mynewt-nimble icon indicating copy to clipboard operation
mynewt-nimble copied to clipboard
verified publisher icon apache

nimble/host: Change 'move_count' to uint8_t type to prevent out-of-bounds errors

Open darshan7patel opened this issue 1 year ago • 6 comments

  • Change 'move_count' to uint8_t type to prevent out-of-bounds errors during memmove with compiler optimization enabled.
  • Fixed compilation issue in nimble for -O2 flag.
  • error: 'memmove' offset [88, 175] is out of the bounds [0, 88] of object 'ble_store_config_peer_secs' with type 'struct ble_store_value_sec[1]' [-Werror=array-bounds=] memmove(dst, src, move_count * value_size);

darshan7patel avatar Feb 13 '24 11:02 darshan7patel

please add proper prefix to commit title (see other commits as guideline) and include error message in commit message

andrzej-kaczmarek avatar Feb 13 '24 13:02 andrzej-kaczmarek

I'm having trouble understanding this fix, this basically limit move_count to 255

what is exactly fixed here?

sjanc avatar Mar 20 '24 13:03 sjanc

okay, so I looked at this and it appears that GCC is not able to properly track relations between globals (eg ble_store_config_num_peer_secs) and memmove in ble_store_config_delete_obj

sjanc avatar Mar 21 '24 09:03 sjanc

I'd suggest to use assert() or if() to hint GCC

BTW BLE_STORE_MAX_CCCDS() might have similar issues (if also configured to 1)

sjanc avatar Mar 21 '24 09:03 sjanc

Basically, the size has been increased since, when compiler optimization was enabled, it was previously creating out-of-bounds errors. So, now it will prevent these errors.

darshan7patel avatar Mar 22 '24 05:03 darshan7patel

Hi,

please check if https://github.com/apache/mynewt-nimble/pull/1737 solves this issue for you

sjanc avatar Apr 03 '24 08:04 sjanc