Skip to content

[hardening] TBL load integer overflow + memory-safety cleanups#3

Draft
Not4right wants to merge 1 commit into
mainfrom
hardening/memsafety-and-tbl-overflow
Draft

[hardening] TBL load integer overflow + memory-safety cleanups#3
Not4right wants to merge 1 commit into
mainfrom
hardening/memsafety-and-tbl-overflow

Conversation

@Not4right

Copy link
Copy Markdown
Owner

Hardening patch set covering one critical finding (TBL load integer
overflow → out-of-bounds write on 32-bit flight targets) plus several
medium-severity defensive cleanups.

See the accompanying GitHub issue for the full writeup of the critical
finding and a conceptual reproducer.

Summary of changes

File Why
cfe_tbl_passthru_codec.c Guard Offset+NumBytes against unsigned overflow before size check.
cfe_tbl_eds_codec.c Same overflow guard for the EDS codec.
cfe_tbl_load.c Defense-in-depth overflow guard on size_t arithmetic.
cfe_tbl_internal.c Replace UB-prone memchr+strcpy in MarkNameAsModified; add bounds and small-buffer guards.
cfe_es_mempool.c Capture and log OS_MutSemTake/OS_MutSemGive failures (matches SB/FS/CDS convention).
cfe_es_cds.c, cfe_sb_priv.c sprintfsnprintf (MISRA-C compliance and config-widening robustness).
osal/src/os/vxworks/src/os-impl-tasks.c Clear lrec->heap_block immediately after free so dangling state is never observable.

Pre-merge checklist

  • Run repo CI (CodeQL, cppcheck, format-check, unit-test-coverage).
  • Add a unit test in cfe/modules/tbl/ut-coverage/ for the wrap-around case (Offset = 0xFFFFFFF0, NumBytes = 0x100).
  • Validate against a 32-bit target build (RTEMS or VxWorks) — the bug only reproduces where size_t is 32 bits.
  • CCB / cFS Product Team review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant