base-foc: explicit array-index bounds check

Adding an explicit check clarifies at the first glance that the array bounds are respected without needing knowledge about MAX_CAPS_PER_MSG and L4_UTCB_GENERIC_DATA_SIZE (used for dimensioning 'mr').
2020-01-07 17:07:57 +01:00 · 2020-01-07 17:07:57 +01:00 · 01713c74f9
parent 9ec66f0594
commit 01713c74f9
1 changed files with 5 additions and 0 deletions
--- a/repos/base-foc/src/lib/base/ipc.cc
+++ b/repos/base-foc/src/lib/base/ipc.cc
@ -238,6 +238,11 @@ static l4_msgtag_t copy_msgbuf_to_utcb(Msgbuf_base &snd_msg,
 		/* setup flexpage for valid capability to delegate */
 		if (caps[i].valid) {
 			unsigned const idx = num_msg_words + 2*num_cap_sel;
+
+			/* check bounds of 'l4_msg_regs_t::mr' */
+			if (idx + 1 >= L4_UTCB_GENERIC_DATA_SIZE)
+				break;
+
 			l4_utcb_mr()->mr[idx]     = L4_ITEM_MAP/* | L4_ITEM_CONT*/;
 			l4_utcb_mr()->mr[idx + 1] = l4_obj_fpage(caps[i].sel,
 			                                         0, L4_FPAGE_RWX).raw;