github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various codeQL fixes

Browse source 
Code was previously performing arithmetic in
various loop check conditions.  Integer promotion rules could cause unintended comparisons.

`spiffs` defined `fs->block_count` as `uint32_t`, but defined `spiffs_page_ix` as `uint16_t`.  Various overflow checks detected by CodeQL and fixed by checking for those conditions before looping.
This commit is contained in:
Henry Gabryjelski 2025-01-10 15:02:19 -08:00
commit 1c75690b1a
4 changed files with 49 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
armsrc/spiffs_hydrogen.c
View file

@ -52,15 +52,16 @@ s32_t SPIFFS_format(spiffs *fs) {
SPIFFS_LOCK(fs);
uint32_t block_count = fs->block_count;
// this _should_ never happen, but prefer to see debug message / error
// rather than silently entering infinite loop.
if (fs->block_count > ((spiffs_block_ix)(-1))) {
SPIFFS_DBG("Avoiding infinite loop, block_count "_SPIPRIbl" too large for spiffs_block_ix type\n", fs->block_count);
if (block_count > ((spiffs_block_ix)(-1))) {
SPIFFS_DBG("Avoiding infinite loop, block_count "_SPIPRIbl" too large for spiffs_block_ix type\n", block_count);
SPIFFS_API_CHECK_RES_UNLOCK(fs, SPIFFS_ERR_INTERNAL);
}
spiffs_block_ix bix = 0;
while (bix < fs->block_count) {
while (bix < block_count) {
fs->max_erase_count = 0;
s32_t res = spiffs_erase_block(fs, bix);
if (res != SPIFFS_OK) {