score: Fix _Stack_Extend_size()

Check for an integer overflow.  Add a validation test for task create
errors.

1 files changed, 21 insertions, 7 deletions

diff --git a/cpukit/include/rtems/score/stackimpl.h b/cpukit/include/rtems/score/stackimpl.h
index 4b014e334d..43b7c8151e 100644
--- a/cpukit/include/rtems/score/stackimpl.h
+++ b/cpukit/include/rtems/score/stackimpl.h
@@ -119,28 +119,42 @@ RTEMS_INLINE_ROUTINE size_t _Stack_Ensure_minimum (
 }
 
 /**
- * @brief Extend the stack size to account for additional data structures
- *   allocated in the stack area of a thread.
+ * @brief Extends the stack size to account for additional data structures
+ *   allocated in the thread storage area.
  *
- * @param stack_size The stack size.
- * @param is_fp Indicates if the stack is for a floating-point thread.
+ * @param stack_size is the stack size.
+ *
+ * @param is_fp shall be true, if the stack is for a floating-point thread,
+ *   otherwise it shall be false.
  *
- * @return The extended stack size.
+ * @return Returns the extended stack size.
  */
 RTEMS_INLINE_ROUTINE size_t _Stack_Extend_size(
   size_t stack_size,
   bool   is_fp
 )
 {
+  size_t extra_size;
+
+  extra_size = _TLS_Get_allocation_size();
+
 #if ( CPU_HARDWARE_FP == TRUE ) || ( CPU_SOFTWARE_FP == TRUE )
   if ( is_fp ) {
-    stack_size += CONTEXT_FP_SIZE;
+    /* This addition cannot overflow since the TLS size cannot be that large */
+    extra_size += CONTEXT_FP_SIZE;
   }
 #else
   (void) is_fp;
 #endif
 
-  stack_size += _TLS_Get_allocation_size();
+  stack_size += extra_size;
+
+  if ( stack_size < extra_size ) {
+    /*
+     * In case of an unsigned integer overflow, saturate at the maximum value.
+     */
+    stack_size = SIZE_MAX;
+  }
 
   return stack_size;
 }