Overflow check missing for non-ASSERT builds

Description

Reported by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de> (Principal Security Consultant)

  • kernel/mempool.c

void *k_calloc(size_t nmemb, size_t size)

{

        void *ret;

        size_t bounds;

#ifdef CONFIG_ASSERT

        _ASSERT(!_builtin_mul_overflow(nmemb, size, &bounds),

                 "requested size overflow");

#else

        bounds = nmemb * size;

#endif

It might not be clear to everyone that removing __ASSERT() will have
security implications. I would recommend to rename the CONFIG variable
for this case.

Environment

None

Assignee

Unassigned

Reporter

Ruud Derwig

Labels

None

Authorized viewers

None

CVE

None

Embargo Lift

None

Fix versions

Priority

Medium
Configure