diff options
author | Samuel O'Brien <sam.obrien@ni.com> | 2020-07-13 16:11:42 -0500 |
---|---|---|
committer | Aaron Rossetto <aaron.rossetto@ni.com> | 2020-07-16 07:28:15 -0500 |
commit | be6491428db599867129733f73e7ce0ce23e05a7 (patch) | |
tree | 929ae62f57a57f669edaaa7ad4186d83416a8502 | |
parent | b2527716000284eaaaeff9d6c51241c5392e92f6 (diff) | |
download | uhd-be6491428db599867129733f73e7ce0ce23e05a7.tar.gz uhd-be6491428db599867129733f73e7ce0ce23e05a7.tar.bz2 uhd-be6491428db599867129733f73e7ce0ce23e05a7.zip |
chdr: Assert Ctrl Packet Size Before Serializing
This commit alters the ctrl_payload#serialize function to assert the
serialized length of the packet fits inside the buffer before writing.
Originally, the function writes the data and then asserts that the final
pointer position isn't further than the end of the buffer. While this
works, if it were to fail, that means we have already caused undefined
behavior by writing to some random memory location, which isn't good
practice.
This commit is possible now that the get_length method exists.
Signed-off-by: Samuel O'Brien <sam.obrien@ni.com>
-rw-r--r-- | host/lib/rfnoc/chdr_types.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/host/lib/rfnoc/chdr_types.cpp b/host/lib/rfnoc/chdr_types.cpp index 3978c8694..950bf39f2 100644 --- a/host/lib/rfnoc/chdr_types.cpp +++ b/host/lib/rfnoc/chdr_types.cpp @@ -46,8 +46,10 @@ size_t ctrl_payload::serialize(uint64_t* buff, size_t max_size_bytes, const std::function<uint64_t(uint64_t)>& conv_byte_order) const { + // Ctrl Packet Payload can't have more than 15 data -> 8 CHDR_W (RFNoC Spec. + // Section 2.2.3) UHD_ASSERT_THROW((data_vtr.size() > 0 && data_vtr.size() < 16)); - // We assume that buff has room to hold the entire packet + UHD_ASSERT_THROW(get_length() * sizeof(uint64_t) <= max_size_bytes); size_t ptr = 0; // Populate control header @@ -90,8 +92,7 @@ size_t ctrl_payload::serialize(uint64_t* buff, | static_cast<uint64_t>(data_vtr[i]) << LO_DATA_OFFSET); } - // FIXME: This UHD_ASSERT_THROW is a bit late because memory has already been - // corrupted + // This really should be impossible but we'll leave it for safety's sake UHD_ASSERT_THROW(ptr <= max_size_bytes); // Return bytes written return (ptr * sizeof(uint64_t)); |