msgbuf: Rework detection of invalid memory regions
From Annex J.2 of N2176 (C17 draft specification):
> Addition or subtraction of a pointer into, or just beyond, an array
> object and an integer type produces a result that does not point into,
> or just beyond, the same array object (6.5.6).
Instead we can lean on uintptr_t from 7.20.1.4, and from there the
defined behavior of unsigned overflow.
Change-Id: Ia1b47b87efeb9c96057d294a3e38e90bfdba5386
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/msgbuf.h b/src/msgbuf.h
index 85cfb39..691d9a6 100644
--- a/src/msgbuf.h
+++ b/src/msgbuf.h
@@ -69,12 +69,9 @@
* PLDM_ERROR_INVALID_DATA if pointer parameters are invalid, or
* PLDM_ERROR_INVALID_LENGTH if length constraints are violated.
*/
-__attribute__((no_sanitize("pointer-overflow"))) static inline int
-pldm_msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
- size_t len)
+static inline int pldm_msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize,
+ const void *buf, size_t len)
{
- uint8_t *end;
-
if (!ctx || !buf) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -83,8 +80,7 @@
return PLDM_ERROR_INVALID_LENGTH;
}
- end = (uint8_t *)buf + len;
- if (end && end < (uint8_t *)buf) {
+ if ((uintptr_t)buf + len < len) {
return PLDM_ERROR_INVALID_LENGTH;
}
diff --git a/tests/msgbuf.cpp b/tests/msgbuf.cpp
index 6623fe0..15b0265 100644
--- a/tests/msgbuf.cpp
+++ b/tests/msgbuf.cpp
@@ -47,9 +47,8 @@
{
struct pldm_msgbuf _ctx;
struct pldm_msgbuf* ctx = &_ctx;
- // This is an intrinsic part of the test.
// NOLINTNEXTLINE(performance-no-int-to-ptr)
- uint8_t* buf = (uint8_t*)SIZE_MAX;
+ void* buf = (void*)UINTPTR_MAX;
EXPECT_NE(pldm_msgbuf_init(ctx, 0, buf, 2), PLDM_SUCCESS);
}
@@ -720,4 +719,4 @@
EXPECT_EQ(pldm_msgbuf_destroy(ctxExtract), PLDM_SUCCESS);
EXPECT_EQ(pldm_msgbuf_destroy(ctx), PLDM_SUCCESS);
-}
\ No newline at end of file
+}