From 08cbd4ba201317d0f529cbdb48db9f4775804963 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Fri, 26 Feb 2021 12:34:21 +0100 Subject: score: Fix _Stack_Extend_size() Check for an integer overflow. Add a validation test for task create errors. --- cpukit/include/rtems/score/stackimpl.h | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'cpukit') diff --git a/cpukit/include/rtems/score/stackimpl.h b/cpukit/include/rtems/score/stackimpl.h index 4b014e334d..43b7c8151e 100644 --- a/cpukit/include/rtems/score/stackimpl.h +++ b/cpukit/include/rtems/score/stackimpl.h @@ -119,28 +119,42 @@ RTEMS_INLINE_ROUTINE size_t _Stack_Ensure_minimum ( } /** - * @brief Extend the stack size to account for additional data structures - * allocated in the stack area of a thread. + * @brief Extends the stack size to account for additional data structures + * allocated in the thread storage area. * - * @param stack_size The stack size. - * @param is_fp Indicates if the stack is for a floating-point thread. + * @param stack_size is the stack size. + * + * @param is_fp shall be true, if the stack is for a floating-point thread, + * otherwise it shall be false. * - * @return The extended stack size. + * @return Returns the extended stack size. */ RTEMS_INLINE_ROUTINE size_t _Stack_Extend_size( size_t stack_size, bool is_fp ) { + size_t extra_size; + + extra_size = _TLS_Get_allocation_size(); + #if ( CPU_HARDWARE_FP == TRUE ) || ( CPU_SOFTWARE_FP == TRUE ) if ( is_fp ) { - stack_size += CONTEXT_FP_SIZE; + /* This addition cannot overflow since the TLS size cannot be that large */ + extra_size += CONTEXT_FP_SIZE; } #else (void) is_fp; #endif - stack_size += _TLS_Get_allocation_size(); + stack_size += extra_size; + + if ( stack_size < extra_size ) { + /* + * In case of an unsigned integer overflow, saturate at the maximum value. + */ + stack_size = SIZE_MAX; + } return stack_size; } -- cgit v1.2.3