fake_bsp: fix out-of-bounds read of OFFSET_CONFIGURATION_ROM

The check failed to account for the trailing null byte, and
memcpy() read beyond the end of the copied string literal.

Signed-off-by: Peter Colberg <peter.colberg@intel.com>

Author: pcolberg

test/fake_bsp/fakegoodbsp.cpp

@@ -282,14 +282,14 @@ AOCL_MMD_CALL int aocl_mmd_read(int handle, aocl_mmd_op_t op, size_t len,
     fprintf(stderr, "Error: Not handling read of 0x%x in unit test\n",
             (unsigned int)offset);
     return -1;
-  case OFFSET_CONFIGURATION_ROM:
-    if (strlen(config_str) <= len) {
-      memcpy(dst, (void *)config_str, len);
-      return 0;
-    } else {
+  case OFFSET_CONFIGURATION_ROM: {
+    const size_t config_size = strlen(config_str) + 1;
+    if (config_size > len) {
       return -1;
     }
-    break;
+    memcpy(dst, config_str, config_size);
+    return 0;
+  }
   case OFFSET_COUNTER:
     if (len == sizeof(unsigned int)) {
       memcpy(dst, &offset_counter, len);

test/fake_bsp/missingfuncbsp.cpp

@@ -267,14 +267,14 @@ AOCL_MMD_CALL int aocl_mmd_read(int handle, aocl_mmd_op_t op, size_t len,
     fprintf(stderr, "Error: Not handling read of 0x%x in unit test\n",
             (unsigned int)offset);
     return -1;
-  case OFFSET_CONFIGURATION_ROM:
-    if (strlen(config_str) <= len) {
-      memcpy(dst, (void *)config_str, len);
-      return 0;
-    } else {
+  case OFFSET_CONFIGURATION_ROM: {
+    const size_t config_size = strlen(config_str) + 1;
+    if (config_size > len) {
       return -1;
     }
-    break;
+    memcpy(dst, config_str, config_size);
+    return 0;
+  }
   case OFFSET_COUNTER:
     fprintf(stderr, "Error: Not handling read of 0x%x in unit test\n",
             (unsigned int)offset);