Skip to content

Fix operation bounds check for Flash Map API #89351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix operation bounds check for Flash Map API #89351

wants to merge 2 commits into from
+21 −1

Conversation

de-nordic
Copy link
Collaborator

@de-nordic de-nordic commented Apr 30, 2025
edited
Loading

All functions area using is_in_flash_area_bounds for checking parameters; the function was not immune to integer overflow.
The PR fixes the function and adds test scenario for overflows.

Fixes #89349

@de-nordic
storage/flash_map: Fix is_in_flash_area_bounds
42020d6 
Prevent possible overflow in is_in_flash_area_bounds while
validating offset and length of an operation.

Fixes zephyrproject-rtos#89349

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: flash_map: Basic offset/length overflow tests
3a8a5b9 
Test integer overflow on Flash Area operation parameters.
All functions call the same is_in_flash_area_bounds
function for parameter verification, so it was enough
to test parameter checks of flash_read.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic requested a review from Copilot April 30, 2025 18:48
Copilot
Copilot AI reviewed Apr 30, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes an integer overflow vulnerability in the Flash Map API’s bounds checking function and adds test cases to verify the new behavior.

  • Updated the bounds check in flash_map_priv.h to prevent overflow by splitting the addition into two comparisons.
  • Added tests in tests/subsys/storage/flash_map/src/main.c to verify that overflow conditions are correctly detected.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
tests/subsys/storage/flash_map/src/main.c Added test cases for overflow detection in bounds checking
subsys/storage/flash_map/flash_map_priv.h Refactored bounds check logic to avoid integer overflows

@github-actions github-actions bot added the area: Storage Storage subsystem label Apr 30, 2025
@de-nordic de-nordic added bug The issue is a bug, or the PR is fixing a bug area: Flash and removed area: Storage Storage subsystem labels Apr 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@kartben kartben kartben approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
area: Flash bug The issue is a bug, or the PR is fixing a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Flash Map: Bounds checking not immune to integer overflow
2 participants
@de-nordic @kartben