Hi,
In c autogenerated code (with BasicCodec), in case that read binary fails (and change the m_status to failure), the auto generated calls memcpy with length 0 and valid dst pointer, but with unknown src pointer (no one defined $info.dataTemp). According c spec this may lead to undefined behavior.
|
uint8_t * {$info.dataTemp}; |
|
codec->readBinary(&{$info.sizeTemp}, &{$info.dataTemp}); |
|
{% if info.hasLengthVariable && not info.constantVariable %} |
|
{% if info.pointerScalarTypes && source == "client" %}*{% endif %}{$info.size} = {$info.sizeTemp}; |
|
{% endif %} |
|
{% if info.maxSize != info.sizeTemp %} |
|
if ({$info.sizeTemp} <= {$info.maxSize}) |
|
{ |
|
{% set indent = " " >%} |
|
{% else %} |
|
{% set indent = "" >%} |
|
{% endif %} |
|
{% if source == "server" || info.useMallocOnClientSide == true %} |
|
{$indent}{$info.name} = (uint8_t *) erpc_malloc({$info.maxSize} * sizeof(uint8_t)); |
|
{% if generateAllocErrorChecks == true %} |
|
{$indent}if ({$info.name} == NULL) |
|
{$indent}{ |
|
{$indent} codec->updateStatus(kErpcStatus_MemoryError); |
|
{$indent}} |
|
{$indent}else |
|
{$indent}{ |
|
{$indent} memcpy({$info.name}, {$info.dataTemp}, {$info.sizeTemp}); |
Optional solutions will to have version of erpc_malloc that gets codec and returns NULL if the status is not OK (that skips the memcpy), or not do the malloc + memcpy at all if status is not success
