Skip to content

Backport 89351 to v3.7 branch: Fix operation bounds check for Flash Map API #93503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 6, 2025
Merged

Backport 89351 to v3.7 branch: Fix operation bounds check for Flash Map API #93503

merged 1 commit into from
Sep 6, 2025

Conversation

@de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Jul 22, 2025
edited
Loading

All functions area using is_in_flash_area_bounds for checking parameters; the function was not immune to integer overflow.
The PR fixes the function and adds test scenario for overflows.

Fixes #89349

@de-nordic
storage/flash_map: Fix is_in_flash_area_bounds
97cf162 
Prevent possible overflow in is_in_flash_area_bounds while
validating offset and length of an operation.

Fixes #89349

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 3d4b427)
@github-actions github-actions bot added the area: Storage Storage subsystem label Jul 22, 2025
@nashif
Copy link
Member

nashif commented Jul 22, 2025

@de-nordic This should not be fixing a 'Failed to backport' issue, you have to reference the original issue being fixed

@de-nordic de-nordic force-pushed the backport-89351-to-v3.7-branch branch from 566bc34 to 97cf162 Compare July 22, 2025 13:05
@de-nordic
Copy link
Contributor Author

de-nordic commented Jul 22, 2025

Had to drop test scenario, because it uses newer macros not supported in 3.7.

@github-actions github-actions bot added the size: XS A PR changing only a single line of code label Jul 22, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 22, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@de-nordic de-nordic requested review from kartben and nashif July 23, 2025 06:26
@de-nordic de-nordic requested a review from fabiobaltieri August 5, 2025 14:01
@de-nordic de-nordic added this to the v3.7.2 milestone Aug 6, 2025
@nashif nashif merged commit 81b6d4f into v3.7-branch Sep 6, 2025
26 checks passed
@nashif nashif deleted the backport-89351-to-v3.7-branch branch September 6, 2025 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kartben kartben kartben approved these changes

@henrikbrixandersen henrikbrixandersen henrikbrixandersen approved these changes

@nashif nashif Awaiting requested review from nashif

@fabiobaltieri fabiobaltieri Awaiting requested review from fabiobaltieri

Assignees

No one assigned

Labels

area: Storage Storage subsystem size: XS A PR changing only a single line of code

Projects

None yet

Milestone

v3.7.2

Development

Successfully merging this pull request may close these issues.

5 participants

@de-nordic @nashif @kartben @henrikbrixandersen