xscope_fread waits for chunks of data over and channel and streams them directly into the buffer. It detects if the end of the file has been reached by checking if the last chunk that was read is the end marker:
This string is read into the user-provided buffer before it is checked. If the buffer is not 17 bytes larger than the data left in the file then there will be a buffer overflow.
example:
# create an empty file
touch test.bin
Then read from the file
xscope_file_t fp = xscope_open_file("test.bin", "rb");
// buffer, array of 2
int read_buf[2] = {0, 0};
// read 1 int from a file into read_buf[0]
size_t read_len = xscope_fread(&fp, (void*)&read_buf[0], sizeof(read_buf[0]));
// read_buf[1] should still be 0, it is not.
xassert(read_buf[1] == 0); // fails
Expected behaviour: fread should never overflow the input buffer.
mbanth
commented
11 months ago
xscope_freadwaits for chunks of data over and channel and streams them directly into the buffer. It detects if the end of the file has been reached by checking if the last chunk that was read is the end marker:https://github.com/xmos/xscope_fileio/blob/52cff0826b2773beec49044a0729bb000c011379/xscope_fileio/src/xscope_io_device.c#L115C19-L115C19
The end marker is a 17 byte string:
https://github.com/xmos/xscope_fileio/blob/52cff0826b2773beec49044a0729bb000c011379/xscope_fileio/xscope_io_common.h#L6
This string is read into the user-provided buffer before it is checked. If the buffer is not 17 bytes larger than the data left in the file then there will be a buffer overflow.
example:
Then read from the file
Expected behaviour: fread should never overflow the input buffer.