From d44ab5893845801ec95e058b9b56a3a75b9720f7 Mon Sep 17 00:00:00 2001
From: Jan Breuer <jan.breuer@jaybee.cz>
Date: 周日, 04 10月 2015 19:35:26 +0800
Subject: [PATCH] Fix access outside buffer
---
libscpi/src/parser.c | 98 ++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 84 insertions(+), 14 deletions(-)
diff --git a/libscpi/src/parser.c b/libscpi/src/parser.c
index 6fa269b..9032c9c 100644
--- a/libscpi/src/parser.c
+++ b/libscpi/src/parser.c
@@ -414,7 +414,7 @@
SCPI_LongToStr(len, block_header + 2, 10, 10);
header_len = strlen(block_header + 2);
- block_header[1] = header_len + '0';
+ block_header[1] = (char)(header_len + '0');
result += writeData(context, block_header, header_len + 2);
result += writeData(context, data, len);
@@ -532,7 +532,7 @@
* @param value result
* @return TRUE if succesful
*/
-scpi_bool_t SCPI_ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value) {
+static scpi_bool_t ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value, scpi_bool_t sign) {
if (!value) {
SCPI_ErrorPush(context, SCPI_ERROR_SYSTEM_ERROR);
@@ -541,16 +541,43 @@
switch (parameter->type) {
case SCPI_TOKEN_HEXNUM:
- return strToLong(parameter->ptr, value, 16) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 16) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_OCTNUM:
- return strToLong(parameter->ptr, value, 8) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 8) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_BINNUM:
- return strToLong(parameter->ptr, value, 2) > 0 ? TRUE : FALSE;
+ return strToULong(parameter->ptr, (uint32_t *)value, 2) > 0 ? TRUE : FALSE;
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA:
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA_WITH_SUFFIX:
- return strToLong(parameter->ptr, value, 10) > 0 ? TRUE : FALSE;
+ if (sign) {
+ return strToLong(parameter->ptr, value, 10) > 0 ? TRUE : FALSE;
+ } else {
+ return strToULong(parameter->ptr, (uint32_t *)value, 10) > 0 ? TRUE : FALSE;
+ }
}
return FALSE;
+}
+
+
+/**
+ * Convert parameter to integer
+ * @param context
+ * @param parameter
+ * @param value result
+ * @return TRUE if succesful
+ */
+scpi_bool_t SCPI_ParamToInt(scpi_t * context, scpi_parameter_t * parameter, int32_t * value) {
+ return ParamToInt(context, parameter, value, TRUE);
+}
+
+/**
+ * Convert parameter to unsigned integer
+ * @param context
+ * @param parameter
+ * @param value result
+ * @return TRUE if succesful
+ */
+scpi_bool_t SCPI_ParamToUnsignedInt(scpi_t * context, scpi_parameter_t * parameter, uint32_t * value) {
+ return ParamToInt(context, parameter, (int32_t *)value, FALSE);
}
/**
@@ -560,9 +587,10 @@
* @param value result
* @return TRUE if succesful
*/
+#include "stdio.h"
scpi_bool_t SCPI_ParamToDouble(scpi_t * context, scpi_parameter_t * parameter, double * value) {
scpi_bool_t result = FALSE;
- int32_t valint;
+ uint32_t valint;
if (!value) {
SCPI_ErrorPush(context, SCPI_ERROR_SYSTEM_ERROR);
@@ -573,7 +601,7 @@
case SCPI_TOKEN_HEXNUM:
case SCPI_TOKEN_OCTNUM:
case SCPI_TOKEN_BINNUM:
- result = SCPI_ParamToInt(context, parameter, &valint);
+ result = SCPI_ParamToUnsignedInt(context, parameter, &valint);
*value = valint;
break;
case SCPI_TOKEN_DECIMAL_NUMERIC_PROGRAM_DATA:
@@ -622,7 +650,7 @@
* @param mandatory
* @return
*/
-scpi_bool_t SCPI_ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory) {
+static scpi_bool_t ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory, scpi_bool_t sign) {
scpi_bool_t result;
scpi_parameter_t param;
@@ -634,7 +662,7 @@
result = SCPI_Parameter(context, ¶m, mandatory);
if (result) {
if (SCPI_ParamIsNumber(¶m, FALSE)) {
- SCPI_ParamToInt(context, ¶m, value);
+ result = ParamToInt(context, ¶m, value, sign);
} else if (SCPI_ParamIsNumber(¶m, TRUE)) {
SCPI_ErrorPush(context, SCPI_ERROR_SUFFIX_NOT_ALLOWED);
result = FALSE;
@@ -644,6 +672,14 @@
}
}
return result;
+}
+
+scpi_bool_t SCPI_ParamInt(scpi_t * context, int32_t * value, scpi_bool_t mandatory) {
+ return ParamInt(context, value, mandatory, TRUE);
+}
+
+scpi_bool_t SCPI_ParamUnsignedInt(scpi_t * context, uint32_t * value, scpi_bool_t mandatory) {
+ return ParamInt(context, (int32_t *)value, mandatory, FALSE);
}
/**
@@ -665,8 +701,17 @@
result = SCPI_Parameter(context, ¶m, mandatory);
if (result) {
- *value = param.ptr;
- *len = param.len;
+ switch(param.type) {
+ case SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA:
+ case SCPI_TOKEN_DOUBLE_QUOTE_PROGRAM_DATA:
+ *value = param.ptr + 1;
+ *len = param.len - 2;
+ break;
+ default:
+ *value = param.ptr;
+ *len = param.len;
+ break;
+ }
// TODO: return also parameter type (ProgramMnemonic, ArbitraryBlockProgramData, SingleQuoteProgramData, DoubleQuoteProgramData
}
@@ -724,7 +769,7 @@
case SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA:
case SCPI_TOKEN_DOUBLE_QUOTE_PROGRAM_DATA:
quote = param.type == SCPI_TOKEN_SINGLE_QUOTE_PROGRAM_DATA ? '\'' : '"';
- for (i_from = 0, i_to = 0; i_from < (size_t) param.len; i_from++) {
+ for (i_from = 1, i_to = 0; i_from < (size_t) (param.len - 1); i_from++) {
if (i_from >= buffer_len) {
break;
}
@@ -733,6 +778,10 @@
if (param.ptr[i_from] == quote) {
i_from++;
}
+ }
+ *copy_len = i_to;
+ if (i_to < buffer_len) {
+ buffer[i_to] = 0;
}
break;
default:
@@ -785,7 +834,7 @@
* @param options specifications of choices numbers (patterns)
* @param tag numerical representatio of choice
* @param text result text
- * @return TRUE if succesfule, else false
+ * @return TRUE if succesfule, else FALSE
*/
scpi_bool_t SCPI_ChoiceToName(const scpi_choice_def_t * options, int32_t tag, const char ** text) {
int i;
@@ -1044,3 +1093,24 @@
scpi_bool_t SCPI_CommandNumbers(scpi_t * context, int32_t * numbers, size_t len) {
return matchCommand (context->param_list.cmd->pattern, context->param_list.cmd_raw.data, context->param_list.cmd_raw.length, numbers, len);
}
+
+/**
+ * If SCPI_Parameter() returns FALSE, this function can detect, if the parameter
+ * is just missing (TRUE) or if there was an error during processing of the command (FALSE)
+ * @param parameter
+ * @return
+ */
+scpi_bool_t SCPI_ParamIsValid(scpi_parameter_t * parameter)
+{
+ return parameter->type == SCPI_TOKEN_UNKNOWN ? FALSE : TRUE;
+}
+
+/**
+ * Returns TRUE if there was an error during parameter handling
+ * @param context
+ * @return
+ */
+scpi_bool_t SCPI_ParamErrorOccurred(scpi_t * context)
+{
+ return context->cmd_error;
+}
--
Gitblit v1.9.1