From 1b6e74c922c5590f5a844f7f3f60364fa614aba0 Mon Sep 17 00:00:00 2001 From: Olivier Martin Date: Wed, 25 Nov 2015 18:08:40 +0000 Subject: [PATCH] RTOS/RTX: Check if the mail given to osMailPut() is valid This change ensures the address given by osMailPut() is valid. Giving an invalid address could have side effects. --- CMSIS/RTOS/RTX/SRC/rt_CMSIS.c | 8 ++++++++ CMSIS/RTOS/RTX/SRC/rt_MemBox.c | 10 ++++++++++ CMSIS/RTOS/RTX/SRC/rt_MemBox.h | 1 + 3 files changed, 19 insertions(+) diff --git a/CMSIS/RTOS/RTX/SRC/rt_CMSIS.c b/CMSIS/RTOS/RTX/SRC/rt_CMSIS.c index 173913c..fef60d1 100644 --- a/CMSIS/RTOS/RTX/SRC/rt_CMSIS.c +++ b/CMSIS/RTOS/RTX/SRC/rt_CMSIS.c @@ -2141,12 +2141,20 @@ osStatus osMailFree (osMailQId queue_id, void *mail) { /// Put a mail to a queue osStatus osMailPut (osMailQId queue_id, void *mail) { + void *pool; + if (queue_id == NULL) { return osErrorParameter; } if (mail == NULL) { return osErrorValue; } + + pool = *(((void **)queue_id) + 1); + if (rt_check_box (pool, mail) == 0) { + return osErrorValue; + } + return osMessagePut(*((void **)queue_id), (uint32_t)mail, 0U); } diff --git a/CMSIS/RTOS/RTX/SRC/rt_MemBox.c b/CMSIS/RTOS/RTX/SRC/rt_MemBox.c index 01d1e22..bc9fd6d 100644 --- a/CMSIS/RTOS/RTX/SRC/rt_MemBox.c +++ b/CMSIS/RTOS/RTX/SRC/rt_MemBox.c @@ -163,6 +163,16 @@ U32 rt_free_box (void *box_mem, void *box) { return (0U); } +/*--------------------------- rt_free_box -----------------------------------*/ + +U32 rt_check_box (void *box_mem, void *box) { + if ((box < box_mem) || (box >= ((P_BM) box_mem)->end)) { + return (0U); + } else { + return (1U); + } +} + /*---------------------------------------------------------------------------- * end of file *---------------------------------------------------------------------------*/ diff --git a/CMSIS/RTOS/RTX/SRC/rt_MemBox.h b/CMSIS/RTOS/RTX/SRC/rt_MemBox.h index c9d7e7c..cdaf408 100644 --- a/CMSIS/RTOS/RTX/SRC/rt_MemBox.h +++ b/CMSIS/RTOS/RTX/SRC/rt_MemBox.h @@ -39,6 +39,7 @@ extern U32 _init_box (void *box_mem, U32 box_size, U32 blk_size); extern void *rt_alloc_box (void *box_mem); extern void * _calloc_box (void *box_mem); extern U32 rt_free_box (void *box_mem, void *box); +extern U32 rt_check_box (void *box_mem, void *box); /*---------------------------------------------------------------------------- * end of file