From 77205b353f58b5a472e1bf9781ccb016d2e41ffe Mon Sep 17 00:00:00 2001 From: pengyinjie Date: Thu, 18 Apr 2024 17:17:12 +0800 Subject: [PATCH] [fs][shmfs]:Avoid an integer overflow [Desc]:We need to check the parameter passed to the kmm_zalloc(size_t) function. If it exceeds the limit of size_t, we need to return an error directly to avoid further errors. Signed-off-by: pengyinjie --- fs/shm/shmfs_alloc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/shm/shmfs_alloc.c b/fs/shm/shmfs_alloc.c index 65fb74ca3e..05a0f540b1 100644 --- a/fs/shm/shmfs_alloc.c +++ b/fs/shm/shmfs_alloc.c @@ -46,7 +46,15 @@ FAR struct shmfs_object_s *shmfs_alloc_object(size_t length) * chunk in kernel heap */ - object = kmm_zalloc(sizeof(struct shmfs_object_s) + length); + size_t alloc_size = sizeof(struct shmfs_object_s) + length; + if (alloc_size < length) + { + /* There must have been an integer overflow */ + + return NULL; + } + + object = kmm_zalloc(alloc_size); if (object) { object->paddr = (FAR char *)(object + 1);