Skip to content

Commit 74d807f

Browse files
kaczmarczyckkaczmarczyck
committed
Fixes an integer overflow in a helper class
This was not exploitable as a vulnerability as far as I know. All inputs to the function are coming from configs, and are never user inputs.
1 parent 016e81c commit 74d807f

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

src/env/tock/storage_helper.rs

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,7 @@ impl Partition {
188188
for range in &self.ranges {
189189
if offset < range.length() {
190190
return if range.length() - offset >= length {
191-
Some(range.start() + offset)
191+
range.start().checked_add(offset)
192192
} else {
193193
None
194194
};
@@ -378,4 +378,11 @@ mod tests {
378378
let partial_range = partition.ranges_from(0x30000);
379379
assert_eq!(partial_range[0], ModRange::new(0x30000, 0x30000));
380380
}
381+
382+
#[test]
383+
fn partition_find_address_overflow() {
384+
let mut partition = Partition::default();
385+
partition.append(ModRange::new(usize::MAX - 100, 200));
386+
assert_eq!(partition.find_address(150, 1), None);
387+
}
381388
}

0 commit comments

Comments
 (0)