OrgApache/incubator-nuttx
OrgApache
/
incubator-nuttx
mirror of https://github.com/apache/incubator-nuttx.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fs][shmfs]:Avoid an integer overflow 

[Desc]:We need to check the parameter passed to the kmm_zalloc(size_t) function.
If it exceeds the limit of size_t, we need to return an error directly to avoid further errors.

Signed-off-by: pengyinjie <pengyinjie@xiaomi.com>
This commit is contained in:
pengyinjie 2024-04-18 17:17:12 +08:00 committed by Xiang Xiao
parent 634159a5e6
commit 77205b353f
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fs/shm/shmfs_alloc.c
View File

@ -46,7 +46,15 @@ FAR struct shmfs_object_s *shmfs_alloc_object(size_t length)
* chunk in kernel heap
*/
object = kmm_zalloc(sizeof(struct shmfs_object_s) + length);
size_t alloc_size = sizeof(struct shmfs_object_s) + length;
if (alloc_size < length)
{
/* There must have been an integer overflow */
return NULL;
}
object = kmm_zalloc(alloc_size);
if (object)
{
object->paddr = (FAR char *)(object + 1);