From 01713c74f9ede3d5ce3652c6639382655c6c510c Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Tue, 7 Jan 2020 17:07:57 +0100 Subject: [PATCH] base-foc: explicit array-index bounds check Adding an explicit check clarifies at the first glance that the array bounds are respected without needing knowledge about MAX_CAPS_PER_MSG and L4_UTCB_GENERIC_DATA_SIZE (used for dimensioning 'mr'). --- repos/base-foc/src/lib/base/ipc.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/repos/base-foc/src/lib/base/ipc.cc b/repos/base-foc/src/lib/base/ipc.cc index 061b817e3..7b26adbdd 100644 --- a/repos/base-foc/src/lib/base/ipc.cc +++ b/repos/base-foc/src/lib/base/ipc.cc @@ -238,6 +238,11 @@ static l4_msgtag_t copy_msgbuf_to_utcb(Msgbuf_base &snd_msg, /* setup flexpage for valid capability to delegate */ if (caps[i].valid) { unsigned const idx = num_msg_words + 2*num_cap_sel; + + /* check bounds of 'l4_msg_regs_t::mr' */ + if (idx + 1 >= L4_UTCB_GENERIC_DATA_SIZE) + break; + l4_utcb_mr()->mr[idx] = L4_ITEM_MAP/* | L4_ITEM_CONT*/; l4_utcb_mr()->mr[idx + 1] = l4_obj_fpage(caps[i].sel, 0, L4_FPAGE_RWX).raw;