Fix unbounded stack in emberAfPrintBuffer() (#4633)

kpschoedel · pull[bot] · commit 1438534ab6ff · 2021-02-10T19:30:44.000Z
* Fix unbounded stack in emberAfPrintBuffer() #### Problem emberAfPrintBuffer() allocates stack space based on an argument, with no upper bound. This could lead to stack exhaustion on small devices. #### Summary of Changes Print long buffers in multiple segments. Fixes #3662 - Unbounded stack in emberAfPrintBuffer() * Use CHIP_DEVICE_CONFIG_LOG_MESSAGE_MAX_SIZE for buffer size * TODO * casts
diff --git a/src/app/util/ember-print.cpp b/src/app/util/ember-print.cpp
@@ -1,6 +1,6 @@
 /**
  *
- *    Copyright (c) 2020 Project CHIP Authors
+ *    Copyright (c) 2020-2021 Project CHIP Authors
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -20,6 +20,8 @@
 
 #include "debug-printing.h"
 
+#include <platform/CHIPDeviceConfig.h>
+#include <support/CodeUtils.h>
 #include <support/logging/CHIPLogging.h>
 
 bool emberAfPrintReceivedMessages = true;
@@ -28,7 +30,7 @@ using namespace chip::Logging;
 
 void emberAfPrint(int category, const char * format, ...)
 {
-    if (format != NULL)
+    if (format != nullptr)
     {
         va_list args;
         va_start(args, format);
@@ -39,7 +41,7 @@ void emberAfPrint(int category, const char * format, ...)
 
 void emberAfPrintln(int category, const char * format, ...)
 {
-    if (format != NULL)
+    if (format != nullptr)
     {
         va_list args;
         va_start(args, format);
@@ -48,35 +50,39 @@ void emberAfPrintln(int category, const char * format, ...)
     }
 }
 
-// TODO: issue #3662 - Unbounded stack in emberAfPrintBuffer()
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wstack-usage="
+// TODO: add unit tests.
 
 void emberAfPrintBuffer(int category, const uint8_t * buffer, uint16_t length, bool withSpace)
 {
-    if (buffer != NULL && length > 0)
+    if (buffer != nullptr && length > 0)
     {
-        const char * perByteFormatStr = withSpace ? "%02hhX " : "%02hhX";
-        uint8_t perByteCharCount      = withSpace ? 3 : 2;
+        constexpr uint16_t kBufferSize = CHIP_DEVICE_CONFIG_LOG_MESSAGE_MAX_SIZE;
+        const char * perByteFormatStr  = withSpace ? "%02hhX " : "%02hhX";
+        const uint8_t perByteCharCount = withSpace ? 3 : 2;
+        const uint16_t bytesPerBuffer  = static_cast<uint16_t>((kBufferSize - 1) / perByteCharCount);
+        char result[kBufferSize];
 
-        uint32_t outStringLength = length * perByteCharCount + 1;
-        char result[outStringLength];
-        for (uint32_t dst_idx = 0, index = 0; dst_idx < outStringLength - 1 && index < length; dst_idx += perByteCharCount, index++)
+        uint16_t index = 0;
+        while (index < length)
         {
-
-            snprintf(result + dst_idx, outStringLength - dst_idx, perByteFormatStr, buffer[index]);
+            const uint16_t remainingBytes = static_cast<uint16_t>(length - index);
+            const uint16_t segmentLength  = chip::min(bytesPerBuffer, remainingBytes);
+            const uint16_t segmentEnd     = static_cast<uint16_t>(index + segmentLength);
+            const uint32_t outStringEnd   = segmentLength * perByteCharCount;
+            for (uint32_t dst_idx = 0; dst_idx < outStringEnd && index < segmentEnd; dst_idx += perByteCharCount, index++)
+            {
+                snprintf(result + dst_idx, outStringEnd - dst_idx + 1, perByteFormatStr, buffer[index]);
+            }
+            result[outStringEnd] = 0;
+            emberAfPrint(category, "%s", result);
         }
-        result[outStringLength - 1] = 0;
-        emberAfPrint(category, "%s", result);
     }
     else
     {
         emberAfPrint(EMBER_AF_PRINT_CORE, "NULL");
     }
 }
 
-#pragma GCC diagnostic pop // -Wstack-usage
-
 void emberAfPrintString(int category, const uint8_t * string)
 {
     emberAfPrint(category, "%s", string);

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`/**`
`2`	`2`	`*`
`3`		`- * Copyright (c) 2020 Project CHIP Authors`
	`3`	`+ * Copyright (c) 2020-2021 Project CHIP Authors`
`4`	`4`	`*`
`5`	`5`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`6`	`6`	`* you may not use this file except in compliance with the License.`
`@@ -20,6 +20,8 @@`
`20`	`20`
`21`	`21`	`#include "debug-printing.h"`
`22`	`22`
	`23`	`+#include <platform/CHIPDeviceConfig.h>`
	`24`	`+#include <support/CodeUtils.h>`
`23`	`25`	`#include <support/logging/CHIPLogging.h>`
`24`	`26`
`25`	`27`	`bool emberAfPrintReceivedMessages = true;`
`@@ -28,7 +30,7 @@ using namespace chip::Logging;`
`28`	`30`
`29`	`31`	`void emberAfPrint(int category, const char * format, ...)`
`30`	`32`	`{`
`31`		`- if (format != NULL)`
	`33`	`+ if (format != nullptr)`
`32`	`34`	`{`
`33`	`35`	`va_list args;`
`34`	`36`	`va_start(args, format);`
`@@ -39,7 +41,7 @@ void emberAfPrint(int category, const char * format, ...)`
`39`	`41`
`40`	`42`	`void emberAfPrintln(int category, const char * format, ...)`
`41`	`43`	`{`
`42`		`- if (format != NULL)`
	`44`	`+ if (format != nullptr)`
`43`	`45`	`{`
`44`	`46`	`va_list args;`
`45`	`47`	`va_start(args, format);`
`@@ -48,35 +50,39 @@ void emberAfPrintln(int category, const char * format, ...)`
`48`	`50`	`}`
`49`	`51`	`}`
`50`	`52`
`51`		`-// TODO: issue #3662 - Unbounded stack in emberAfPrintBuffer()`
`52`		`-#pragma GCC diagnostic push`
`53`		`-#pragma GCC diagnostic ignored "-Wstack-usage="`
	`53`	`+// TODO: add unit tests.`
`54`	`54`
`55`	`55`	`void emberAfPrintBuffer(int category, const uint8_t * buffer, uint16_t length, bool withSpace)`
`56`	`56`	`{`
`57`		`- if (buffer != NULL && length > 0)`
	`57`	`+ if (buffer != nullptr && length > 0)`
`58`	`58`	`{`
`59`		`- const char * perByteFormatStr = withSpace ? "%02hhX " : "%02hhX";`
`60`		`- uint8_t perByteCharCount = withSpace ? 3 : 2;`
	`59`	`+ constexpr uint16_t kBufferSize = CHIP_DEVICE_CONFIG_LOG_MESSAGE_MAX_SIZE;`
	`60`	`+ const char * perByteFormatStr = withSpace ? "%02hhX " : "%02hhX";`
	`61`	`+ const uint8_t perByteCharCount = withSpace ? 3 : 2;`
	`62`	`+ const uint16_t bytesPerBuffer = static_cast<uint16_t>((kBufferSize - 1) / perByteCharCount);`
	`63`	`+ char result[kBufferSize];`
`61`	`64`
`62`		`- uint32_t outStringLength = length * perByteCharCount + 1;`
`63`		`- char result[outStringLength];`
`64`		`- for (uint32_t dst_idx = 0, index = 0; dst_idx < outStringLength - 1 && index < length; dst_idx += perByteCharCount, index++)`
	`65`	`+ uint16_t index = 0;`
	`66`	`+ while (index < length)`
`65`	`67`	`{`
`66`		`-`
`67`		`- snprintf(result + dst_idx, outStringLength - dst_idx, perByteFormatStr, buffer[index]);`
	`68`	`+ const uint16_t remainingBytes = static_cast<uint16_t>(length - index);`
	`69`	`+ const uint16_t segmentLength = chip::min(bytesPerBuffer, remainingBytes);`
	`70`	`+ const uint16_t segmentEnd = static_cast<uint16_t>(index + segmentLength);`
	`71`	`+ const uint32_t outStringEnd = segmentLength * perByteCharCount;`
	`72`	`+ for (uint32_t dst_idx = 0; dst_idx < outStringEnd && index < segmentEnd; dst_idx += perByteCharCount, index++)`
	`73`	`+ {`
	`74`	`+ snprintf(result + dst_idx, outStringEnd - dst_idx + 1, perByteFormatStr, buffer[index]);`
	`75`	`+ }`
	`76`	`+ result[outStringEnd] = 0;`
	`77`	`+ emberAfPrint(category, "%s", result);`
`68`	`78`	`}`
`69`		`- result[outStringLength - 1] = 0;`
`70`		`- emberAfPrint(category, "%s", result);`
`71`	`79`	`}`
`72`	`80`	`else`
`73`	`81`	`{`
`74`	`82`	`emberAfPrint(EMBER_AF_PRINT_CORE, "NULL");`
`75`	`83`	`}`
`76`	`84`	`}`
`77`	`85`
`78`		`-#pragma GCC diagnostic pop // -Wstack-usage`
`79`		`-`
`80`	`86`	`void emberAfPrintString(int category, const uint8_t * string)`
`81`	`87`	`{`
`82`	`88`	`emberAfPrint(category, "%s", string);`