>>>     CID 211507:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 896 bytes at byte offset 896 by dereferencing pointer "socket".
469         ret = __eswifi_bind(eswifi, socket, addr, addrlen);
470         eswifi_unlock(eswifi);
471    
472         return ret;
473     }
474

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug labels Jul 25, 2020
This was referenced Jul 27, 2020
Closed
Closed
Closed
@dleach02
Copy link
Member

There are multiple CID errors all based on the test of socket > ESWIFI_OFFLOAD_MAX_SOCKETS. The test needs to be '>=' in all cases. One PR can fix all of these (#27138, #27139, #27140, #27141, #27142, #27143).

This was referenced Jul 27, 2020
Closed
Merged
nashif pushed a commit that referenced this issue Jul 28, 2020
@dleach02 @nashif
drivers: wifi: eswifi: fix coverity Out-of-bounds access errors
f4caf7b 
There are multiple CID errors all based on the test of
'socket > ESWIFI_OFFLOAD_MAX_SOCKETS'. The test needs to
be '>=' in all cases.

Fixes: #27138
Fixes: #27139
Fixes: #27140
Fixes: #27141
Fixes: #27142
Fixes: #27143

Signed-off-by: David Leach <david.leach@nxp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@loicpoulain loicpoulain

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

drivers: wifi: eswifi: fix coverity Out-of-bounds access errors
3 participants
@loicpoulain @zephyrbot @dleach02