search

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
https://docs.zephyrproject.org
Apache License 2.0
10.49k stars 6.42k forks source link

lib: gui: lvgl: buffer overflow bug on misconfiguration #34544

Closed marinjurjevic closed 3 years ago

marinjurjevic commented 3 years ago

Describe the bug I wanted to try out minimal lvgl on stm32_min_dev_blue board which has only 20kB RAM. I am using ILI9340 display with resolution of 320x240. Because of small RAM, I kept reducing all values until build passed. You can see the relevant config in Additional context.

https://github.com/zephyrproject-rtos/zephyr/blob/e366d7948a536951d63392dd3bc63c36212e8081/lib/gui/lvgl/lvgl.c#L36

Based on my values, buf0 size will be 768. When lvgl starts rendering, it will do it using lvgl_set_px_cb_24bit callback. Here buffer overflow will happen and cause a mess in memory.

https://github.com/zephyrproject-rtos/zephyr/blob/e366d7948a536951d63392dd3bc63c36212e8081/lib/gui/lvgl/lvgl_display_24bit.c#L32

I am aware this happens because in DTS ILI9XXX_PIXEL_FORMAT_RGB888 is selected. I am not familiar with display subsystem enough, but I believe this should be checked in build time and buffer overflow should never happen.

To Reproduce Steps to reproduce the behavior:

  1. cd samples/subsys/display/lvgl
  2. west build -b stm32_min_dev_blue

Expected behavior I expected sample to work out of the box when built without errors.

Impact Showstopper.

Logs and console output If applicable, add console logs or other types of debug information e.g Wireshark capture or Logic analyzer capture (upload in zip archive). copy-and-paste text and put a code fence (```) before and after, to help explain the issue. (if unable to obtain text log, add a screenshot)

Environment (please complete the following information):

Additional context

stm32_min_dev_blue.overlay

``` #include &spi1 { status = "okay"; pinctrl-0 = <&spi1_sck_master_pa5 &spi1_miso_master_pa6 &spi1_mosi_master_pa7 &spi1_nss_master_pa4>; ili9340@0 { compatible = "ilitek,ili9340"; label = "ILI9340"; spi-max-frequency = <15151515>; reg = <0>; reset-gpios = <&gpioa 2 GPIO_ACTIVE_LOW>; /* PA2 */ cmd-data-gpios = <&gpioa 3 GPIO_ACTIVE_LOW>; /* PA3 */ pixel-format = ; rotation = <90>; frmctr1 = [00 18]; pwctrl1 = [23 00]; vmctrl1 = [3e 28]; vmctrl2 = [86]; pgamctrl = [0f 31 2b 0c 0e 08 4e f1 37 07 10 03 0e 09 00]; ngamctrl = [00 0e 14 03 11 07 31 c1 48 08 0f 0c 31 36 0f]; }; }; ```

prj.conf

```dosini CONFIG_HEAP_MEM_POOL_SIZE=12288 CONFIG_MAIN_STACK_SIZE=1576 CONFIG_DISPLAY=y #CONFIG_LOG=y #CONFIG_DISPLAY_LOG_LEVEL_ERR=y CONFIG_SPI=y CONFIG_ILI9340=y CONFIG_LVGL=y CONFIG_LVGL_DISPLAY_DEV_NAME="ILI9340" CONFIG_LVGL_HOR_RES_MAX=320 CONFIG_LVGL_VER_RES_MAX=240 CONFIG_LVGL_VDB_SIZE=1 CONFIG_LVGL_BITS_PER_PIXEL=8 CONFIG_LVGL_USE_CONT=y CONFIG_LVGL_USE_BTN=y CONFIG_LVGL_USE_LABEL=y ```

gmarull commented 3 years ago

You're setting a display pixel format RGB888 (24bpp) with CONFIG_LVGL_BITS_PER_PIXEL=8, should be CONFIG_LVGL_BITS_PER_PIXEL=24. Can you check and close the issue if it fixes the problem?

github-actions[bot] commented 3 years ago

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.