gsl: Avoid sub-overflow when calculating pointer offsets #46
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add null checks for heap_caldata_node and req_caldata_node to avoid null pointer dereference crash. Signed-off-by: ffrancis <[email protected]>
In case there is no voice call usecase present in acdb file, voice call calibration chunk header will still be present but with size zero, to avoid erroring out in that scenario remove the corresponding condition. Signed-off-by: ffrancis <[email protected]>
Add original free size check in do_alloc_block for robustness and null check at gsl_shmem_alloc_ext call site. Pointer subtraction returns signed ptrdiff_t, which can overflow; convert pointers to uintptr_t before computing offset. Also verify pointer positions: if addr < base, skip within the same page and return error for newly allocated page. Signed-off-by: ffrancis <[email protected]>
ffrancis123
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add original free size check in do_alloc_block for
robustness and null check at gsl_shmem_alloc_ext call site.
Pointer subtraction returns signed ptrdiff_t, which can
overflow; convert pointers to uintptr_t before computing
offset. Also verify pointer positions: if addr < base,
skip within the same page and return error for newly
allocated page.