[Bug]: Missing length sanity check may cause buffer overrun (similar to Linux fix a282a2f1) #113
Description
What happened
Description
While reviewing the K230 SDK source code, I found a potential issue that is very similar to a recently fixed bug in the Linux kernel.
Linux reference commit: torvalds/linux@a282a2f
In the Linux kernel, this commit fixes a missing sanity check on frame segment lengths (e.g. negative or invalid values), which could otherwise lead to buffer overruns or memory corruption.
The corresponding logic in the K230 SDK appears to lack equivalent defensive checks. Under certain conditions, an invalid or negative length value could be used without proper validation, potentially resulting in out-of-bounds memory access.
Reproduction steps
Steps to Reproduce
- Trigger the affected code path with malformed or unexpected input
- Observe that length values are not fully validated before use
- Potential buffer overrun or undefined behavior may occur
Expected Behavior
All length or size fields should be strictly validated (e.g. non-negative and within expected bounds) before being used for memory access.
Actual Behavior
Length validation is incomplete, allowing invalid values to propagate.
Hardware board
k230 evb board
Software version
No response
Bug frequency
No response
Anything else
No response