From eca81753c8acb5b99425c7ae8930d0f39d58a7a6 Mon Sep 17 00:00:00 2001 From: Giovanni Di Sirio Date: Sun, 25 Mar 2018 14:59:40 +0000 Subject: Fixed bug #931. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@11852 110e8d01-0319-4d1e-a829-52ad28d1bb01 --- os/hal/lib/complex/mfs/mfs.c | 2 +- readme.txt | 2 ++ test/mfs/configuration.xml | 2 +- test/mfs/source/test/mfs_test_sequence_001.c | 12 ++++++------ 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/os/hal/lib/complex/mfs/mfs.c b/os/hal/lib/complex/mfs/mfs.c index 96112ac11..ba68fb19d 100644 --- a/os/hal/lib/complex/mfs/mfs.c +++ b/os/hal/lib/complex/mfs/mfs.c @@ -950,7 +950,7 @@ mfs_error_t mfsReadRecord(MFSDriver *mfsp, mfs_id_t id, /* Header read from flash.*/ RET_ON_ERROR(mfs_flash_read(mfsp, mfsp->descriptors[id - 1U].offset, - *np, + sizeof (mfs_data_header_t), mfsp->buffer.data8)); /* Data read from flash.*/ diff --git a/readme.txt b/readme.txt index 72c0414a4..ed1ebbd8b 100644 --- a/readme.txt +++ b/readme.txt @@ -110,6 +110,8 @@ - EX: Updated LIS302DL to 1.1.0 (backported to 18.2.1). - EX: Updated LPS25H to 1.1.0 (backported to 18.2.1). - EX: Updated LSM303DLHC to 1.1.0 (backported to 18.2.1). +- HAL: Fixed function mfsReadRecord() causes memory corruption because a + buffer overflow (bug #931)(backported to 18.2.1). - HAL: Fixed invalid SAI1 clock selection on STM32F7xx (bug #929)(backported to 18.2.1 and 17.6.4). - HAL: Fixed invalid clock checks for SDMMC1 and SDMMC2 on STM32F7xx diff --git a/test/mfs/configuration.xml b/test/mfs/configuration.xml index 04997992a..d89368ebc 100644 --- a/test/mfs/configuration.xml +++ b/test/mfs/configuration.xml @@ -328,7 +328,7 @@ test_assert(err == MFS_ERR_NOT_FOUND , "record was already present");]]> - Creating the record then retrieving it again, MFS_ERR_NOT_FOUND is expected, record content and size are compared with the original. + Creating the record then retrieving it again, MFS_NO_ERROR is expected, record content and size are compared with the original. diff --git a/test/mfs/source/test/mfs_test_sequence_001.c b/test/mfs/source/test/mfs_test_sequence_001.c index f25c12746..7804fcd80 100644 --- a/test/mfs/source/test/mfs_test_sequence_001.c +++ b/test/mfs/source/test/mfs_test_sequence_001.c @@ -222,9 +222,9 @@ static const testcase_t mfs_test_001_002 = { *

Test Steps

* - [1.3.1] The record must not already exists, MFS_ERR_NOT_FOUND is * expected. - * - [1.3.2] Creating the record then retrieving it again, - * MFS_ERR_NOT_FOUND is expected, record content and size are - * compared with the original. + * - [1.3.2] Creating the record then retrieving it again, MFS_NO_ERROR + * is expected, record content and size are compared with the + * original. * - [1.3.3] Updating the record then retrieving it again, MFS_NO_ERROR * is expected, record content and size are compared with the * original. @@ -254,9 +254,9 @@ static void mfs_test_001_003_execute(void) { test_assert(err == MFS_ERR_NOT_FOUND , "record was already present"); } - /* [1.3.2] Creating the record then retrieving it again, - MFS_ERR_NOT_FOUND is expected, record content and size are - compared with the original.*/ + /* [1.3.2] Creating the record then retrieving it again, MFS_NO_ERROR + is expected, record content and size are compared with the + original.*/ test_set_step(2); { mfs_error_t err; -- cgit v1.2.3