@@ -514,7 +514,11 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
514
514
static_assert (PacketBuffer::kStructureSize == sizeof (PacketBuffer), " PacketBuffer size mismatch" );
515
515
static_assert (PacketBuffer::kStructureSize < UINT16_MAX, " Check for overflow more carefully" );
516
516
static_assert (SIZE_MAX >= INT_MAX, " Our additions might not fit in size_t" );
517
- static_assert (PacketBuffer::kMaxSizeWithoutReserve <= UINT32_MAX, " PacketBuffer may have size not fitting uint32_t" );
517
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
518
+ static_assert (PacketBuffer::kLargeBufMaxSizeWithoutReserve <= UINT32_MAX, " Max size for Large payload buffers" );
519
+ static_assert (PacketBuffer::kMaxSizeWithoutReserve < PacketBuffer::kLargeBufMaxSizeWithoutReserve ,
520
+ " Large buffer configuration should be greater than the conventional buffer limit" );
521
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
518
522
#if CHIP_SYSTEM_CONFIG_USE_LWIP
519
523
// LwIP based APIs have a maximum buffer size of UINT16_MAX. Ensure that
520
524
// limit is met during allocation.
@@ -530,8 +534,7 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
530
534
531
535
CHIP_SYSTEM_FAULT_INJECT (FaultInjection::kFault_PacketBufferNew , return PacketBufferHandle ());
532
536
533
- // TODO: Change the max to a lower value
534
- if (aAvailableSize > UINT32_MAX || lAllocSize > PacketBuffer::kMaxSizeWithoutReserve || lBlockSize > UINT32_MAX)
537
+ if (lAllocSize > PacketBuffer::kMaxAllocSize )
535
538
{
536
539
ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
537
540
return PacketBufferHandle ();
@@ -593,18 +596,15 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
593
596
PacketBufferHandle PacketBufferHandle::NewWithData (const void * aData, size_t aDataSize, size_t aAdditionalSize,
594
597
uint16_t aReservedSize)
595
598
{
596
- if (aDataSize > UINT16_MAX)
597
- {
598
- ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
599
- return PacketBufferHandle ();
600
- }
601
599
// Since `aDataSize` fits in uint16_t, the sum `aDataSize + aAdditionalSize` will not overflow.
602
600
// `New()` will only return a non-null buffer if the total allocation size does not overflow.
603
601
PacketBufferHandle buffer = New (aDataSize + aAdditionalSize, aReservedSize);
604
602
if (buffer.mBuffer != nullptr )
605
603
{
606
604
memcpy (buffer.mBuffer ->payload , aData, aDataSize);
607
605
#if CHIP_SYSTEM_CONFIG_USE_LWIP
606
+ // The VerifyOrDie() in the New() call catches buffer allocations greater
607
+ // than UINT16_MAX for LwIP based platforms.
608
608
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = static_cast <uint16_t >(aDataSize);
609
609
#else
610
610
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = aDataSize;
@@ -727,18 +727,20 @@ PacketBufferHandle PacketBufferHandle::CloneData() const
727
727
size_t originalDataSize = original->MaxDataLength ();
728
728
uint16_t originalReservedSize = original->ReservedSize ();
729
729
730
- if (originalDataSize + originalReservedSize > PacketBuffer::kMaxSizeWithoutReserve )
730
+ uint32_t maxSize = PacketBuffer::kMaxAllocSize ;
731
+
732
+ if (originalDataSize + originalReservedSize > maxSize)
731
733
{
732
734
// The original memory allocation may have provided a larger block than requested (e.g. when using a shared pool),
733
735
// and in particular may have provided a larger block than we are able to request from PackBufferHandle::New().
734
736
// It is a genuine error if that extra space has been used.
735
- if (originalReservedSize + original->DataLength () > PacketBuffer:: kMaxSizeWithoutReserve )
737
+ if (originalReservedSize + original->DataLength () > maxSize )
736
738
{
737
739
return PacketBufferHandle ();
738
740
}
739
741
// Otherwise, reduce the requested data size. This subtraction can not underflow because the above test
740
- // guarantees originalReservedSize <= PacketBuffer::kMaxSizeWithoutReserve .
741
- originalDataSize = PacketBuffer:: kMaxSizeWithoutReserve - originalReservedSize;
742
+ // guarantees originalReservedSize <= maxSize .
743
+ originalDataSize = maxSize - originalReservedSize;
742
744
}
743
745
744
746
PacketBufferHandle clone = PacketBufferHandle::New (originalDataSize, originalReservedSize);
0 commit comments