diff options
author | Kevin May <kevin.may@arm.com> | 2020-07-28 11:29:04 +0100 |
---|---|---|
committer | Jim Flynn <jim.flynn@arm.com> | 2020-07-28 12:56:21 +0000 |
commit | c135179c935e3f85e591014e14be81b3f2597825 (patch) | |
tree | c75d688518c1b4573c5fdb9408eb738c9dba30e1 /src/profiling/ProfilingUtils.cpp | |
parent | 1a26896fd8d48205393ba0f22db864b5302b703f (diff) | |
download | armnn-c135179c935e3f85e591014e14be81b3f2597825.tar.gz |
IVGCVSW-5079 Fix for Timeline decoder segfaults when given bad data
* Check packet size/length in ReadSwTraceMessage
* Update existing Unit tests
* Add new Unit tests
Signed-off-by: Kevin May <kevin.may@arm.com>
Change-Id: Ie15be8bc289d7bcb354a259312aada5268bff4e4
Diffstat (limited to 'src/profiling/ProfilingUtils.cpp')
-rw-r--r-- | src/profiling/ProfilingUtils.cpp | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/profiling/ProfilingUtils.cpp b/src/profiling/ProfilingUtils.cpp index d86adbc051..8c43a8cd3a 100644 --- a/src/profiling/ProfilingUtils.cpp +++ b/src/profiling/ProfilingUtils.cpp @@ -316,7 +316,9 @@ uint32_t CalculateSizeOfPaddedSwString(const std::string& str) } // Read TimelineMessageDirectoryPacket from given IPacketBuffer and offset -SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, unsigned int& offset) +SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, + unsigned int& offset, + const unsigned int& packetLength) { ARMNN_ASSERT(packetBuffer); @@ -335,6 +337,11 @@ SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, unsigned in offset += uint32_t_size; uint32_t swTraceDeclNameLength = ReadUint32(packetBuffer, offset); + if (swTraceDeclNameLength == 0 || swTraceDeclNameLength > packetLength) + { + throw RuntimeException("Error swTraceDeclNameLength is an invalid size", CHECK_LOCATION()); + } + offset += uint32_t_size; std::vector<unsigned char> swTraceStringBuffer(swTraceDeclNameLength - 1); std::memcpy(swTraceStringBuffer.data(), @@ -346,6 +353,11 @@ SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, unsigned in offset += CalculateSizeOfPaddedSwString(swTraceMessage.m_Name); uint32_t swTraceUINameLength = ReadUint32(packetBuffer, offset); + if (swTraceUINameLength == 0 || swTraceUINameLength > packetLength) + { + throw RuntimeException("Error swTraceUINameLength is an invalid size", CHECK_LOCATION()); + } + offset += uint32_t_size; swTraceStringBuffer.resize(swTraceUINameLength - 1); std::memcpy(swTraceStringBuffer.data(), @@ -357,6 +369,11 @@ SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, unsigned in offset += CalculateSizeOfPaddedSwString(swTraceMessage.m_UiName); uint32_t swTraceArgTypesLength = ReadUint32(packetBuffer, offset); + if (swTraceArgTypesLength == 0 || swTraceArgTypesLength > packetLength) + { + throw RuntimeException("Error swTraceArgTypesLength is an invalid size", CHECK_LOCATION()); + } + offset += uint32_t_size; swTraceStringBuffer.resize(swTraceArgTypesLength - 1); std::memcpy(swTraceStringBuffer.data(), @@ -370,6 +387,11 @@ SwTraceMessage ReadSwTraceMessage(const unsigned char* packetBuffer, unsigned in offset += CalculateSizeOfPaddedSwString(swTraceString); uint32_t swTraceArgNamesLength = ReadUint32(packetBuffer, offset); + if (swTraceArgNamesLength == 0 || swTraceArgNamesLength > packetLength) + { + throw RuntimeException("Error swTraceArgNamesLength is an invalid size", CHECK_LOCATION()); + } + offset += uint32_t_size; swTraceStringBuffer.resize(swTraceArgNamesLength - 1); std::memcpy(swTraceStringBuffer.data(), |