@@ -514,7 +514,9 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
514
514
static_assert (PacketBuffer::kStructureSize == sizeof (PacketBuffer), " PacketBuffer size mismatch" );
515
515
static_assert (PacketBuffer::kStructureSize < UINT16_MAX, " Check for overflow more carefully" );
516
516
static_assert (SIZE_MAX >= INT_MAX, " Our additions might not fit in size_t" );
517
- static_assert (PacketBuffer::kMaxSizeWithoutReserve <= UINT32_MAX, " PacketBuffer may have size not fitting uint32_t" );
517
+ static_assert (CHIP_SYSTEM_CONFIG_MAX_LARGE_BUFFER_SIZE_BYTES <= UINT32_MAX, " Max size for Large payload buffers" );
518
+ static_assert (PacketBuffer::kMaxSizeWithoutReserve < CHIP_SYSTEM_CONFIG_MAX_LARGE_BUFFER_SIZE_BYTES,
519
+ " Large buffer configuration should be greater than the conventional buffer limit" );
518
520
#if CHIP_SYSTEM_CONFIG_USE_LWIP
519
521
// LwIP based APIs have a maximum buffer size of UINT16_MAX. Ensure that
520
522
// limit is met during allocation.
@@ -530,8 +532,7 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
530
532
531
533
CHIP_SYSTEM_FAULT_INJECT (FaultInjection::kFault_PacketBufferNew , return PacketBufferHandle ());
532
534
533
- // TODO: Change the max to a lower value
534
- if (aAvailableSize > UINT32_MAX || lAllocSize > PacketBuffer::kMaxSizeWithoutReserve || lBlockSize > UINT32_MAX)
535
+ if (lAllocSize > PacketBuffer::kMaxAllocSize )
535
536
{
536
537
ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
537
538
return PacketBufferHandle ();
@@ -593,18 +594,15 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
593
594
PacketBufferHandle PacketBufferHandle::NewWithData (const void * aData, size_t aDataSize, size_t aAdditionalSize,
594
595
uint16_t aReservedSize)
595
596
{
596
- if (aDataSize > UINT16_MAX)
597
- {
598
- ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
599
- return PacketBufferHandle ();
600
- }
601
597
// Since `aDataSize` fits in uint16_t, the sum `aDataSize + aAdditionalSize` will not overflow.
602
598
// `New()` will only return a non-null buffer if the total allocation size does not overflow.
603
599
PacketBufferHandle buffer = New (aDataSize + aAdditionalSize, aReservedSize);
604
600
if (buffer.mBuffer != nullptr )
605
601
{
606
602
memcpy (buffer.mBuffer ->payload , aData, aDataSize);
607
603
#if CHIP_SYSTEM_CONFIG_USE_LWIP
604
+ // The VerifyOrDie() in the New() call catches buffer allocations greater
605
+ // than UINT16_MAX for LwIP based platforms.
608
606
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = static_cast <uint16_t >(aDataSize);
609
607
#else
610
608
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = aDataSize;
@@ -727,18 +725,20 @@ PacketBufferHandle PacketBufferHandle::CloneData() const
727
725
size_t originalDataSize = original->MaxDataLength ();
728
726
uint16_t originalReservedSize = original->ReservedSize ();
729
727
730
- if (originalDataSize + originalReservedSize > PacketBuffer::kMaxSizeWithoutReserve )
728
+ uint32_t maxSize = PacketBuffer::kMaxAllocSize ;
729
+
730
+ if (originalDataSize + originalReservedSize > maxSize)
731
731
{
732
732
// The original memory allocation may have provided a larger block than requested (e.g. when using a shared pool),
733
733
// and in particular may have provided a larger block than we are able to request from PackBufferHandle::New().
734
734
// It is a genuine error if that extra space has been used.
735
- if (originalReservedSize + original->DataLength () > PacketBuffer:: kMaxSizeWithoutReserve )
735
+ if (originalReservedSize + original->DataLength () > maxSize )
736
736
{
737
737
return PacketBufferHandle ();
738
738
}
739
739
// Otherwise, reduce the requested data size. This subtraction can not underflow because the above test
740
- // guarantees originalReservedSize <= PacketBuffer::kMaxSizeWithoutReserve .
741
- originalDataSize = PacketBuffer:: kMaxSizeWithoutReserve - originalReservedSize;
740
+ // guarantees originalReservedSize <= maxSize .
741
+ originalDataSize = maxSize - originalReservedSize;
742
742
}
743
743
744
744
PacketBufferHandle clone = PacketBufferHandle::New (originalDataSize, originalReservedSize);
0 commit comments