• State TI Thinks Resolved
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 203 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3130: Static codeanalyse buffer overrun

Jørgen Busch
Prodigy 90 points
Part Number: CC3130

Tool/software:

Hi

We gotten some results from our static codeanalyse CodeSonar.

only 2 issues found so far :-)

one bufferoverrun from file driver.c, function _SlDrvMsgRead(...)

Se picture:

in case opcode = SL_OPCODE_SOCKET_RECVFROMASYNCRESPONSE_V6

  • 0
    TI__Mastermind 21505 points

    An expert has been assigned and wil get back to you by end of day tomorrow.

  • 0 in reply to AB
    TI__Guru 61365 points

    Hi,

    Basically, it should not arrive to the 3rd location since it is wrapped with if() statement on the data size (ACT_DATA_SIZE).

    The structure is common for all type and starts with a 4 bytes header as follows:

    _i16 StatusOrLen;
    _u8 Sd;
    _u8 Padding;

    the following if(ACT_DATA_SIZE(&uBuf.TempBuf[4]) > 0) statement would check the StatusOrLen before stepping into and since in would be 0 in case of RECV_ARGS_SIZE, it would not get into.

    Regards,

    Shlomi