msgbuf: Rework detection of invalid memory regions
From Annex J.2 of N2176 (C17 draft specification):
> Addition or subtraction of a pointer into, or just beyond, an array
> object and an integer type produces a result that does not point into,
> or just beyond, the same array object (6.5.6).
Instead we can lean on uintptr_t from 7.20.1.4, and from there the
defined behavior of unsigned overflow.
Change-Id: Ia1b47b87efeb9c96057d294a3e38e90bfdba5386
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/msgbuf.h b/src/msgbuf.h
index 85cfb39..691d9a6 100644
--- a/src/msgbuf.h
+++ b/src/msgbuf.h
@@ -69,12 +69,9 @@
* PLDM_ERROR_INVALID_DATA if pointer parameters are invalid, or
* PLDM_ERROR_INVALID_LENGTH if length constraints are violated.
*/
-__attribute__((no_sanitize("pointer-overflow"))) static inline int
-pldm_msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
- size_t len)
+static inline int pldm_msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize,
+ const void *buf, size_t len)
{
- uint8_t *end;
-
if (!ctx || !buf) {
return PLDM_ERROR_INVALID_DATA;
}
@@ -83,8 +80,7 @@
return PLDM_ERROR_INVALID_LENGTH;
}
- end = (uint8_t *)buf + len;
- if (end && end < (uint8_t *)buf) {
+ if ((uintptr_t)buf + len < len) {
return PLDM_ERROR_INVALID_LENGTH;
}