LoRaMac-node
LoRaMac-node copied to clipboard
Lora-net
Buffer overflow (-Wstringop-overflow) in matrixRow[] (FragDecoder.c) detected by GCC 10.2.1
Changing
uint8_t matrixRow[(FRAG_MAX_NB >> 3 ) + 1];
to
uint8_t matrixRow[(FRAG_MAX_NB >> 3 ) + 1 + 16];
suppresses the warning.
[43/79] Building C object CMakeFiles/LoRaMac-node.dir/LoRa...src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c.o ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c: In function 'FragDecoderProcess': ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:594:22: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 594 | matrixRow[i] = 0; | ~~~~~~~~~~~~~^~~ ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:307:13: note: at offset 0 to object 'matrixRow' with size 3 declared here 307 | uint8_t matrixRow[(FRAG_MAX_NB >> 3 ) + 1]; | ^~~~~~~~~ ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:594:22: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 594 | matrixRow[i] = 0; | ~~~~~~~~~~~~~^~~ ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:307:13: note: at offset 0 to object 'matrixRow' with size 3 declared here 307 | uint8_t matrixRow[(FRAG_MAX_NB >> 3 ) + 1]; | ^~~~~~~~~ ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:594:22: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 594 | matrixRow[i] = 0; | ~~~~~~~~~~~~~^~~ ../../LoRaMac-node/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c:307:13: note: at offset 0 to object 'matrixRow' with size 3 declared here 307 | uint8_t matrixRow[(FRAG_MAX_NB >> 3 ) + 1]; | ^~~~~~~~~
Looks like the optimizer gets confused about an unsigned <-> signed compare. This fixes the issue and is probably cleaner also:
--- a/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c
+++ b/src/apps/LoRaMac/common/LmHandler/packages/FragDecoder.c
@@ -589,7 +589,7 @@ static void FragGetParityMatrixRow( int32_t n, int32_t m, uint8_t *matrixRow )
}
x = 1 + ( 1001 * n );
- for( uint16_t i = 0; i < ( ( m >> 3 ) + 1 ); i++ )
+ for( int32_t i = 0; i < ( ( m >> 3 ) + 1 ); i++ )^M
{
matrixRow[i] = 0;
}
Thanks for the fix. May I ask you to propose a PR containing this fix?
Another question, which compiler options have you used to generate these warnings? So far I was not able to get the same output as you. I am using this project default compiler options.
