From b41d4b0a9c7162050da7ca4b961b68ca8d56ea30 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 4 May 2021 16:37:58 +1000 Subject: [PATCH 1/2] freertos: Check for arithmetic overflows on queue creation Addition overflow check is from FreeRTOS kernel commit 47338393f1f79558f6144213409f09f81d7c4837 --- components/freertos/queue.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/components/freertos/queue.c b/components/freertos/queue.c index c00a940cc2..81df2db898 100644 --- a/components/freertos/queue.c +++ b/components/freertos/queue.c @@ -395,6 +395,12 @@ Queue_t * const pxQueue = xQueue; xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ } + /* Check for multiplication overflow. */ + configASSERT( ( uxItemSize == 0 ) || ( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) ) ); + + /* Check for addition overflow. */ + configASSERT( ( sizeof( Queue_t ) + xQueueSizeInBytes ) > xQueueSizeInBytes ); + /* Allocate the queue and storage area. Justification for MISRA deviation as follows: pvPortMalloc() always ensures returned memory blocks are aligned per the requirements of the MCU stack. In this case From e02439f2defd2b14300ffb63f03cb60ad2bf596f Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 4 May 2021 16:43:54 +1000 Subject: [PATCH 2/2] freertos: Add addition overflow check for stream buffer Patch from upstream commit d05b9c123f2bf9090bce386a244fc934ae44db5b --- components/freertos/stream_buffer.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/components/freertos/stream_buffer.c b/components/freertos/stream_buffer.c index 5505de36fc..d5a21b0876 100644 --- a/components/freertos/stream_buffer.c +++ b/components/freertos/stream_buffer.c @@ -256,8 +256,15 @@ static void prvInitialiseNewStreamBuffer( StreamBuffer_t * const pxStreamBuffer, this is a quirk of the implementation that means otherwise the free space would be reported as one byte smaller than would be logically expected. */ - xBufferSizeBytes++; - pucAllocatedMemory = ( uint8_t * ) pvPortMalloc( xBufferSizeBytes + sizeof( StreamBuffer_t ) ); /*lint !e9079 malloc() only returns void*. */ + if( xBufferSizeBytes < ( xBufferSizeBytes + 1 + sizeof( StreamBuffer_t ) ) ) + { + xBufferSizeBytes++; + pucAllocatedMemory = ( uint8_t * ) pvPortMalloc( xBufferSizeBytes + sizeof( StreamBuffer_t ) ); /*lint !e9079 malloc() only returns void*. */ + } + else + { + pucAllocatedMemory = NULL; + } if( pucAllocatedMemory != NULL ) {