CDD IPC control message boundary check is invalid

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: High
    • MCAL
    • MCAL-31473
    • MCUSW_J7_11.00.00
    • MCUSW_J7_11.01.00
    • Hide
      j721e-evm
      j721s2-evm
      j722s-evm
      j742s2-evm
      j784s4-evm
      Show
      j721e-evm j721s2-evm j722s-evm j742s2-evm j784s4-evm

      A control message is always 40 bytes (32 bytes string data and 8 bytes other data) but the check we have in the current SDK is as below
      if (((isCtrlMsg == TRUE) && ((payload->len) <= (CDD_IPC_MAX_CTRL_MSG_LEN))) || ((payload->len) <= (CDD_IPC_MAX_MSG_LEN)))

      This is not proper boundary check when isCtrlMsg isTRUE and payload->len is larger than CDD_IPC_MAX_CTRL_MSG_LEN but smaller than CDD_IPC_MAX_MSG_LEN?
      the if-statement will let this through but it should be failed ideally.

      Ensure Proper boundary checks for messages and end points in CDD IPC

       

      Rootcause : MC/DC missed/not covered for this condition, No justification give for this in Gap report.

      Solution : Add MC/DC test cases and get the coverage after above change.

            Assignee:
            TI User
            Reporter:
            TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:

                Connection: Intermediate to External PROD System
                EXTSYNC-5900 - CDD IPC control message boundary ch...
                SYNCHRONIZED
                • Last Sync Date: