CFE_ES_SEND_MEM_POOL_STATS_CC Issues #651
Description
Describe the bug
There are multiple issues with the CFE_ES_SEND_MEM_POOL_STATS_CC command:
- The command/function(s) used are fundamentally flawed in that a user can send a seemingly benign command that can result in a segmentation fault if one of the command parameters is incorrect. For example, if the PoolHandle parameter is set to zero a segmentation fault will result (pretty much any value below xFFFFFE28 faults on my machine). This occurs when handle is validated via the CFE_ES_ValidateHandle function. Should consider modifying the CFE_ES_ValidateHandle function + updating the unit test to test command on boundary/extreme conditions.
- On a 64-bit machine if the PoolHandle parameter is set to a valid value the function will fail. This is because CFE_PSP_MemValidateRange – which is called via the CFE_ES_ValidateHandle function as part of the validation process, limits the max memory range of the handle to xFFFFFFFE.
- On a 64-bit machine - compiler added padding will be applied to the command. The order of variable declaration should ideally be descending in size to avoid future conflicts.
Expected behavior
Command works nominally and is vetted via combination of unit/functional tests.
System observed on:
Oracle VM VirtualBox
OS: ubuntu-19.10
Versions: cFE 6.7.13.0, OSAL 5.0.12.0, PSP 1.4.9.0
Reporter Info
Dan Knutsen
NASA/Goddard