lib: cmsis_rtos_v2: Default name if name is NULL

Fixed an issue whereby if an attribute structure was passed into a CMSIS RTOS v2 'new' function with an invalid address i.e. NULL assigned to the name (char*) member the memcpy at the end of each new function would cause a segmentation fault i.e. read from an invalid address. This has been fixed by checking if the name is NULL and using the default name from the init struct if it is. This is the same name that would be used if not passing in the optional attr function argument. Changed the memcpy to strncpy to ensure that the copy does not read beyond the end of the source string and changed the length from 16 to 15 (by means of a `sizeof(...)-1`) of the destination buffer to ensure that it will always be nul-terminated. Signed-off-by: Carlos Stuart <[email protected]>
dagar · Feb 6, 2019 · d47178b · d47178b
1 parent c637572
commit d47178b
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 7 deletions.
diff --git a/lib/cmsis_rtos_v2/event_flags.c b/lib/cmsis_rtos_v2/event_flags.c
@@ -46,7 +46,13 @@ osEventFlagsId_t osEventFlagsNew(const osEventFlagsAttr_t *attr)
 	k_poll_event_init(&events->poll_event, K_POLL_TYPE_SIGNAL,
 			  K_POLL_MODE_NOTIFY_ONLY, &events->poll_signal);
 	events->signal_results = 0;
-	memcpy(events->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(events->name, init_event_flags_attrs.name,
+			sizeof(events->name) - 1);
+	} else {
+		strncpy(events->name, attr->name, sizeof(events->name) - 1);
+	}
 
 	return (osEventFlagsId_t)events;
 }

diff --git a/lib/cmsis_rtos_v2/mempool.c b/lib/cmsis_rtos_v2/mempool.c
@@ -68,7 +68,13 @@ osMemoryPoolId_t osMemoryPoolNew(uint32_t block_count, uint32_t block_size,
 	}
 
 	k_mem_slab_init(&mslab->z_mslab, mslab->pool, block_size, block_count);
-	memcpy(mslab->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(mslab->name, init_mslab_attrs.name,
+			sizeof(mslab->name) - 1);
+	} else {
+		strncpy(mslab->name, attr->name, sizeof(mslab->name) - 1);
+	}
 
 	return (osMemoryPoolId_t)mslab;
 }

diff --git a/lib/cmsis_rtos_v2/msgq.c b/lib/cmsis_rtos_v2/msgq.c
@@ -66,7 +66,13 @@ osMessageQueueId_t osMessageQueueNew(uint32_t msg_count, uint32_t msg_size,
 	}
 
 	k_msgq_init(&msgq->z_msgq, msgq->pool, msg_size, msg_count);
-	memcpy(msgq->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(msgq->name, init_msgq_attrs.name,
+			sizeof(msgq->name) - 1);
+	} else {
+		strncpy(msgq->name, attr->name, sizeof(msgq->name) - 1);
+	}
 
 	return (osMessageQueueId_t)(msgq);
 }

diff --git a/lib/cmsis_rtos_v2/mutex.c b/lib/cmsis_rtos_v2/mutex.c
@@ -46,7 +46,13 @@ osMutexId_t osMutexNew(const osMutexAttr_t *attr)
 
 	k_mutex_init(&mutex->z_mutex);
 	mutex->state = attr->attr_bits;
-	memcpy(mutex->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(mutex->name, init_mutex_attrs.name,
+			sizeof(mutex->name) - 1);
+	} else {
+		strncpy(mutex->name, attr->name, sizeof(mutex->name) - 1);
+	}
 
 	return (osMutexId_t)mutex;
 }

diff --git a/lib/cmsis_rtos_v2/semaphore.c b/lib/cmsis_rtos_v2/semaphore.c
@@ -41,7 +41,14 @@ osSemaphoreId_t osSemaphoreNew(uint32_t max_count, uint32_t initial_count,
 	}
 
 	k_sem_init(&semaphore->z_semaphore, initial_count, max_count);
-	memcpy(semaphore->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(semaphore->name, init_sema_attrs.name,
+			sizeof(semaphore->name) - 1);
+	} else {
+		strncpy(semaphore->name, attr->name,
+			sizeof(semaphore->name) - 1);
+	}
 
 	return (osSemaphoreId_t)semaphore;
 }

diff --git a/lib/cmsis_rtos_v2/thread.c b/lib/cmsis_rtos_v2/thread.c
@@ -184,7 +184,14 @@ osThreadId_t osThreadNew(osThreadFunc_t threadfunc, void *arg,
 			      (void *)arg, NULL, threadfunc,
 			      prio, 0, K_NO_WAIT);
 
-	memcpy(tid->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(tid->name, init_thread_attrs.name,
+			sizeof(tid->name) - 1);
+	} else {
+		strncpy(tid->name, attr->name, sizeof(tid->name) - 1);
+	}
+
 	k_thread_name_set(&tid->z_thread, tid->name);
 
 	return (osThreadId_t)tid;

diff --git a/lib/cmsis_rtos_v2/timer.c b/lib/cmsis_rtos_v2/timer.c
@@ -62,7 +62,13 @@ osTimerId_t osTimerNew(osTimerFunc_t func, osTimerType_t type,
 	timer->status = NOT_ACTIVE;
 
 	k_timer_init(&timer->z_timer, zephyr_timer_wrapper, NULL);
-	memcpy(timer->name, attr->name, 16);
+
+	if (attr->name == NULL) {
+		strncpy(timer->name, init_timer_attrs.name,
+			sizeof(timer->name) - 1);
+	} else {
+		strncpy(timer->name, attr->name, sizeof(timer->name) - 1);
+	}
 
 	return (osTimerId_t)timer;
 }