aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSamuel O'Brien <sam.obrien@ni.com>2020-07-13 16:11:42 -0500
committerAaron Rossetto <aaron.rossetto@ni.com>2020-07-16 07:28:15 -0500
commitbe6491428db599867129733f73e7ce0ce23e05a7 (patch)
tree929ae62f57a57f669edaaa7ad4186d83416a8502
parentb2527716000284eaaaeff9d6c51241c5392e92f6 (diff)
downloaduhd-be6491428db599867129733f73e7ce0ce23e05a7.tar.gz
uhd-be6491428db599867129733f73e7ce0ce23e05a7.tar.bz2
uhd-be6491428db599867129733f73e7ce0ce23e05a7.zip
chdr: Assert Ctrl Packet Size Before Serializing
This commit alters the ctrl_payload#serialize function to assert the serialized length of the packet fits inside the buffer before writing. Originally, the function writes the data and then asserts that the final pointer position isn't further than the end of the buffer. While this works, if it were to fail, that means we have already caused undefined behavior by writing to some random memory location, which isn't good practice. This commit is possible now that the get_length method exists. Signed-off-by: Samuel O'Brien <sam.obrien@ni.com>
-rw-r--r--host/lib/rfnoc/chdr_types.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/host/lib/rfnoc/chdr_types.cpp b/host/lib/rfnoc/chdr_types.cpp
index 3978c8694..950bf39f2 100644
--- a/host/lib/rfnoc/chdr_types.cpp
+++ b/host/lib/rfnoc/chdr_types.cpp
@@ -46,8 +46,10 @@ size_t ctrl_payload::serialize(uint64_t* buff,
size_t max_size_bytes,
const std::function<uint64_t(uint64_t)>& conv_byte_order) const
{
+ // Ctrl Packet Payload can't have more than 15 data -> 8 CHDR_W (RFNoC Spec.
+ // Section 2.2.3)
UHD_ASSERT_THROW((data_vtr.size() > 0 && data_vtr.size() < 16));
- // We assume that buff has room to hold the entire packet
+ UHD_ASSERT_THROW(get_length() * sizeof(uint64_t) <= max_size_bytes);
size_t ptr = 0;
// Populate control header
@@ -90,8 +92,7 @@ size_t ctrl_payload::serialize(uint64_t* buff,
| static_cast<uint64_t>(data_vtr[i]) << LO_DATA_OFFSET);
}
- // FIXME: This UHD_ASSERT_THROW is a bit late because memory has already been
- // corrupted
+ // This really should be impossible but we'll leave it for safety's sake
UHD_ASSERT_THROW(ptr <= max_size_bytes);
// Return bytes written
return (ptr * sizeof(uint64_t));