espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-03 10:30:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/esp_timer_dump_corruption_v5.4' into 'release/v5.4'

Browse Source 
fix(esp_timer): fixed potential buffer overflow with esp_timer_dump() (v5.4)

See merge request espressif/esp-idf!41451
This commit is contained in:
Marius Vikhammer
2025-08-26 10:44:17 +08:00
parent 1efc75a9d8 bc3a35a88c
commit 0f42bb5b50
2 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/esp_timer/src/esp_timer.c
View File

@@ -606,14 +606,15 @@ static void print_timer_info(esp_timer_handle_t t, char** dst, size_t* dst_size)
} else { } else {
cb = snprintf(*dst, *dst_size, "timer@%-10p ", t); cb = snprintf(*dst, *dst_size, "timer@%-10p ", t);
} }
cb += snprintf(*dst + cb, *dst_size + cb, "%-10lld %-12lld %-12d %-12d %-12d %-12lld\n",
cb += snprintf(*dst + cb, *dst_size - cb, "%-10lld %-12lld %-12d %-12d %-12d %-12lld\n",
(uint64_t)t->period, t->alarm, t->times_armed, (uint64_t)t->period, t->alarm, t->times_armed,
t->times_triggered, t->times_skipped, t->total_callback_run_time); t->times_triggered, t->times_skipped, t->total_callback_run_time);
/* keep this in sync with the format string, used in esp_timer_dump */ /* keep this in sync with the format string, used in esp_timer_dump */
#define TIMER_INFO_LINE_LEN 90 #define TIMER_INFO_LINE_LEN 103
#else #else
size_t cb = snprintf(*dst, *dst_size, "timer@%-14p %-10lld %-12lld\n", t, (uint64_t)t->period, t->alarm); size_t cb = snprintf(*dst, *dst_size, "timer@%-14p %-10lld %-12lld\n", t, (uint64_t)t->period, t->alarm);
#define TIMER_INFO_LINE_LEN 46 #define TIMER_INFO_LINE_LEN 47
#endif #endif
*dst += cb; *dst += cb;
*dst_size -= cb; *dst_size -= cb;

27
components/esp_timer/test_apps/main/test_esp_timer.c
View File

@@ -492,9 +492,36 @@ TEST_CASE("esp_timer_get_time returns monotonic values", "[esp_timer]")
} }
} }
static void empty_cb(void* varg)
{
}
TEST_CASE("Can dump esp_timer stats", "[esp_timer]") TEST_CASE("Can dump esp_timer stats", "[esp_timer]")
{ {
/* Stress test the dump
Spawn enough timers that we are sure to
overflow the internal string buffer if the
length calculation is not correct.
*/
const int NUM_TIMERS = 200;
esp_timer_handle_t timers[NUM_TIMERS];
for (int i = 0; i < NUM_TIMERS; ++i) {
char name[30];
snprintf(name, sizeof(name), "test_timer_number_%d", i);
esp_timer_create_args_t timer_args = {
.callback = &empty_cb,
.arg = NULL,
.name = name
};
TEST_ESP_OK(esp_timer_create(&timer_args, &timers[i]));
}
esp_timer_dump(stdout); esp_timer_dump(stdout);
for (int i = 0; i < NUM_TIMERS; ++i) {
TEST_ESP_OK(esp_timer_delete(timers[i]));
}
} }
typedef struct { typedef struct {