kernel: mempool: Check for overflow in k_malloc()
If a large size is requested, the expression `size += sizeof(...)` might overflow, leading to a small block being requested and returned by k_malloc(). Use a GCC builtin to trap the overflow and return NULL in this case. Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This commit is contained in:
Leandro Pereira
Andrew Boie
parent
c7f5cc9bcb
commit
b902da3599
1 changed files with 4 additions and 1 deletions
|
|
@ -143,7 +143,10 @@ void *k_malloc(size_t size)
|
|||
* get a block large enough to hold an initial (hidden) block
|
||||
* descriptor, as well as the space the caller requested
|
||||
*/
|
||||
size += sizeof(struct k_mem_block_id);
|
||||
if (__builtin_add_overflow(size, sizeof(struct k_mem_block_id),
|
||||
&size)) {
|
||||
return NULL;
|
||||
}
|
||||
if (k_mem_pool_alloc(_HEAP_MEM_POOL, &block, size, K_NO_WAIT) != 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue