search

GoogleCloudPlatform / iot-device-sdk-embedded-c

Cloud IoT Device SDK for Connectivity to IoT Core.
Other
247 stars 83 forks source link

fix fopen FILE* unsigned comparison bug #99

Closed pnfisher closed 4 years ago

pnfisher commented 4 years ago

iotc_bsp_io_fs_open() in

src/bsp/platform/posix/iotc_bsp_io_fs_posix.c

sets resource_handle_out to the FILE* returned by fopen() if fopen() doesn't fail. This in turn gets assigned to the resource manager's context->resource_handle. Later, iotc_resource_manager_read() in

src/libiotc/io/fs/iotc_resource_manager.c

checks to make sure context->resource_handle is not less the zero. But there's nothing about fopen() that ensures that the FILE* returned by fopen() can't be a value less than zero (when used in a signed comparison).

If iotc_resource_manager_read() is going to assume a value less than 0 indicates a BSP file io open error, then we need to replace the use of fopen() in iotc_bsp_io_fs_posix.c with open(). #72

googlebot commented 4 years ago

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

:memo: Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

pnfisher commented 4 years ago

@googlebot I signed it!