len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-09-12 09:07:46 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix potential out of bounds memcpy when multiplication overflow in queue creation

Browse source
This commit is contained in:
David Chalco 2020-04-07 17:30:54 -07:00
parent 334de5d8ab
commit 0db46fb6cc
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
queue.c
View file

@ -378,6 +378,16 @@ Queue_t * const pxQueue = xQueue;
zero in the case the queue is used as a semaphore. */ zero in the case the queue is used as a semaphore. */
xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
/* Guard against multiplication overflow which could otherwise lead to downstream memcpy copying out of bounds. */
if( uxItemSize != 0 )
{
configASSERT( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) );
}
else
{
mtCOVERAGE_TEST_MARKER();
}
/* Allocate the queue and storage area. Justification for MISRA /* Allocate the queue and storage area. Justification for MISRA
deviation as follows: pvPortMalloc() always ensures returned memory deviation as follows: pvPortMalloc() always ensures returned memory
blocks are aligned per the requirements of the MCU stack. In this case blocks are aligned per the requirements of the MCU stack. In this case