Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Typecasting causing undefined behavior #429

Closed
taubel opened this issue Feb 20, 2019 · 0 comments · Fixed by #432
Closed

Typecasting causing undefined behavior #429

taubel opened this issue Feb 20, 2019 · 0 comments · Fixed by #432
Labels
bug

Comments

@taubel
Copy link

taubel commented Feb 20, 2019

In er-coap-13.c there is the following code:

    x = &option_delta;
    do
    {
      if (*x==13)
      {
        *x += current_option[0];
        ++current_option;
      }
      else if (*x==14)
      {
        *x += 255;
        *x += current_option[0]<<8;
        ++current_option;
        *x += current_option[0];
        ++current_option;
      }
    }
    while (x!=(unsigned int *)&option_length && (x=(unsigned int *)&option_length));

Both option_delta and x are of type unsigned int, while option_length is of type size_t. In some systems these types are of different sizes, thus such code causes undefined behavior. My suggestion would be to change the type of option_length to unsigned int.
sbertin-telular added a commit to sbertin-telular/wakaama that referenced this issue Feb 22, 2019
@sbertin-telular
Fix potential type size mismatch through pointers
d0aac3c 
size_t can be 64-bits while unsigned int is smaller. This causes issues
when option_length is accessed through the pointer x in
coap_parse_message(). The option length and delta are at most a 16-bit
unsigned integer plus 269 according to RFC 7252. Changing
option_number, option_delta, and option_length to uint32_t and x to
uint32_t * fixes eclipse-wakaama#429. This also ensures sufficient size even if used
on a platform with smaller integers.

Signed-off-by: Scott Bertin <[email protected]>
@sbertin-telular sbertin-telular mentioned this issue Feb 22, 2019
Merged
@sbertin-telular sbertin-telular mentioned this issue May 5, 2020
Closed
@sbernard31 sbernard31 added the bug label Nov 3, 2020
sbertin-telular added a commit to sbertin-telular/wakaama that referenced this issue Nov 12, 2020
@sbertin-telular
Fix potential type size mismatch through pointers
fd24cf8 
size_t can be 64-bits while unsigned int is smaller. This causes issues
when option_length is accessed through the pointer x in
coap_parse_message(). The option length and delta are at most a 16-bit
unsigned integer plus 269 according to RFC 7252. Changing
option_number, option_delta, and option_length to uint32_t and x to
uint32_t * fixes eclipse-wakaama#429. This also ensures sufficient size even if used
on a platform with smaller integers.

Signed-off-by: Scott Bertin <[email protected]>
sbertin-telular added a commit to sbertin-telular/wakaama that referenced this issue Nov 13, 2020
@sbertin-telular
Fix potential type size mismatch through pointers
a78ab63 
size_t can be 64-bits while unsigned int is smaller. This causes issues
when option_length is accessed through the pointer x in
coap_parse_message(). The option length and delta are at most a 16-bit
unsigned integer plus 269 according to RFC 7252. Changing
option_number, option_delta, and option_length to uint32_t and x to
uint32_t * fixes eclipse-wakaama#429. This also ensures sufficient size even if used
on a platform with smaller integers.

Signed-off-by: Scott Bertin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix potential type size mismatch through pointers sbertin-telular/wakaama
2 participants
@sbernard31 @taubel