freertos: Add queue init overflow check

projectgus · donghengqaz · commit b54fb1baf7ed · 2021-05-13T20:01:31.000+08:00
Based on FreeRTOS kernel patch 47338393 but modified
to work without assertions.
diff --git a/components/freertos/freertos/queue.c b/components/freertos/freertos/queue.c
@@ -360,6 +360,7 @@ Queue_t * const pxQueue = ( Queue_t * ) xQueue;
 	Queue_t *pxNewQueue;
 	size_t xQueueSizeInBytes;
 	uint8_t *pucQueueStorage;
+	BaseType_t overflow;
 
 		configASSERT( uxQueueLength > ( UBaseType_t ) 0 );
 
@@ -375,7 +376,29 @@ Queue_t * const pxQueue = ( Queue_t * ) xQueue;
 			xQueueSizeInBytes = ( size_t ) ( uxQueueLength * uxItemSize ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
 		}
 
-		pxNewQueue = ( Queue_t * ) pvPortMalloc( sizeof( Queue_t ) + xQueueSizeInBytes );
+		/* Check for multiplication overflow. */
+		overflow = ( uxItemSize != 0 ) && ( uxQueueLength != ( xQueueSizeInBytes / uxItemSize ) );
+
+		/* Check for addition overflow. */
+		overflow = overflow || ( ( sizeof( Queue_t ) + xQueueSizeInBytes ) < xQueueSizeInBytes );
+
+		if ( overflow == (BaseType_t) 0 )
+		{
+			/* Allocate the queue and storage area.	 Justification for MISRA
+			   deviation as follows:  pvPortMalloc() always ensures returned memory
+			   blocks are aligned per the requirements of the MCU stack.  In this case
+			   pvPortMalloc() must return a pointer that is guaranteed to meet the
+			   alignment requirements of the Queue_t structure - which in this case
+			   is an int8_t *.	Therefore, whenever the stack alignment requirements
+			   are greater than or equal to the pointer to char requirements the cast
+			   is safe.	 In other cases alignment requirements are not strict (one or
+			   two bytes). */
+			pxNewQueue = ( Queue_t * ) pvPortMalloc( sizeof( Queue_t ) + xQueueSizeInBytes ); /*lint !e9087 !e9079 see comment above. */
+		}
+		else
+		{
+			pxNewQueue = NULL;
+		}
 
 		if( pxNewQueue != NULL )
 		{
