Skip to content

Miss check for the return value of CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc #5233

New issue
New issue
Open
Bug
#5326
Open
Miss check for the return value of CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc#5233
Bug
#5326
Assignees
guhetiercopilot-swe-agent
Labels
Area: TestingRelated to test coverageTriagedThis item has been triaged by an MsQuic ownergood first issueGood for newcomershelp wantedExtra attention is needed
@t-minzheng

Description

@t-minzheng
t-minzheng
opened on Jul 10, 2025

Description
There are several instances in the codebase where the return value of CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc is not checked before being used.

msquic/src/perf/lib/Tcp.cpp

Lines 706 to 707 in a6fe43d

uint8_t* LocalTP = (uint8_t*)CXPLAT_ALLOC_NONPAGED(CxPlatTlsTPHeaderSize + LocalTPLength, QUIC_POOL_TLS_TRANSPARAMS);
CxPlatZeroMemory(LocalTP, LocalTPLength);

msquic/src/core/unittest/RecvBufferTest.cpp

Lines 55 to 58 in a6fe43d

PreallocChunk = (QUIC_RECV_CHUNK*)CXPLAT_ALLOC_NONPAGED(
sizeof(QUIC_RECV_CHUNK) + AllocBufferLength,
QUIC_POOL_RECVBUF); // Use the recv buffer pool tag as this memory is moved to the recv buffer.
QuicRecvChunkInitialize(PreallocChunk, AllocBufferLength, (uint8_t*)(PreallocChunk + 1), FALSE);

msquic/src/core/unittest/RecvBufferTest.cpp

Lines 77 to 79 in a6fe43d

AppOwnedBuffer = (uint8_t *)CXPLAT_ALLOC_NONPAGED(VirtualBufferLength, QUIC_POOL_TEST);
auto* Chunk = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool);
QuicRecvChunkInitialize(Chunk, AllocBufferLength, AppOwnedBuffer, TRUE);

msquic/src/core/unittest/RecvBufferTest.cpp

Lines 78 to 79 in a6fe43d

auto* Chunk = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool);
QuicRecvChunkInitialize(Chunk, AllocBufferLength, AppOwnedBuffer, TRUE);

msquic/src/core/unittest/RecvBufferTest.cpp

Lines 82 to 84 in a6fe43d

auto* Chunk2 = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool);
QuicRecvChunkInitialize(Chunk2, VirtualBufferLength - AllocBufferLength, AppOwnedBuffer + AllocBufferLength, TRUE);
CxPlatListInsertTail(&ChunkList, &Chunk2->Link);

msquic/src/platform/unittest/TlsTest.cpp

Lines 588 to 596 in a6fe43d

Context->ReceivedSessionTicket.Buffer = // N.B - Add one so we don't ever allocate zero bytes.
(uint8_t*)CXPLAT_ALLOC_NONPAGED(TicketLength+1, QUIC_POOL_CRYPTO_RESUMPTION_TICKET);
Context->ReceivedSessionTicket.Length = TicketLength;
if (TicketLength != 0) {
CxPlatCopyMemory(
Context->ReceivedSessionTicket.Buffer,
Ticket,
TicketLength);
}

Suggested Fix
Add a null check immediately after each CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc call, and handle the failure case appropriately

Metadata

Metadata

Assignees

Labels

Area: TestingRelated to test coverageTriagedThis item has been triaged by an MsQuic ownergood first issueGood for newcomershelp wantedExtra attention is needed

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions