fix: zero-init struct tm before gmtime_r; replace strcpy with memcpy#2753
Open
stark256-spec wants to merge 1 commit into
Open
fix: zero-init struct tm before gmtime_r; replace strcpy with memcpy#2753stark256-spec wants to merge 1 commit into
stark256-spec wants to merge 1 commit into
Conversation
Two independent static-analysis findings addressed in one commit since they touch disjoint files and carry the same risk category. 1. cfe_time_api.c — CFE_TIME_Print (fixes nasa#2735) gmtime_r() returns NULL when the input time_t is outside the range representable by struct tm (overflow or platform-specific limits). The subsequent strftime() then reads from an uninitialised struct, producing undefined behaviour. Zero-initialise tm with memset before calling gmtime_r() so that a failed conversion yields a deterministic epoch-like formatted string rather than garbage or a crash. 2. cfe_assert_init.c + cfe_tbl_internal.c — strcpy (fixes nasa#2737) Both sites append a known, fixed-length literal ('.tmp' and '(*)') into a buffer where available space has already been verified by the surrounding bounds check. Replace strcpy with memcpy(dst, literal, sizeof(literal)) which copies exactly the required bytes including the NUL terminator without relying on runtime null-termination scanning.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2735 and #2737.
#2735 —
gmtime_r()returns NULL for out-of-rangetime_tvalues, leavingstruct tmuninitialised.strftime()on uninitialised memory is UB. Zero-initialisetmwithmemset()before callinggmtime_r()so a failed conversion produces a deterministic epoch-like string.#2737 — Both
strcpysites incfe_assert_init.candcfe_tbl_internal.cappend a fixed-length literal into a buffer where space was already verified. Replace withmemcpy(dst, literal, sizeof(literal))to copy exactly the required bytes including the NUL terminator.