Convert to static array sizes for string parameters - name[static SIZE] and scrub string handling
#1511
Labels
Comments
|
Should actually confirm all our supported compilers are compliant (check NULL and undersized arrays) before advancing this change. At minimum the one used for CI should confirm the core software as configured is good. |
This was referenced Oct 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Many APIs and even internal functions require specific minimum string sizes to avoid a potential buffer overrun, yet take simple pointers, i.e.
char *. Some tools complain about strcpy/sprintf/etc, but the sized versions aren't any safer if the passed in string is too short.Example case:
cFE/modules/tbl/fsw/src/cfe_tbl_internal.c
Lines 597 to 607 in 84ba9a9
Describe the solution you'd like
Leverage C99 checks on sized parameter arrays, which also will protect at compile time from NULL inputs. Once minimum sizes are guaranteed, then revisit string comparison/manipulation calls to avoid buffer overruns based on these enforced minimums.
Note not backwards compatible where pointers are passed in vs the array. Also would REQUIRE the removal of all NULL pointer test cases and checks (would cause compile errors or dead code respectively).
Describe alternatives you've considered
None
Additional context
Code review, related to #1465
Requester Info
Jacob Hageman - NASA/GSFC
The text was updated successfully, but these errors were encountered: