search

nasa / osal

The Core Flight System (cFS) Operating System Abstraction Layer (OSAL)
Apache License 2.0
557 stars 218 forks source link

OS_GetErrorName Seg Faults #1435

Closed ahatstat closed 10 months ago

ahatstat commented 11 months ago

Describe the bug The coverage test coverage-shared-errors-testrunner seg faults on a build for ARM/Linux. The seg fault happens in function OS_GetErrorName at this line. 

*err_name[sizeof(*err_name) - 1] = 0;

Here err_name is a pointer to a char array. The order of operations for C indicates that the array subscripting [] will be evaluated before the pointer dereferecing *. This results in dereferencing a value outside of the char array defined in the coverage test for OS_GetErrorName.

I believe the syntax should be '(*err_name)[sizeof(*err_name) - 1] = 0; to ensure the pointer is dereferenced before the array subscripting. Making this change fixes the seg fault on my system.

To Reproduce Run the coverage-shared-errors-testrunner coverage test.

Expected behavior The test passes and does not seg fault.

System observed on:

ahatstat commented 11 months ago 
./coverage-shared-errors-testrunner -d

[BEGIN] UNIT TEST

[BEGIN] 01 SETUP
[  END] No test cases

[BEGIN] 01 OS_GetErrorName
[DEBUG] utstubs.c:925:OCS_strncpy called (DEFAULT,0)
Segmentation fault (core dumped)
ahatstat commented 11 months ago

Here is the Godbolt compiler explorer showing the Assembly for this line as is. Note the 1190 offset which is well past the end of the char array. It thinks each array element size is 35 bytes. 34 * 35 = 1190.