Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :208919] Out-of-bounds read in drivers/sensor/adxl345/adxl345.c #23581

Closed
zephyrbot opened this issue Mar 18, 2020 · 1 comment
Closed

[Coverity CID :208919] Out-of-bounds read in drivers/sensor/adxl345/adxl345.c #23581

zephyrbot opened this issue Mar 18, 2020 · 1 comment
Assignees
@MaureenHelm
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/master/drivers/sensor/adxl345/adxl345.c#L100

Category: Memory - illegal accesses
Function: adxl345_channel_get
Component: Drivers
CID: 208919

Details:

106             break;
107         case SENSOR_CHAN_ACCEL_Z:
108             adxl345_accel_convert(val, data->bufz[data->sample_number]);
109             data->sample_number++;
110             break;
111         case SENSOR_CHAN_ACCEL_XYZ:
>>>     CID 208919:    (OVERRUN)
>>>     Overrunning array "data->bufx" of 32 2-byte elements at element index 32 (byte offset 65) using index "data->sample_number" (which evaluates to 32).
112             adxl345_accel_convert(val++, data->bufx[data->sample_number]);
113             adxl345_accel_convert(val++, data->bufy[data->sample_number]);
114             adxl345_accel_convert(val,   data->bufz[data->sample_number]);
115             data->sample_number++;
116             break;
117         default:
94         if (data->sample_number > 32) {
95             data->sample_number = 0;
96         }
97    
98         switch (chan) {
99         case SENSOR_CHAN_ACCEL_X:
>>>     CID 208919:    (OVERRUN)
>>>     Overrunning array "data->bufx" of 32 2-byte elements at element index 32 (byte offset 65) using index "data->sample_number" (which evaluates to 32).
100             adxl345_accel_convert(val, data->bufx[data->sample_number]);
101             data->sample_number++;
102             break;
103         case SENSOR_CHAN_ACCEL_Y:
104             adxl345_accel_convert(val, data->bufy[data->sample_number]);
105             data->sample_number++;

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug labels Mar 18, 2020
@mateusz-holenko mateusz-holenko mentioned this issue Mar 30, 2020
Merged
mateusz-holenko pushed a commit to antmicro/zephyr that referenced this issue Apr 22, 2020
@kamilrakoczy @mateusz-holenko
Sensor: ADXL345: Fix ADXL345 driver
6886137 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
carlescufi pushed a commit that referenced this issue Apr 22, 2020
@kamilrakoczy @carlescufi
Sensor: ADXL345: Fix ADXL345 driver
415065a 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in #23577, #23581 and #23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
@carlescufi
Copy link
Member

Fixed by #23931

sandeepbrcm pushed a commit to Broadcom/zephyr that referenced this issue Apr 30, 2020
@kamilrakoczy
Sensor: ADXL345: Fix ADXL345 driver
0ceea6e 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
hakehuang pushed a commit to hakehuang/zephyr that referenced this issue Jun 20, 2020
@kamilrakoczy @hakehuang
Sensor: ADXL345: Fix ADXL345 driver
bc51c0b 
Fixes problems with ADXL345 3-axis I2C accelerometer
reported in zephyrproject-rtos#23577, zephyrproject-rtos#23581 and zephyrproject-rtos#23584.

Signed-off-by: Kamil Rakoczy <krakoczy@antmicro.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaureenHelm MaureenHelm

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: medium Medium impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MaureenHelm @carlescufi @zephyrbot