len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-09-12 00:57:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix potential out of bounds memcpy when multiplication overflow in queue creation

Browse source
This commit is contained in:
David Chalco 2020-04-07 17:30:54 -07:00
parent 334de5d8ab
commit 0db46fb6cc
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
queue.c
View file

@ -377,6 +377,16 @@ Queue_t * const pxQueue = xQueue;
can be in the queue at any time. It is valid for uxItemSize to be can be in the queue at any time. It is valid for uxItemSize to be
zero in the case the queue is used as a semaphore. */ zero in the case the queue is used as a semaphore. */
xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
/* Guard against multiplication overflow which could otherwise lead to downstream memcpy copying out of bounds. */
if( uxItemSize != 0 )
{
configASSERT( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) );
}
else
{
mtCOVERAGE_TEST_MARKER();
}
/* Allocate the queue and storage area. Justification for MISRA /* Allocate the queue and storage area. Justification for MISRA
deviation as follows: pvPortMalloc() always ensures returned memory deviation as follows: pvPortMalloc() always ensures returned memory