Missing Argc checks in f4 app_cantest tests - Githubissues

oresat / oresat-firmware

OreSat firmware based on ChibiOS for M0 and M4 microcontrollers

GNU General Public License v3.0

36 stars 13 forks source link

Missing Argc checks in f4 app_cantest tests #89

Open HorizontalCar opened 5 months ago

HorizontalCar commented 5 months ago

Hello,

I have been testing automated firmware testing tools on this firmware and found inputs that result in minor crashes. Specifically, there are missing argc checks resulting in null pointer dereferences in the following areas:

lfs argv[0] can be null resulting in a null pointer dereference in strcmp https://github.com/oresat/oresat-firmware/blob/dff1094dba17f24569f07f36d699d12309de88ae/src/f4/app_cantest/source/test_lfs.c#L19 time UTC argv[1] can be null resulting in a null pointer dereference in strcmp https://github.com/oresat/oresat-firmware/blob/dff1094dba17f24569f07f36d699d12309de88ae/src/f4/app_cantest/source/test_time.c#L43 time scet argv[1] can be null resulting in a null pointer dereference in strcmp https://github.com/oresat/oresat-firmware/blob/dff1094dba17f24569f07f36d699d12309de88ae/src/f4/app_cantest/source/test_time.c#L32 time unix argv[1] can be null resulting in a null pointer dereference in strcmp https://github.com/oresat/oresat-firmware/blob/dff1094dba17f24569f07f36d699d12309de88ae/src/f4/app_cantest/source/test_time.c#L20

ryanpdx commented 1 month ago

With #99 we dropping support for F4 apps