calloc limits (#119)

Add overflow protection to __iotc_calloc calls, as well as unit tests for the function.

Author: DellaBitta

make/mt-os/mt-freertos-linux.mk

@@ -16,7 +16,7 @@
 CC ?= gcc
 AR ?= ar
 
-IOTC_COMMON_COMPILER_FLAGS += -fPIC
+IOTC_COMMON_COMPILER_FLAGS += -fPIC -DIOTC_TARGET_FREERTOS=1
 IOTC_LIB_FLAGS += $(IOTC_TLS_LIBFLAGS) -lcrypto -lpthread
 
 IOTC_FREERTOS_DIR_PATH = $(LIBIOTC)/third_party/FreeRTOSv10.1.1/FreeRTOS

src/libiotc/memory/iotc_allocator.c

@@ -1,4 +1,4 @@
-/* Copyright 2018-2020 Google LLC
+/* Copyright 2018-2021 Google LLC
  *
  * This is part of the Google Cloud IoT Device SDK for Embedded C.
  * It is licensed under the BSD 3-Clause license; you may not use this file
@@ -15,20 +15,26 @@
  */
 #include "iotc_allocator.h"
 #include "iotc_bsp_mem.h"
+#include <stdint.h>
 
 extern void* memset(void* ptr, int value, size_t num);
 
 void* __iotc_alloc(size_t byte_count) { return iotc_bsp_mem_alloc(byte_count); }
 
 void* __iotc_calloc(size_t num, size_t byte_count) {
   const size_t size_to_allocate = num * byte_count;
+
+  /* Prevent overflow. */
+  if (size_to_allocate == 0 || num  > SIZE_MAX / byte_count) {
+    return NULL;
+  }
+
   void* ret = iotc_bsp_mem_alloc(size_to_allocate);
 
   /* It's unspecified if memset works with NULL pointer. */
   if (NULL != ret) {
     memset(ret, 0, size_to_allocate);
   }
-
   return ret;
 }
 

src/tests/utests/iotc_utest_memory_calloc.c

@@ -0,0 +1,195 @@
+ /* Copyright 2021 Google LLC
+ *
+ * This is part of the Google Cloud IoT Device SDK for Embedded C.
+ * It is licensed under the BSD 3-Clause license; you may not use this file
+ * except in compliance with the License.
+ *
+ * You may obtain a copy of the License at:
+ *  https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "iotc_macros.h"
+#include "iotc_tt_testcase_management.h"
+#include "tinytest.h"
+#include "tinytest_macros.h"
+
+#include "iotc.h"
+#include "iotc_allocator.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#ifndef IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN
+
+#endif  // IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN
+
+IOTC_TT_TESTGROUP_BEGIN(utest_memory_calloc)
+
+/* Happy cases. */
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_1__size_8,
+    {
+      void* ptr = __iotc_calloc( /*num=*/1, /*size=*/8);
+      tt_want_ptr_op(NULL, !=, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc___num_255__size_55,
+    {
+      void* ptr = __iotc_calloc( /*num=*/255, /*size=*/55);
+      tt_want_ptr_op(NULL, !=, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc___num_1000000__size_88,
+    {
+      void* ptr = __iotc_calloc( /*num=*/1000000, /*size=*/88);
+      tt_want_ptr_op(NULL, !=, ptr);
+      __iotc_free(ptr);
+    })
+
+/* Edge cases. */
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_0__size_8,
+    {
+      void* ptr = __iotc_calloc( /*num=*/0, /*size=*/8);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_1__size_0,
+    {
+      void* ptr = __iotc_calloc( /*num=*/1, /*size=*/0);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_0__size_0,
+    {
+      void* ptr = __iotc_calloc( /*num=*/0, /*size=*/0);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_max__size_0,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX, /*size=*/0);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_0__size_max,
+    {
+      void* ptr = __iotc_calloc( /*num=*/0, /*size=*/SIZE_MAX);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+/* Edge cases - SIZE_MAX
+   Note: FreeRTOS heap size isn't large enough for SIZE_MAX allocations,
+   so these tests are disabled for those targets. */
+#ifndef IOTC_TARGET_FREERTOS
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_1__size_max,
+    {
+      void* ptr = __iotc_calloc( /*num=*/1, /*size=*/SIZE_MAX);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_max_minus_1__size_1,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX-1, /*size=*/1);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_half_max__size_2,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX/2, /*size=*/2);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_2__size_half_max,
+    {
+      void* ptr = __iotc_calloc( /*num=*/2, /*size=*/SIZE_MAX/2);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_1__size_max_minus_1,
+    {
+      void* ptr = __iotc_calloc( /*num=*/1, /*size=*/SIZE_MAX-1);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__num_size_max_minus_1__size_1,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX-1, /*size=*/1);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+#endif  /* IOTC_TARGET_FREERTOS */
+
+/* Overflow cases. */
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_3__size_half_max,
+    {
+      void* ptr = __iotc_calloc( /*num=*/3, /*size=*/SIZE_MAX/2);
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+  
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_half_max__size_3,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX/2, /*size=*/3) ;
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_half_max_plus_1__size_2,
+    {
+      void* ptr = __iotc_calloc( /*num=*/SIZE_MAX/2+1, /*size=*/2) ;
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTCASE(
+    utest__iotc_memory_calloc__overflow__num_3__size_half_max_plus_1,
+    {
+      void* ptr = __iotc_calloc( /*num=*/3, /*size=*/SIZE_MAX/2+1) ;
+      tt_want_ptr_op(NULL, ==, ptr);
+      __iotc_free(ptr);
+    })
+
+IOTC_TT_TESTGROUP_END
+
+#ifndef IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN
+#define IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN
+#include __FILE__
+#undef IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN
+#endif  // IOTC_TT_TESTCASE_ENUMERATION__SECONDPREPROCESSORRUN

src/tests/utests/iotc_utests.c

@@ -33,7 +33,8 @@
 #define IOTC_TT_MQTT_LOGIC_LAYER_SUBSCRIBE        ( IOTC_TT_MQTT_PARSER << 1 )
 #define IOTC_TT_CONTROL_TOPIC                     ( IOTC_TT_MQTT_LOGIC_LAYER_SUBSCRIBE << 1 )
 #define IOTC_TT_MQTT_SERIALIZER                   ( IOTC_TT_CONTROL_TOPIC << 1 )
-#define IOTC_TT_MEMORY_LIMITER                    ( IOTC_TT_MQTT_SERIALIZER << 1 )
+#define IOTC_TT_MEMORY_CALLOC                     ( IOTC_TT_MQTT_SERIALIZER << 1)
+#define IOTC_TT_MEMORY_LIMITER                    ( IOTC_TT_MEMORY_CALLOC << 1 )
 #define IOTC_TT_THREAD                            ( IOTC_TT_MEMORY_LIMITER << 1 )
 #define IOTC_TT_THREAD_WORKERTHREAD               ( IOTC_TT_THREAD << 1 )
 #define IOTC_TT_THREAD_THREADPOOL                 ( IOTC_TT_THREAD_WORKERTHREAD << 1 )
@@ -63,6 +64,7 @@ IOTC_TT_TESTCASE_PREDECLARATION(utest_datastructures);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_list);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_data_desc);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_backoff);
+IOTC_TT_TESTCASE_PREDECLARATION(utest_memory_calloc);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_mqtt_ctors_dtors);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_mqtt_parser);
 IOTC_TT_TESTCASE_PREDECLARATION(utest_mqtt_logic_layer_subscribe);
@@ -194,6 +196,8 @@ struct testgroup_t groups[] = {
 
     {"utest_timed_task - ", utest_timed_task},
 
+    {"utest_memory_calloc  - ", utest_memory_calloc},
+
 #if (IOTC_TT_TEST_SET & IOTC_TT_MQTT_CODEC_LAYER_DATA)
     {"utest_mqtt_codec_layer_data - ", utest_mqtt_codec_layer_data},
 #endif