RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
Code Releases Activity

Merge pull request #16438 from maribu/bad_alloc

Browse Source 
pkg/tlsf,cpu/esp_common: fix possible overflow in calloc implementations
This commit is contained in:
Kaspar Schleiser 2021-05-05 09:53:00 +02:00 committed by GitHub
commit 43103a65d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cpu/esp_common/syscalls.c
View File

@ -276,9 +276,13 @@ void* IRAM_ATTR __wrap__realloc_r(struct _reent *r, void* ptr, size_t size)
void* IRAM_ATTR __wrap__calloc_r(struct _reent *r, size_t count, size_t size)
{
void *result = heap_caps_malloc_default(count * size);
size_t size_total;
if (__builtin_mul_overflow(count, size, &size_total)) {
return NULL;
}
void *result = heap_caps_malloc_default(size_total);
if (result) {
bzero(result, count * size);
bzero(result, size_total);
}
return result;
}

8
pkg/tlsf/contrib/newlib.c
View File

@ -71,10 +71,14 @@ ATTR_MALLOCR void *_malloc_r(struct _reent *reent_ptr, size_t bytes)
*/
ATTR_CALLOCR void *_calloc_r(struct _reent *reent_ptr, size_t count, size_t bytes)
{
void *result = _malloc_r(reent_ptr, count * bytes);
size_t size_total;
if (__builtin_mul_overflow(count, bytes, &size_total)) {
return NULL;
}
void *result = _malloc_r(reent_ptr, size_total);
if (result != NULL) {
memset(result, 0, count * bytes);
memset(result, 0, size_total);
}
return result;
}