Skip to content

Backport 89351 to v4.0 branch: Fix operation bounds check for Flash Map API #89351 #93505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Backport 89351 to v4.0 branch: Fix operation bounds check for Flash Map API #89351 #93505

wants to merge 2 commits into from

Conversation

@de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Jul 22, 2025
edited
Loading

All functions area using is_in_flash_area_bounds for checking parameters; the function was not immune to integer overflow.
The PR fixes the function and adds test scenario for overflows.

Fixes #89514

de-nordic added 2 commits July 22, 2025 12:26
@de-nordic
storage/flash_map: Fix is_in_flash_area_bounds
dd93585 
Prevent possible overflow in is_in_flash_area_bounds while
validating offset and length of an operation.

Fixes #89349

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 3d4b427)
@de-nordic
tests: flash_map: Basic offset/length overflow tests
53a4b9a 
Test integer overflow on Flash Area operation parameters.
All functions call the same is_in_flash_area_bounds
function for parameter verification, so it was enough
to test parameter checks of flash_read.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 71a329f)
@zephyrbot zephyrbot added the area: Storage Storage subsystem label Jul 22, 2025
@JarmouniA
Copy link
Contributor

JarmouniA commented Jul 22, 2025

Zephyr 4.0 branch is EOL

@de-nordic
Copy link
Contributor Author

de-nordic commented Jul 22, 2025

Zephyr 4.0 branch is EOL

OK, so the Backport issue can be closed?

@de-nordic de-nordic closed this Jul 22, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 22, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@JarmouniA JarmouniA deleted the backport-89351-to-v4.0-branch branch July 22, 2025 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area: Storage Storage subsystem

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@de-nordic @JarmouniA @zephyrbot