github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various codeQL fixes

Browse source 
Code was previously performing arithmetic in
various loop check conditions.  Integer promotion rules could cause unintended comparisons.

`spiffs` defined `fs->block_count` as `uint32_t`, but defined `spiffs_page_ix` as `uint16_t`.  Various overflow checks detected by CodeQL and fixed by checking for those conditions before looping.
This commit is contained in:
Henry Gabryjelski 2025-01-10 15:02:19 -08:00
commit 1c75690b1a
4 changed files with 49 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
armsrc/spiffs_nucleus.c
View file

@ -372,10 +372,11 @@ s32_t spiffs_obj_lu_scan(
spiffs_block_ix unerased_bix = (spiffs_block_ix) - 1;
#endif
uint32_t block_count = fs->block_count;
// this _should_ never happen, but prefer to see debug message / error
// rather than silently entering infinite loop.
if (fs->block_count > ((spiffs_block_ix)(-1))) {
SPIFFS_DBG("Avoiding infinite loop, block_count "_SPIPRIbl" too large for spiffs_block_ix type\n", fs->block_count);
if (block_count > ((spiffs_block_ix)(-1))) {
SPIFFS_DBG("Avoiding infinite loop, block_count "_SPIPRIbl" too large for spiffs_block_ix type\n", block_count);
SPIFFS_API_CHECK_RES(fs, SPIFFS_ERR_INTERNAL);
}
@ -386,7 +387,7 @@ s32_t spiffs_obj_lu_scan(
spiffs_obj_id erase_count_final;
spiffs_obj_id erase_count_min = SPIFFS_OBJ_ID_FREE;
spiffs_obj_id erase_count_max = 0;
while (bix < fs->block_count) {
while (bix < block_count) {
#if SPIFFS_USE_MAGIC
spiffs_obj_id magic;
res = _spiffs_rd(fs,