epagris/FreeRTOS-Kernel
1
0
Fork 1
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2026-04-22 14:40:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add stack size validation in SecureContext_AllocateContext (#1402)

Browse Source 
Validate that ulSecureStackSize + securecontextSTACK_SEAL_SIZE does not
overflow before calling pvPortMalloc in the ARMv8-M secure context ports.

Reported by Jordan Mecom (Block, Inc.)
This commit is contained in:
Patrick Zhang 2026-04-16 14:18:23 -07:00 committed by GitHub
parent bdcde9583d
commit 7c0c890c64
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 135 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
portable/ARMv8M/secure/context/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM23/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM33/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM35P/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM52/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM55/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_CM85/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/GCC/ARM_STAR_MC3/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM23/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM33/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM35P/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM52/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM55/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_CM85/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {

11
portable/IAR/ARM_STAR_MC3/secure/secure_context.c
View File

@ -213,8 +213,15 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
/* Were we able to get a free context? */ /* Were we able to get a free context? */
if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS ) if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
{ {
/* Allocate the stack space. */ /* Allocate the stack space if possible. */
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE ); if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
{
pucStackMemory = NULL;
}
else
{
pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
}
if( pucStackMemory != NULL ) if( pucStackMemory != NULL )
{ {