Coercion Alters Valuehelp at ptp_message.cpp:453 No properties have been set. | edit properties Jump to warning location ↓ warning details... Show Events | Options buildPTPMessage() .../common/ptp_message.cpp expand/collapse PTPMessageCommon *buildPTPMessage ( char *buf, int size, LinkLayerAddress *remote, CommonPort *port ) { OSTimer *timer = port->getTimerFactory()->createTimer(); PTPMessageCommon *msg = NULL; PTPMessageId messageId; MessageType messageType; unsigned char tspec_msg_t = 0; unsigned char transportSpecific = 0; uint16_t sequenceId; PortIdentity *sourcePortIdentity; Timestamp timestamp(0, 0, 0); unsigned counter_value = 0; EtherPort *eport = NULL; #if PTP_DEBUG { int i; GPTP_LOG_VERBOSE("Packet Dump:\n"); for (i = 0; i < size; ++i) { GPTP_LOG_VERBOSE("%hhx\t", buf[i]); if (i % 8 == 7) GPTP_LOG_VERBOSE("\n"); } if (i % 8 != 0) GPTP_LOG_VERBOSE("\n"); } #endif memcpy(&tspec_msg_t, buf + PTP_COMMON_HDR_TRANSSPEC_MSGTYPE(PTP_COMMON_HDR_OFFSET), sizeof(tspec_msg_t)); messageType = (MessageType) (tspec_msg_t & 0xF); transportSpecific = (tspec_msg_t >> 4) & 0x0F; sourcePortIdentity = new PortIdentity ((uint8_t *) (buf + PTP_COMMON_HDR_SOURCE_CLOCK_ID (PTP_COMMON_HDR_OFFSET)), (uint16_t *) (buf + PTP_COMMON_HDR_SOURCE_PORT_ID (PTP_COMMON_HDR_OFFSET))); memcpy (&(sequenceId), buf + PTP_COMMON_HDR_SEQUENCE_ID(PTP_COMMON_HDR_OFFSET), sizeof(sequenceId)); sequenceId = PLAT_ntohs(sequenceId); GPTP_LOG_VERBOSE("Captured Sequence Id: %u", sequenceId); messageId.setMessageType(messageType); messageId.setSequenceId(sequenceId); if (!(messageType >> 3)) { Skipping "if" Event 1: Skipping "if". messageType >> 3 evaluates to true. Jump to next message hide int iter = 5; long req = 4000; // = 1 ms eport = dynamic_cast ( port ); if (eport == NULL) { GPTP_LOG_ERROR ( "Received Event Message, but port type " "doesn't support timestamping\n" ); goto abort; Show [ Lines 135 to 158 omitted. ] //_exit(-1); goto abort; } else { GPTP_LOG_VERBOSE("Timestamping event packet"); } } if (1 != transportSpecific) { Skipping "if" Event 2: Skipping "if". 1 != transportSpecific evaluates to false. Jump to previous message Jump to next message hide GPTP_LOG_EXCEPTION("Received message with unsupported transportSpecific type=%d", transportSpecific); goto abort; } switch (messageType) { Event 3: messageType evaluates to 11. Jump to previous message Jump to next message hide case SYNC_MESSAGE: GPTP_LOG_INFO("Received Sync, seqID: %u", sequenceId); GPTP_LOG_INFO("Sync RX timestamp = %hu,%u,%u", timestamp.seconds_ms, timestamp.seconds_ls, timestamp.nanoseconds ); // Be sure buffer is the correction size if (size < PTP_COMMON_HDR_LENGTH + PTP_SYNC_LENGTH) { goto abort; } { Show [ Lines 185 to 415 omitted. ] seconds_ls); pdelay_resp_fwup_msg-> responseOriginTimestamp.nanoseconds = PLAT_ntohl (pdelay_resp_fwup_msg->responseOriginTimestamp. nanoseconds); msg = pdelay_resp_fwup_msg; } break; case ANNOUNCE_MESSAGE: GPTP_LOG_VERBOSE("Received Announce message"); { PTPMessageAnnounce *annc = new PTPMessageAnnounce(); annc->messageType = messageType; int tlv_length = size - PTP_COMMON_HDR_LENGTH + PTP_ANNOUNCE_LENGTH; memcpy(&(annc->currentUtcOffset), buf + PTP_ANNOUNCE_CURRENT_UTC_OFFSET (PTP_ANNOUNCE_OFFSET), sizeof(annc->currentUtcOffset)); annc->currentUtcOffset = PLAT_ntohs(annc->currentUtcOffset); memcpy(&(annc->grandmasterPriority1), buf + PTP_ANNOUNCE_GRANDMASTER_PRIORITY1 (PTP_ANNOUNCE_OFFSET), sizeof(annc->grandmasterPriority1)); memcpy( annc->grandmasterClockQuality, buf+ PTP_ANNOUNCE_GRANDMASTER_CLOCK_QUALITY (PTP_ANNOUNCE_OFFSET), sizeof( *annc->grandmasterClockQuality )); annc-> grandmasterClockQuality->offsetScaledLogVariance = Coercion Alters Value help PLAT_ntohs(...) is coerced from unsigned short to short. PLAT_ntohs(...) could be 32768 or higher. PLAT_ntohs(...) evaluates to ntohs(s)platform.cpp:45. Values 32768 or higher cannot be stored as short. Coercing them to short can cause data loss or sign change. The issue can occur if the highlighted code executes. See related events 5, 6, and 7. Show: All events | Only primary events PLAT_ntohs ( annc->grandmasterClockQuality-> offsetScaledLogVariance ); PLAT_ntohs() .../linux/src/platform.cpp expand/collapse uint16_t PLAT_ntohs( uint16_t s ) { return ntohs( s ); event Event 4: ntohs() returns a potentially dangerous value [?]. Determines the value that is coerced in the Coercion Alters Value warning later. Jump to previous message Jump to next message hide event Event 5: Considering the case where ntohs(s) is at least 0. Jump to previous message Jump to next message hide event Event 6: Considering the case where ntohs(s) is no more than 65535. Jump to previous message Jump to next message hide event Event 7: PLAT_ntohs() returns ntohs(s). See related event 4. Jump to previous message Jump to next message hide