From ff448e34856a4c90ee66b955654e81b77934786f Mon Sep 17 00:00:00 2001 From: Michael Egli Date: Tue, 31 Aug 2021 06:47:48 +0200 Subject: [PATCH] Fix some UB cases. Closes #546 There are two cases of UB that are fixed in this commit. 1. In ethercatmain.c, there are two left shifts of 31: (1 << 31) Because 1 is a signed int by default, the result cannot be represented in an int. The fix is to explicitly make the 1 unsigned. 2. In ethercatconfig.c, for slaves that have no inputs, the code would apply an offset to a NULL pointer. The fix is to test that the slave has inputs available before applying the offset. Both cases were found by clang with the help of UBSan. --- soem/ethercatconfig.c | 5 ++++- soem/ethercatmain.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/soem/ethercatconfig.c b/soem/ethercatconfig.c index 64119cd..c004982 100644 --- a/soem/ethercatconfig.c +++ b/soem/ethercatconfig.c @@ -1474,7 +1474,10 @@ int ecx_config_overlap_map_group(ecx_contextt *context, void *pIOmap, uint8 grou { if (!group || (group == context->slavelist[slave].group)) { - context->slavelist[slave].inputs += context->grouplist[group].Obytes; + if(context->slavelist[slave].Ibits > 0) + { + context->slavelist[slave].inputs += context->grouplist[group].Obytes; + } } } diff --git a/soem/ethercatmain.c b/soem/ethercatmain.c index 8667f1a..4b185c1 100644 --- a/soem/ethercatmain.c +++ b/soem/ethercatmain.c @@ -349,7 +349,7 @@ uint8 ecx_siigetbyte(ecx_contextt *context, uint16 slave, uint16 address) { mapw = address >> 5; mapb = (uint16)(address - (mapw << 5)); - if (context->esimap[mapw] & (uint32)(1 << mapb)) + if (context->esimap[mapw] & (1U << mapb)) { /* byte is already in buffer */ retval = context->esibuf[address]; @@ -380,7 +380,7 @@ uint8 ecx_siigetbyte(ecx_contextt *context, uint16 slave, uint16 address) for(lp = 0 ; lp < cnt ; lp++) { /* set bitmap for each byte that is read */ - context->esimap[mapw] |= (1 << mapb); + context->esimap[mapw] |= (1U << mapb); mapb++; if (mapb > 31) {