[PATCH] cpukit/score: Avoid overflow in multiplication
Kinsey Moore
kinsey.moore at oarcorp.com
Wed Jan 17 14:26:50 UTC 2024
Fair enough. I'll update the patch. Thanks!
On Wed, Jan 17, 2024 at 12:45 AM Sebastian Huber <
sebastian.huber at embedded-brains.de> wrote:
> On 16.01.24 21:02, Kinsey Moore wrote:
> > The two operands are 16 bit and the result is being saved into a
> > larger type. Reduce the possibility of an overflow during multiplication
> > by using the larger type as an operand.
> > ---
> > cpukit/score/src/objectextendinformation.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/cpukit/score/src/objectextendinformation.c
> b/cpukit/score/src/objectextendinformation.c
> > index 414766f219..f9c51c3bec 100644
> > --- a/cpukit/score/src/objectextendinformation.c
> > +++ b/cpukit/score/src/objectextendinformation.c
> > @@ -115,7 +115,8 @@ Objects_Maximum _Objects_Extend_information(
> > * Allocate the name table, and the objects and if it fails either
> return or
> > * generate a fatal error depending on auto-extending being active.
> > */
> > - object_block_size = extend_count * information->object_size;
> > + object_block_size = extend_count;
> > + object_block_size *= information->object_size;
> > new_object_block = _Workspace_Allocate( object_block_size );
> > if ( new_object_block == NULL ) {
> > return 0;
>
> I am not sure if a reviewer understands that this two line approach is
> there to avoid integer overflows. I would simply keep the expression as
> is and change extend_count to:
>
> uint32_t extend_count;
>
> --
> embedded brains GmbH & Co. KG
> Herr Sebastian HUBER
> Dornierstr. 4
> 82178 Puchheim
> Germany
> email: sebastian.huber at embedded-brains.de
> phone: +49-89-18 94 741 - 16
> fax: +49-89-18 94 741 - 08
>
> Registergericht: Amtsgericht München
> Registernummer: HRB 157899
> Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
> Unsere Datenschutzerklärung finden Sie hier:
> https://embedded-brains.de/datenschutzerklaerung/
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20240117/17b88527/attachment-0001.htm>
More information about the devel
mailing list