From 8f9427dd53cc3f5eb9194f1235e6357fab5b476d Mon Sep 17 00:00:00 2001 From: Brian Pugh Date: Sun, 29 Oct 2023 13:50:38 -0700 Subject: [PATCH 1/4] Add value-range checks for user-definable macros --- lfs.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lfs.c b/lfs.c index 0827331c..6c517a42 100644 --- a/lfs.c +++ b/lfs.c @@ -8,6 +8,23 @@ #include "lfs.h" #include "lfs_util.h" +// Configuration Sanity Check +#if (LFS_NAME_MAX <= 0) || (LFS_NAME_MAX > 1022) +#error "LFS_NAME_MAX must be in the range (0, 1022]" +#endif + +#if (LFS_FILE_MAX <= 0) || (LFS_FILE_MAX > 4294967296) +#error "LFS_FILE_MAX must be in the range (0, 4294967296]" +#endif + +#if (LFS_FILE_MAX > 2147483647) +#warning "LFS_FILE_MAX>2147483647; lfs_file_seek, lfs_file_size, and lfs_file_tell will not function properly." +#endif + +#if (LFS_ATTR_MAX < 0) || (LFS_ATTR_MAX > 1022) +#error "LFS_ATTR_MAX must be in the range [0, 1022]" +#endif + // some constants used throughout the code #define LFS_BLOCK_NULL ((lfs_block_t)-1) From c531a5e88f09e71f948725131ec47bb5776d6108 Mon Sep 17 00:00:00 2001 From: Brian Pugh Date: Mon, 30 Oct 2023 11:18:20 -0700 Subject: [PATCH 2/4] Replace erroneous LFS_FILE_MAX upper bound 4294967296 to 4294967295 --- lfs.c | 4 ++-- lfs.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs.c b/lfs.c index 6c517a42..a18752c4 100644 --- a/lfs.c +++ b/lfs.c @@ -13,8 +13,8 @@ #error "LFS_NAME_MAX must be in the range (0, 1022]" #endif -#if (LFS_FILE_MAX <= 0) || (LFS_FILE_MAX > 4294967296) -#error "LFS_FILE_MAX must be in the range (0, 4294967296]" +#if (LFS_FILE_MAX <= 0) || (LFS_FILE_MAX > 4294967295) +#error "LFS_FILE_MAX must be in the range (0, 4294967295]" #endif #if (LFS_FILE_MAX > 2147483647) diff --git a/lfs.h b/lfs.h index 9eeab230..d7f61367 100644 --- a/lfs.h +++ b/lfs.h @@ -52,7 +52,7 @@ typedef uint32_t lfs_block_t; #endif // Maximum size of a file in bytes, may be redefined to limit to support other -// drivers. Limited on disk to <= 4294967296. However, above 2147483647 the +// drivers. Limited on disk to <= 4294967295. However, above 2147483647 the // functions lfs_file_seek, lfs_file_size, and lfs_file_tell will return // incorrect values due to using signed integers. Stored in superblock and // must be respected by other littlefs drivers. From 1fefcbbcba6875a4e0d140eaa8486a36cf4f45f0 Mon Sep 17 00:00:00 2001 From: Christopher Haster Date: Tue, 16 Jan 2024 23:34:20 -0600 Subject: [PATCH 3/4] Rearranged compile-time constant checks to live near lfs_init lfs_init handles the checks/asserts of most configuration, moving these checks near lfs_init attempts to keep all of these checks nearby each other. Also updated the comments to avoid somtimes-ambiguous range notation. And removed negative bounds checks. Negative bounds should be obviously incorrect, and 0 is _technically_ not illegal for any define (though admittedly unlikely to be correct). --- lfs.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/lfs.c b/lfs.c index a18752c4..3d716acc 100644 --- a/lfs.c +++ b/lfs.c @@ -8,23 +8,6 @@ #include "lfs.h" #include "lfs_util.h" -// Configuration Sanity Check -#if (LFS_NAME_MAX <= 0) || (LFS_NAME_MAX > 1022) -#error "LFS_NAME_MAX must be in the range (0, 1022]" -#endif - -#if (LFS_FILE_MAX <= 0) || (LFS_FILE_MAX > 4294967295) -#error "LFS_FILE_MAX must be in the range (0, 4294967295]" -#endif - -#if (LFS_FILE_MAX > 2147483647) -#warning "LFS_FILE_MAX>2147483647; lfs_file_seek, lfs_file_size, and lfs_file_tell will not function properly." -#endif - -#if (LFS_ATTR_MAX < 0) || (LFS_ATTR_MAX > 1022) -#error "LFS_ATTR_MAX must be in the range [0, 1022]" -#endif - // some constants used throughout the code #define LFS_BLOCK_NULL ((lfs_block_t)-1) @@ -4123,6 +4106,21 @@ static int lfs_rawremoveattr(lfs_t *lfs, const char *path, uint8_t type) { /// Filesystem operations /// + +// compile time checks, see lfs.h for why these limits exist +#if LFS_NAME_MAX > 1022 +#error "Invalid LFS_NAME_MAX, must be <= 1022" +#endif + +#if LFS_FILE_MAX > 4294967295 +#error "Invalid LFS_FILE_MAX, must be <= 4294967295" +#endif + +#if LFS_ATTR_MAX > 1022 +#error "Invalid LFS_ATTR_MAX, must be <= 1022" +#endif + +// common filesystem initialization static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) { lfs->cfg = cfg; lfs->block_count = cfg->block_count; // May be 0 From 6691718b18def310516d1e7724fece766c7c09b1 Mon Sep 17 00:00:00 2001 From: Christopher Haster Date: Tue, 16 Jan 2024 23:40:30 -0600 Subject: [PATCH 4/4] Restricted LFS_FILE_MAX to signed 32-bits, <2^31, <=2147483647 I think realistically no one is using this. It's already only partially supported and untested. Worst case, if someone does depend on this we can always revert. --- lfs.c | 4 ++-- lfs.h | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lfs.c b/lfs.c index 3d716acc..9e1fdb65 100644 --- a/lfs.c +++ b/lfs.c @@ -4112,8 +4112,8 @@ static int lfs_rawremoveattr(lfs_t *lfs, const char *path, uint8_t type) { #error "Invalid LFS_NAME_MAX, must be <= 1022" #endif -#if LFS_FILE_MAX > 4294967295 -#error "Invalid LFS_FILE_MAX, must be <= 4294967295" +#if LFS_FILE_MAX > 2147483647 +#error "Invalid LFS_FILE_MAX, must be <= 2147483647" #endif #if LFS_ATTR_MAX > 1022 diff --git a/lfs.h b/lfs.h index d7f61367..452dd0e9 100644 --- a/lfs.h +++ b/lfs.h @@ -52,10 +52,8 @@ typedef uint32_t lfs_block_t; #endif // Maximum size of a file in bytes, may be redefined to limit to support other -// drivers. Limited on disk to <= 4294967295. However, above 2147483647 the -// functions lfs_file_seek, lfs_file_size, and lfs_file_tell will return -// incorrect values due to using signed integers. Stored in superblock and -// must be respected by other littlefs drivers. +// drivers. Limited on disk to <= 2147483647. Stored in superblock and must be +// respected by other littlefs drivers. #ifndef LFS_FILE_MAX #define LFS_FILE_MAX 2147483647 #endif