Fixing UBSan issues that showed up in all-clusters app (#35580)

Alami-Amine · web-flow · commit 5a9e31466e68 · 2024-09-17T11:41:35.000-04:00
* Fix for unsigned integer overflow:
Error Message: BufferWriter.cpp:76:16: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

when size becomes 0 and we are in while (size-- &gt; 0), then size will become less than 0, which should be avoided since it is an unsigned (although technically it wraps around, UBSAN complains about it).
Fix: stop size from decrement past 0, by moving size-- inside the loop

* Fix null pointer passed to non-null argument in CHIPMemString.h
Error Message: CHIPMemString.h:88:22: runtime error: null pointer passed as argument 2, which is declared to never be null

when PI= is in mDNS TXT record (its value is empty) , and Dnssd::Internal::GetPairingInstruction calls CopyString, source is an empty bytespan and source.data() will return a null pointer, that will be passed to memcpy
Fix: avoid memcpy in that case.
diff --git a/src/lib/support/BufferWriter.cpp b/src/lib/support/BufferWriter.cpp
@@ -73,17 +73,19 @@ LittleEndian::BufferWriter & LittleEndian::BufferWriter::EndianPutSigned(int64_t
 
 BigEndian::BufferWriter & BigEndian::BufferWriter::EndianPut(uint64_t x, size_t size)
 {
-    while (size-- > 0)
+    while (size > 0)
     {
+        size--;
         Put(static_cast<uint8_t>((x >> (size * 8)) & 0xff));
     }
     return *this;
 }
 
 BigEndian::BufferWriter & BigEndian::BufferWriter::EndianPutSigned(int64_t x, size_t size)
 {
-    while (size-- > 0)
+    while (size > 0)
     {
+        size--;
         Put(static_cast<uint8_t>((x >> (size * 8)) & 0xff));
     }
     return *this;
diff --git a/src/lib/support/CHIPMemString.h b/src/lib/support/CHIPMemString.h
@@ -82,12 +82,20 @@ inline void CopyString(char (&dest)[N], const char * source)
  */
 inline void CopyString(char * dest, size_t destLength, ByteSpan source)
 {
-    if (dest && destLength)
+    if ((dest == nullptr) || (destLength == 0))
     {
-        size_t maxChars = std::min(destLength - 1, source.size());
-        memcpy(dest, source.data(), maxChars);
-        dest[maxChars] = '\0';
+        return; // no space to copy anything, not even a null terminator
     }
+
+    if (source.empty())
+    {
+        *dest = '\0'; // just a null terminator, we are copying empty data
+        return;
+    }
+
+    size_t maxChars = std::min(destLength - 1, source.size());
+    memcpy(dest, source.data(), maxChars);
+    dest[maxChars] = '\0';
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -73,17 +73,19 @@ LittleEndian::BufferWriter & LittleEndian::BufferWriter::EndianPutSigned(int64_t`
`73`	`73`
`74`	`74`	`BigEndian::BufferWriter & BigEndian::BufferWriter::EndianPut(uint64_t x, size_t size)`
`75`	`75`	`{`
`76`		`- while (size-- > 0)`
	`76`	`+ while (size > 0)`
`77`	`77`	`{`
	`78`	`+ size--;`
`78`	`79`	`Put(static_cast<uint8_t>((x >> (size * 8)) & 0xff));`
`79`	`80`	`}`
`80`	`81`	`return *this;`
`81`	`82`	`}`
`82`	`83`
`83`	`84`	`BigEndian::BufferWriter & BigEndian::BufferWriter::EndianPutSigned(int64_t x, size_t size)`
`84`	`85`	`{`
`85`		`- while (size-- > 0)`
	`86`	`+ while (size > 0)`
`86`	`87`	`{`
	`88`	`+ size--;`
`87`	`89`	`Put(static_cast<uint8_t>((x >> (size * 8)) & 0xff));`
`88`	`90`	`}`
`89`	`91`	`return *this;`
Original file line number	Diff line number	Diff line change
`@@ -82,12 +82,20 @@ inline void CopyString(char (&dest)[N], const char * source)`
`82`	`82`	`*/`
`83`	`83`	`inline void CopyString(char * dest, size_t destLength, ByteSpan source)`
`84`	`84`	`{`
`85`		`- if (dest && destLength)`
	`85`	`+ if ((dest == nullptr) \|\| (destLength == 0))`
`86`	`86`	`{`
`87`		`- size_t maxChars = std::min(destLength - 1, source.size());`
`88`		`- memcpy(dest, source.data(), maxChars);`
`89`		`- dest[maxChars] = '\0';`
	`87`	`+ return; // no space to copy anything, not even a null terminator`
`90`	`88`	`}`
	`89`	`+`
	`90`	`+ if (source.empty())`
	`91`	`+ {`
	`92`	`+ *dest = '\0'; // just a null terminator, we are copying empty data`
	`93`	`+ return;`
	`94`	`+ }`
	`95`	`+`
	`96`	`+ size_t maxChars = std::min(destLength - 1, source.size());`
	`97`	`+ memcpy(dest, source.data(), maxChars);`
	`98`	`+ dest[maxChars] = '\0';`
`91`	`99`	`}`
`92`	`100`
`93`	`101`	`/**`