epagris/FreeRTOS-Kernel
1
0
Fork 1
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2026-06-20 10:03:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: TOCTOU race condition in vTaskListTasks()

Browse Source 
Read uxCurrentNumberOfTasks once into uxArraySize and use that local
variable for both the size check and pvPortMalloc() call. The previous
code read the volatile variable twice, allowing a task to be created
between the reads, resulting in an undersized allocation that could
cause a buffer overflow in uxTaskGetSystemState().
This commit is contained in:
Srikanth Patchava 2026-06-15 21:34:07 -07:00 committed by Aniruddha Kanhere
parent 83e56c38ee
commit e146d6444c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tasks.c
View File

@ -7362,7 +7362,7 @@ STATIC void prvResetNextTaskUnblockTime( void )
/* MISRA Ref 11.5.1 [Malloc memory assignment] */ /* MISRA Ref 11.5.1 [Malloc memory assignment] */
/* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */ /* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */
/* coverity[misra_c_2012_rule_11_5_violation] */ /* coverity[misra_c_2012_rule_11_5_violation] */
pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) ); pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
if( pxTaskStatusArray != NULL ) if( pxTaskStatusArray != NULL )
{ {
@ -7531,7 +7531,7 @@ STATIC void prvResetNextTaskUnblockTime( void )
/* MISRA Ref 11.5.1 [Malloc memory assignment] */ /* MISRA Ref 11.5.1 [Malloc memory assignment] */
/* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */ /* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-115 */
/* coverity[misra_c_2012_rule_11_5_violation] */ /* coverity[misra_c_2012_rule_11_5_violation] */
pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) ); pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
if( pxTaskStatusArray != NULL ) if( pxTaskStatusArray != NULL )
{ {