Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Argc checks in f4 app_cantest tests #89

Open
HorizontalCar opened this issue Apr 8, 2024 · 0 comments
Open

Missing Argc checks in f4 app_cantest tests #89

HorizontalCar opened this issue Apr 8, 2024 · 0 comments
Assignees
@amberjennings
Labels
bug Something isn't working

Comments

@HorizontalCar
Copy link

Hello,

I have been testing automated firmware testing tools on this firmware and found inputs that result in minor crashes. Specifically, there are missing argc checks resulting in null pointer dereferences in the following areas:

lfs
argv[0] can be null resulting in a null pointer dereference in strcmp

oresat-firmware/src/f4/app_cantest/source/test_lfs.c

Line 19 in dff1094

if (!strcmp(argv[0], "ls") && argc > 1) {

time UTC
argv[1] can be null resulting in a null pointer dereference in strcmp

oresat-firmware/src/f4/app_cantest/source/test_time.c

Line 43 in dff1094

if (!strcmp(argv[1], "get")) {

time scet
argv[1] can be null resulting in a null pointer dereference in strcmp

oresat-firmware/src/f4/app_cantest/source/test_time.c

Line 32 in dff1094

if (!strcmp(argv[1], "get")) {

time unix
argv[1] can be null resulting in a null pointer dereference in strcmp

oresat-firmware/src/f4/app_cantest/source/test_time.c

Line 20 in dff1094

if (!strcmp(argv[1], "get")) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amberjennings amberjennings

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmitri-mcguckin @HorizontalCar @amberjennings