On 16.01.24 21:02, Kinsey Moore wrote:
The two operands are 16 bit and the result is being saved into a larger type. Reduce the possibility of an overflow during multiplication by using the larger type as an operand. --- cpukit/score/src/objectextendinformation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)diff --git a/cpukit/score/src/objectextendinformation.c b/cpukit/score/src/objectextendinformation.c index 414766f219..f9c51c3bec 100644 --- a/cpukit/score/src/objectextendinformation.c +++ b/cpukit/score/src/objectextendinformation.c @@ -115,7 +115,8 @@ Objects_Maximum _Objects_Extend_information( * Allocate the name table, and the objects and if it fails either return or * generate a fatal error depending on auto-extending being active. */ - object_block_size = extend_count * information->object_size; + object_block_size = extend_count; + object_block_size *= information->object_size; new_object_block = _Workspace_Allocate( object_block_size ); if ( new_object_block == NULL ) { return 0;
I am not sure if a reviewer understands that this two line approach is there to avoid integer overflows. I would simply keep the expression as is and change extend_count to:
uint32_t extend_count; -- embedded brains GmbH & Co. KG Herr Sebastian HUBER Dornierstr. 4 82178 Puchheim Germany email: [email protected] phone: +49-89-18 94 741 - 16 fax: +49-89-18 94 741 - 08 Registergericht: Amtsgericht München Registernummer: HRB 157899 Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler Unsere Datenschutzerklärung finden Sie hier: https://embedded-brains.de/datenschutzerklaerung/ _______________________________________________ devel mailing list [email protected] http://lists.rtems.org/mailman/listinfo/devel
