Calling memcpy with invalid pointer

[amgross]

Hi,
In c autogenerated code (with BasicCodec), in case that read binary fails (and change the m_status to failure), the auto generated calls memcpy with length 0 and valid dst pointer, but with unknown src pointer (no one defined $info.dataTemp). According c spec this may lead to undefined behavior.

erpc/erpcgen/src/templates/c_coders.template

Lines 35 to 56 in 21a396e

	uint8_t * {$info.dataTemp};
	codec->readBinary(&{$info.sizeTemp}, &{$info.dataTemp});
	{% if info.hasLengthVariable && not info.constantVariable %}
	{% if info.pointerScalarTypes && source == "client" %}*{% endif %}{$info.size} = {$info.sizeTemp};
	{% endif %}
	{% if info.maxSize != info.sizeTemp %}
	if ({$info.sizeTemp} <= {$info.maxSize})
	{
	{% set indent = " " >%}
	{% else %}
	{% set indent = "" >%}
	{% endif %}
	{% if source == "server" || info.useMallocOnClientSide == true %}
	{$indent}{$info.name} = (uint8_t *) erpc_malloc({$info.maxSize} * sizeof(uint8_t));
	{% if generateAllocErrorChecks == true %}
	{$indent}if ({$info.name} == NULL)
	{$indent}{
	{$indent} codec->updateStatus(kErpcStatus_MemoryError);
	{$indent}}
	{$indent}else
	{$indent}{
	{$indent} memcpy({$info.name}, {$info.dataTemp}, {$info.sizeTemp});

Optional solutions will to have version of erpc_malloc that gets codec and returns NULL if the status is not OK (that skips the memcpy), or not do the malloc + memcpy at all if status is not success

[github-actions]

Hi eRPC user. Thank you for your interest and welcome. We hope you will enjoy this framework well.

[Hadatko]

Hi @amgross , do you think this will fix it for you? #72

[Hadatko]

Likely not. I will look on it if it is an issue. Thank you for your feedback.

[amgross]

Thank you

[Hadatko]

Hi @amgross , i agree with you. I will propose solution soon.

[Hadatko]

Hi @amgross , just to be sure i did this change #253 . But based on talk here: https://stackoverflow.com/questions/3751797/can-i-call-memcpy-and-memmove-with-number-of-bytes-set-to-zero
it looks like length 0 should be ok.
Do you agree with changes or you would like to improve that? NULL should be valid ptr value.

[amgross]

Hi @Hadatko , I disagree that 'NULL should be valid ptr value'.
You can see first answer at https://stackoverflow.com/questions/5243012/is-it-guaranteed-to-be-safe-to-perform-memcpy0-0-0 that claims that 'results in undefined behavior, because null pointers are considered "invalid values."'.
Same you can see in one of the comments in the question you referred, https://stackoverflow.com/questions/3751797/can-i-call-memcpy-and-memmove-with-number-of-bytes-set-to-zero#comment34300578_3751937, claiming that 'You're correct that you can't pass null pointers'
EDIT
see same in comments here: https://stackoverflow.com/questions/22262020/is-calling-memmove-or-memcpy-with-null-defined?

[amgross]

However you can probably put there the m_cursor.get(). It will return valid pointer (that won't be used)

[Hadatko]

I did it based on: Answers. In general, the only valid pointer values are NULL, and pointers to the beginning, inside, and right after, an existing object. Also note that NULL does not necessarily have to be represented as a bit-pattern with zero:s. On some architectures, -1 is a legal pointer value.

But if function is telling that it is not handled then i will rather id it lenght condition.