andreil/klipper
1
0
Fork 0
mirror of https://github.com/andreili/klipper.git synced 2025-08-24 03:44:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

sos_filter: Improve error checking on section_idx

Browse Source 
Validate host provided index prior to accessing memory using that
index.

Also, consistently use a uint8_t for max_sections (to account for
integer overflow issues).

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
This commit is contained in:
Kevin O'Connor 2025-05-29 19:27:39 -04:00
parent eb43b20e3b
commit 8d7e487149
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
klippy/extras/sos_filter.py
View File

@ -176,7 +176,7 @@ class SosFilter:
# create an uninitialized filter object # create an uninitialized filter object
def create_filter(self): def create_filter(self):
self._mcu.add_config_cmd("config_sos_filter oid=%d max_sections=%u" self._mcu.add_config_cmd("config_sos_filter oid=%d max_sections=%d"
% (self._oid, self._max_sections)) % (self._oid, self._max_sections))
self._configure_filter(is_init=True) self._configure_filter(is_init=True)

18
src/sos_filter.c
View File

@ -87,7 +87,7 @@ sosfilt(struct sos_filter *sf, const int32_t unfiltered_value) {
void void
command_config_sos_filter(uint32_t *args) command_config_sos_filter(uint32_t *args)
{ {
uint32_t max_sections = args[1]; uint8_t max_sections = args[1];
uint32_t size = offsetof(struct sos_filter, filter[max_sections]); uint32_t size = offsetof(struct sos_filter, filter[max_sections]);
struct sos_filter *sf = oid_alloc(args[0] struct sos_filter *sf = oid_alloc(args[0]
, command_config_sos_filter, size); , command_config_sos_filter, size);
@ -95,7 +95,7 @@ command_config_sos_filter(uint32_t *args)
sf->is_active = 0; sf->is_active = 0;
} }
DECL_COMMAND(command_config_sos_filter, "config_sos_filter oid=%c" DECL_COMMAND(command_config_sos_filter, "config_sos_filter oid=%c"
" max_sections=%u"); " max_sections=%c");
// Lookup an sos_filter // Lookup an sos_filter
struct sos_filter * struct sos_filter *
@ -104,6 +104,14 @@ sos_filter_oid_lookup(uint8_t oid)
return oid_lookup(oid, command_config_sos_filter); return oid_lookup(oid, command_config_sos_filter);
} }
// Check that a section index parameter is valid
static void
validate_section_index(struct sos_filter *sf, uint8_t section_idx)
{
if (section_idx > sf->max_sections)
shutdown("Filter section index larger than max_sections");
}
// Set one section of the filter // Set one section of the filter
void void
command_sos_filter_set_section(uint32_t *args) command_sos_filter_set_section(uint32_t *args)
@ -112,6 +120,7 @@ command_sos_filter_set_section(uint32_t *args)
// setting a section marks the filter as inactive // setting a section marks the filter as inactive
sf->is_active = 0; sf->is_active = 0;
uint8_t section_idx = args[1]; uint8_t section_idx = args[1];
validate_section_index(sf, section_idx);
// copy section data // copy section data
const uint8_t arg_base = 2; const uint8_t arg_base = 2;
for (uint8_t i = 0; i < SECTION_WIDTH; i++) { for (uint8_t i = 0; i < SECTION_WIDTH; i++) {
@ -131,6 +140,7 @@ command_sos_filter_set_state(uint32_t *args)
sf->is_active = 0; sf->is_active = 0;
// copy state data // copy state data
uint8_t section_idx = args[1]; uint8_t section_idx = args[1];
validate_section_index(sf, section_idx);
const uint8_t arg_base = 2; const uint8_t arg_base = 2;
sf->filter[section_idx].state[0] = args[0 + arg_base]; sf->filter[section_idx].state[0] = args[0 + arg_base];
sf->filter[section_idx].state[1] = args[1 + arg_base]; sf->filter[section_idx].state[1] = args[1 + arg_base];
@ -144,9 +154,7 @@ command_sos_filter_activate(uint32_t *args)
{ {
struct sos_filter *sf = sos_filter_oid_lookup(args[0]); struct sos_filter *sf = sos_filter_oid_lookup(args[0]);
uint8_t n_sections = args[1]; uint8_t n_sections = args[1];
if (n_sections > sf->max_sections) { validate_section_index(sf, n_sections);
shutdown("Filter section count larger than max_sections");
}
sf->n_sections = n_sections; sf->n_sections = n_sections;
const uint8_t coeff_int_bits = args[2]; const uint8_t coeff_int_bits = args[2];
sf->coeff_frac_bits = (31 - coeff_int_bits); sf->coeff_frac_bits = (31 - coeff_int_bits);