skliper
commented
3 years ago Should actually confirm all our supported compilers are compliant (check NULL and undersized arrays) before advancing this change. At minimum the one used for CI should confirm the core software as configured is good.
Is your feature request related to a problem? Please describe. Many APIs and even internal functions require specific minimum string sizes to avoid a potential buffer overrun, yet take simple pointers, i.e.
char *. Some tools complain about strcpy/sprintf/etc, but the sized versions aren't any safer if the passed in string is too short.Example case: https://github.com/nasa/cFE/blob/84ba9a9974794e239b989cdc4e2359216e44fab0/modules/tbl/fsw/src/cfe_tbl_internal.c#L597-L607
Describe the solution you'd like Leverage C99 checks on sized parameter arrays, which also will protect at compile time from NULL inputs. Once minimum sizes are guaranteed, then revisit string comparison/manipulation calls to avoid buffer overruns based on these enforced minimums.
Note not backwards compatible where pointers are passed in vs the array. Also would REQUIRE the removal of all NULL pointer test cases and checks (would cause compile errors or dead code respectively).
Describe alternatives you've considered None
Additional context Code review, related to #1465
Requester Info Jacob Hageman - NASA/GSFC