app: rpc_demod: fix buffer overflow in handle_read

Fix the following error: Remote>Opened file 'remote.file' with fd = 8 *** buffer overflow detected ***: rpc_demod-shared 1. Change RPC_BUFF_SIZE to accomodate the remote 2. Set size to the minimum of the request or the buffer size Signed-off-by: Sergei Korneichuk <[email protected]>
noisesignal · Oct 18, 2022 · 17b2594 · 17b2594
1 parent 2b6a38a
commit 17b2594
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/apps/examples/rpc_demo/rpc_demod.c b/apps/examples/rpc_demo/rpc_demod.c
@@ -19,7 +19,7 @@
 #include "platform_info.h"
 #include "rpmsg-rpc-demo.h"
 
-#define RPC_BUFF_SIZE 496
+#define RPC_BUFF_SIZE 1024
 #define REDEF_O_CREAT 100
 #define REDEF_O_EXCL 200
 #define REDEF_O_RDONLY 0
@@ -126,17 +126,16 @@ static int handle_read(struct rpmsg_rpc_syscall *syscall,
 	if (!syscall || !ept)
 		return -EINVAL;
 	payload = buf + sizeof(*resp);
-	if (syscall->args.int_field1 == 0) {
-		bytes_read = sizeof(buf) - sizeof(*resp);
-		/* Perform read from fd for large size since this is a
-		   STD/I request */
-		bytes_read = read(syscall->args.int_field1, payload,
-				  bytes_read);
-	} else {
-		/* Perform read from fd */
-		bytes_read = read(syscall->args.int_field1, payload,
-				  syscall->args.int_field2);
-	}
+
+	/*
+	 * For STD_IN read up to the buf size. Otherwise read
+	 * only the size requested in in syscall->rgs.int_field2
+	 */
+	bytes_read = sizeof(buf) - sizeof(*resp);
+	if (!syscall->args.int_field1 && syscall->args.int_field2 < bytes_read)
+		bytes_read = syscall->args.int_field2;
+
+	bytes_read = read(syscall->args.int_field1, payload, bytes_read);
 
 	/* Construct rpc response */
 	resp = (struct rpmsg_rpc_syscall *)buf;