len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2026-05-12 11:42:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix: TOCTOU race condition in vTaskListTasks()

Browse source 
Read uxCurrentNumberOfTasks once into uxArraySize and use that local
variable for both the size check and pvPortMalloc() call. The previous
code read the volatile variable twice, allowing a task to be created
between the reads, resulting in an undersized allocation that could
cause a buffer overflow in uxTaskGetSystemState().
This commit is contained in:
Srikanth Patchava 2026-04-24 20:22:22 -07:00 committed by Srikanth Patchava
parent 2c9a217e87
commit 717b8a099b
No known key found for this signature in database
GPG key ID: B904FC2A60B7438D
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks.c
View file

@ -7351,7 +7351,7 @@ static void prvResetNextTaskUnblockTime( void )
/* MISRA Ref 11.5.1 [Malloc memory assignment] */
/* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */
/* coverity[misra_c_2012_rule_11_5_violation] */
pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) );
pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
if( pxTaskStatusArray != NULL )
{
@ -7520,7 +7520,7 @@ static void prvResetNextTaskUnblockTime( void )
/* MISRA Ref 11.5.1 [Malloc memory assignment] */
/* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */
/* coverity[misra_c_2012_rule_11_5_violation] */
pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) );
pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
if( pxTaskStatusArray != NULL )
{