9454536018

Committed 10 Jun 2024 07:41PM CUT coverage: 99.488% (-0.08%) from 99.563%

Build # 9454536018

Build Type

push

github

Committed by

bblanchon

Commit Message

Fix integer overflow in MsgPackDeserializer

Run Details

9 of 12 new or added lines in 2 files covered. (75.0%)

3883 of 3903 relevant lines covered (99.49%)

10783.16 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.15

/src/ArduinoJson/Memory/StringNode.hpp

// ArduinoJson - https://arduinojson.org
// Copyright © 2014-2024, Benoit BLANCHON
// MIT License

#pragma once

#include <ArduinoJson/Memory/Allocator.hpp>
#include <ArduinoJson/Namespace.hpp>
#include <ArduinoJson/Polyfills/assert.hpp>
#include <ArduinoJson/Polyfills/integer.hpp>
#include <ArduinoJson/Polyfills/limits.hpp>

#include <stddef.h>  // offsetof

ARDUINOJSON_BEGIN_PRIVATE_NAMESPACE

struct StringNode {
  // Use the same type as SlotId to store the reference count
  // (there can never be more references than slots)
  using references_type = uint_t<ARDUINOJSON_SLOT_ID_SIZE * 8>;

  using length_type = uint_t<ARDUINOJSON_STRING_LENGTH_SIZE * 8>;

  struct StringNode* next;
  references_type references;
  length_type length;
  char data[1];

  static constexpr size_t maxLength = numeric_limits<length_type>::highest();

  static constexpr size_t sizeForLength(size_t n) {
    return n + 1 + offsetof(StringNode, data);
  }

  static StringNode* create(size_t length, Allocator* allocator) {
    if (length > maxLength)
      return nullptr;
    auto size = sizeForLength(length);
    if (size < length)  // overflow
      return nullptr;
    auto node = reinterpret_cast<StringNode*>(
        allocator->allocate(sizeForLength(length)));
    if (node) {
      node->length = length_type(length);
      node->references = 1;
    }
    return node;
  }

  static StringNode* resize(StringNode* node, size_t length,
                            Allocator* allocator) {
    ARDUINOJSON_ASSERT(node != nullptr);
    StringNode* newNode;
    if (length <= maxLength)
      newNode = reinterpret_cast<StringNode*>(
          allocator->reallocate(node, sizeForLength(length)));
    else
      newNode = nullptr;
    if (newNode)
      newNode->length = length_type(length);
    else
      allocator->deallocate(node);
    return newNode;
  }

  static void destroy(StringNode* node, Allocator* allocator) {
    allocator->deallocate(node);
  }
};

// Returns the size (in bytes) of an string with n characters.
constexpr size_t sizeofString(size_t n) {
  return StringNode::sizeForLength(n);
}

ARDUINOJSON_END_PRIVATE_NAMESPACE

1	// ArduinoJson - https://arduinojson.org
2	// Copyright © 2014-2024, Benoit BLANCHON
3	// MIT License
4
5	#pragma once
6
7	#include <ArduinoJson/Memory/Allocator.hpp>
8	#include <ArduinoJson/Namespace.hpp>
9	#include <ArduinoJson/Polyfills/assert.hpp>
10	#include <ArduinoJson/Polyfills/integer.hpp>
11	#include <ArduinoJson/Polyfills/limits.hpp>
12
13	#include <stddef.h> // offsetof
14
15	ARDUINOJSON_BEGIN_PRIVATE_NAMESPACE
16
17	struct StringNode {
18	// Use the same type as SlotId to store the reference count
19	// (there can never be more references than slots)
20	using references_type = uint_t<ARDUINOJSON_SLOT_ID_SIZE * 8>;
21
22	using length_type = uint_t<ARDUINOJSON_STRING_LENGTH_SIZE * 8>;
23
24	struct StringNode* next;
25	references_type references;
26	length_type length;
27	char data[1];
28
29	static constexpr size_t maxLength = numeric_limits<length_type>::highest();
30
31	static constexpr size_t sizeForLength(size_t n) {	7,189✔
32	return n + 1 + offsetof(StringNode, data);	7,189✔
33	}
34
35	static StringNode* create(size_t length, Allocator* allocator) {	1,942✔
36	if (length > maxLength)	1,942✔
37	return nullptr;	15✔
38	auto size = sizeForLength(length);	1,927✔
39	if (size < length) // overflow	1,927✔
NEW 40	return nullptr;	×
41	auto node = reinterpret_cast<StringNode*>(
42	allocator->allocate(sizeForLength(length)));	1,927✔
43	if (node) {	1,927✔
44	node->length = length_type(length);	1,895✔
45	node->references = 1;	1,895✔
46	}
47	return node;	1,927✔
48	}
49
50	static StringNode* resize(StringNode* node, size_t length,	1,327✔
51	Allocator* allocator) {
52	ARDUINOJSON_ASSERT(node != nullptr);
53	StringNode* newNode;
54	if (length <= maxLength)	1,327✔
55	newNode = reinterpret_cast<StringNode*>(
56	allocator->reallocate(node, sizeForLength(length)));	1,324✔
57	else
58	newNode = nullptr;	3✔
59	if (newNode)	1,327✔
60	newNode->length = length_type(length);	1,321✔
61	else
62	allocator->deallocate(node);	6✔
63	return newNode;	1,327✔
64	}
65
66	static void destroy(StringNode* node, Allocator* allocator) {	1,889✔
67	allocator->deallocate(node);	1,889✔
68	}	1,889✔
69	};
70
71	// Returns the size (in bytes) of an string with n characters.
72	constexpr size_t sizeofString(size_t n) {	2,011✔
73	return StringNode::sizeForLength(n);	2,011✔
74	}
75
76	ARDUINOJSON_END_PRIVATE_NAMESPACE

bblanchon / ArduinoJson / 9454536018

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous