From d44ab5893845801ec95e058b9b56a3a75b9720f7 Mon Sep 17 00:00:00 2001
From: Jan Breuer <jan.breuer@jaybee.cz>
Date: 周日, 04 10月 2015 19:35:26 +0800
Subject: [PATCH] Fix access outside buffer
---
libscpi/src/parser.c | 144 ++++++++++++++++++++++++++++++++++++-----------
1 files changed, 109 insertions(+), 35 deletions(-)
diff --git a/libscpi/src/parser.c b/libscpi/src/parser.c
index 375f4ac..9032c9c 100644
--- a/libscpi/src/parser.c
+++ b/libscpi/src/parser.c
@@ -90,7 +90,10 @@
static size_t writeNewLine(scpi_t * context) {
if (context->output_count > 0) {
size_t len;
- len = writeData(context, "\r\n", 2);
+#ifndef SCPI_LINE_ENDING
+#error no termination character defined
+#endif
+ len = writeData(context, SCPI_LINE_ENDING, strlen(SCPI_LINE_ENDING));
flushData(context);
return len;
} else {
@@ -126,7 +129,6 @@
context->output_count = 0;
context->input_count = 0;
- SCPI_DEBUG_COMMAND(context);
/* if callback exists - call command callback */
if (cmd->callback != NULL) {
if ((cmd->callback(context) != SCPI_RES_OK) && !context->cmd_error) {
@@ -327,7 +329,7 @@
/**
* Return prefix of nondecimal base
* @param base
- * @return
+ * @return
*/
static const char * getBasePrefix(int8_t base) {
switch (base) {
@@ -343,7 +345,7 @@
* @param context
* @param val
* @param base
- * @return
+ * @return
*/
size_t SCPI_ResultIntBase(scpi_t * context, int32_t val, int8_t base) {
char buffer[33];
@@ -402,7 +404,7 @@
* @param context
* @param data
* @param len
- * @return
+ * @return
*/
size_t SCPI_ResultArbitraryBlock(scpi_t * context, const char * data, size_t len) {
size_t result = 0;
@@ -412,7 +414,7 @@
SCPI_LongToStr(len, block_header + 2, 10, 10);
header_len = strlen(block_header + 2);
- block_header[1] = header_len + '0';
+ block_header[1] = (char)(header_len + '0');
result += writeData(context, block_header, header_len + 2);
result += writeData(context, data, len);
@@ -449,7 +451,7 @@
* @param context
* @param parameter
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_Parameter(scpi_t * context, scpi_parameter_t * parameter, scpi_bool_t mandatory) {
lex_state_t * state;
@@ -507,7 +509,7 @@
* Detect if parameter is number
* @param parameter
* @param suffixAllowed
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamIsNumber(scpi_parameter_t * parameter, scpi_bool_t suffixAllowed) {
switch (parameter->type) {
@@ -528,9 +530,9 @@
* @param context
* @param parameter
* @param value result
- * @return true if succesful
+ * @return TRUE if succesful
*/
-scpi_bool_t SCPI_ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value) {
+static scpi_bool_t ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value, scpi_bool_t sign) {
if (!value) {
SCPI_ErrorPush(context, SCPI_ERROR_SYSTEM_ERROR);
@@ -539,16 +541,43 @@
switch (parameter->type) {
case SCPI_TOKEN_HEXNUM:
- return strToLong(parameter->ptr, value, 16) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 16) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_OCTNUM:
- return strToLong(parameter->ptr, value, 8) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 8) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_BINNUM:
- return strToLong(parameter->ptr, value, 2) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 2) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA:
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA_WITH_SUFFIX:
- return strToLong(parameter->ptr, value, 10) > 0 ? TRUE : FALSE;
+ if (sign) {
+ return strToLong(parameter->ptr, value, 10) > 0 ? TRUE : FALSE;
+ } else {
+ return strToULong(parameter->ptr, (uint32_t *)value, 10) > 0 ? TRUE : FALSE;
+ }
}
return FALSE;
+}
+
+
+/**
+ * Convert parameter to integer
+ * @param context
+ * @param parameter
+ * @param value result
+ * @return TRUE if succesful
+ */
+scpi_bool_t SCPI_ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value) {
+ return ParamToInt(context, parameter, value, TRUE);
+}
+
+/**
+ * Convert parameter to unsigned integer
+ * @param context
+ * @param parameter
+ * @param value result
+ * @return TRUE if succesful
+ */
+scpi_bool_t SCPI_ParamToUnsignedInt(scpi_t * context, scpi_parameter_t * parameter, uint32_t * value) {
+ return ParamToInt(context, parameter, (int32_t *)value, FALSE);
}
/**
@@ -556,11 +585,12 @@
* @param context
* @param parameter
* @param value result
- * @return true if succesful
+ * @return TRUE if succesful
*/
+#include "stdio.h"
scpi_bool_t SCPI_ParamToDouble(scpi_t * context, scpi_parameter_t * parameter, double * value) {
scpi_bool_t result = FALSE;
- int32_t valint;
+ uint32_t valint;
if (!value) {
SCPI_ErrorPush(context, SCPI_ERROR_SYSTEM_ERROR);
@@ -571,7 +601,7 @@
case SCPI_TOKEN_HEXNUM:
case SCPI_TOKEN_OCTNUM:
case SCPI_TOKEN_BINNUM:
- result = SCPI_ParamToInt(context, parameter, &valint);
+ result = SCPI_ParamToUnsignedInt(context, parameter, &valint);
*value = valint;
break;
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA:
@@ -587,7 +617,7 @@
* @param context
* @param value
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamDouble(scpi_t * context, double * value, scpi_bool_t mandatory) {
scpi_bool_t result;
@@ -618,9 +648,9 @@
* @param context
* @param value
* @param mandatory
- * @return
+ * @return
*/
-scpi_bool_t SCPI_ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory) {
+static scpi_bool_t ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory, scpi_bool_t sign) {
scpi_bool_t result;
scpi_parameter_t param;
@@ -632,7 +662,7 @@
result = SCPI_Parameter(context, ¶m, mandatory);
if (result) {
if (SCPI_ParamIsNumber(¶m, FALSE)) {
- SCPI_ParamToInt(context, ¶m, value);
+ result = ParamToInt(context, ¶m, value, sign);
} else if (SCPI_ParamIsNumber(¶m, TRUE)) {
SCPI_ErrorPush(context, SCPI_ERROR_SUFFIX_NOT_ALLOWED);
result = FALSE;
@@ -644,13 +674,21 @@
return result;
}
+scpi_bool_t SCPI_ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory) {
+ return ParamInt(context, value, mandatory, TRUE);
+}
+
+scpi_bool_t SCPI_ParamUnsignedInt(scpi_t * context, uint32_t * value, scpi_bool_t mandatory) {
+ return ParamInt(context, (int32_t *)value, mandatory, FALSE);
+}
+
/**
* Read character parameter
* @param context
* @param value
* @param len
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamCharacters(scpi_t * context, const char ** value, size_t * len, scpi_bool_t mandatory) {
scpi_bool_t result;
@@ -663,8 +701,17 @@
result = SCPI_Parameter(context, ¶m, mandatory);
if (result) {
- *value = param.ptr;
- *len = param.len;
+ switch(param.type) {
+ case SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA:
+ case SCPI_TOKEN_DOUBLE_QUOTE_PROGRAM_DATA:
+ *value = param.ptr + 1;
+ *len = param.len - 2;
+ break;
+ default:
+ *value = param.ptr;
+ *len = param.len;
+ break;
+ }
// TODO: return also parameter type (ProgramMnemonic, ArbitraryBlockProgramData, SingleQuoteProgramData, DoubleQuoteProgramData
}
@@ -678,7 +725,7 @@
* @param value result pointer to data
* @param len result length of data
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamArbitraryBlock(scpi_t * context, const char ** value, size_t * len, scpi_bool_t mandatory) {
scpi_bool_t result;
@@ -722,7 +769,7 @@
case SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA:
case SCPI_TOKEN_DOUBLE_QUOTE_PROGRAM_DATA:
quote = param.type == SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA ? '\'' : '"';
- for (i_from = 0, i_to = 0; i_from < (size_t) param.len; i_from++) {
+ for (i_from = 1, i_to = 0; i_from < (size_t) (param.len - 1); i_from++) {
if (i_from >= buffer_len) {
break;
}
@@ -731,6 +778,10 @@
if (param.ptr[i_from] == quote) {
i_from++;
}
+ }
+ *copy_len = i_to;
+ if (i_to < buffer_len) {
+ buffer[i_to] = 0;
}
break;
default:
@@ -748,7 +799,7 @@
* @param parameter - should be PROGRAM_MNEMONIC
* @param options - NULL terminated list of choices
* @param value - index to options
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamToChoice(scpi_t * context, scpi_parameter_t * parameter, const scpi_choice_def_t * options, int32_t * value) {
size_t res;
@@ -783,7 +834,7 @@
* @param options specifications of choices numbers (patterns)
* @param tag numerical representatio of choice
* @param text result text
- * @return true if succesfule, else false
+ * @return TRUE if succesfule, else FALSE
*/
scpi_bool_t SCPI_ChoiceToName(const scpi_choice_def_t * options, int32_t tag, const char ** text) {
int i;
@@ -803,7 +854,7 @@
* @param context
* @param value
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamBool(scpi_t * context, scpi_bool_t * value, scpi_bool_t mandatory) {
scpi_bool_t result;
@@ -844,7 +895,7 @@
* @param options
* @param value
* @param mandatory
- * @return
+ * @return
*/
scpi_bool_t SCPI_ParamChoice(scpi_t * context, const scpi_choice_def_t * options, int32_t * value, scpi_bool_t mandatory) {
scpi_bool_t result;
@@ -867,7 +918,7 @@
* Parse one parameter and detect type
* @param state
* @param token
- * @return
+ * @return
*/
int scpiParser_parseProgramData(lex_state_t * state, scpi_token_t * token) {
scpi_token_t tmp;
@@ -906,7 +957,7 @@
* @param state
* @param token
* @param numberOfParameters
- * @return
+ * @return
*/
int scpiParser_parseAllProgramData(lex_state_t * state, scpi_token_t * token, int * numberOfParameters) {
@@ -956,7 +1007,7 @@
* @param state
* @param buffer
* @param len
- * @return
+ * @return
*/
int scpiParser_detectProgramMessageUnit(scpi_parser_state_t * state, char * buffer, int len) {
lex_state_t lex_state;
@@ -1009,14 +1060,16 @@
* - suitable for one handle to multiple commands
* @param context
* @param cmd
- * @return
+ * @return
*/
scpi_bool_t SCPI_IsCmd(scpi_t * context, const char * cmd) {
+ const char * pattern;
+
if (!context->param_list.cmd) {
return FALSE;
}
- const char * pattern = context->param_list.cmd->pattern;
+ pattern = context->param_list.cmd->pattern;
return matchCommand (pattern, cmd, strlen (cmd), NULL, 0);
}
@@ -1040,3 +1093,24 @@
scpi_bool_t SCPI_CommandNumbers(scpi_t * context, int32_t * numbers, size_t len) {
return matchCommand (context->param_list.cmd->pattern, context->param_list.cmd_raw.data, context->param_list.cmd_raw.length, numbers, len);
}
+
+/**
+ * If SCPI_Parameter() returns FALSE, this function can detect, if the parameter
+ * is just missing (TRUE) or if there was an error during processing of the command (FALSE)
+ * @param parameter
+ * @return
+ */
+scpi_bool_t SCPI_ParamIsValid(scpi_parameter_t * parameter)
+{
+ return parameter->type == SCPI_TOKEN_UNKNOWN ? FALSE : TRUE;
+}
+
+/**
+ * Returns TRUE if there was an error during parameter handling
+ * @param context
+ * @return
+ */
+scpi_bool_t SCPI_ParamErrorOccurred(scpi_t * context)
+{
+ return context->cmd_error;
+}
--
Gitblit v1.9.1