@@ -515,6 +515,21 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
515
515
// Setting a static upper bound on the maximum buffer size allocation for regular sized messages (not large).
516
516
static_assert (PacketBuffer::kMaxSizeWithoutReserve <= UINT16_MAX, " kMaxSizeWithoutReserve should not exceed UINT16_MAX." );
517
517
518
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
519
+ // Setting a static upper bound on the maximum buffer size allocation for
520
+ // large messages.
521
+ #if CHIP_SYSTEM_CONFIG_USE_LWIP
522
+ // LwIP based systems are internally limited to using a u16_t type as the size of a buffer.
523
+ static_assert (PacketBuffer::kLargeBufMaxSizeWithoutReserve <= UINT16_MAX,
524
+ " In LwIP, max size for Large payload buffers cannot exceed UINT16_MAX!" );
525
+ #else
526
+ // Messages over TCP are framed using a length field that is 32 bits in
527
+ // length.
528
+ static_assert (PacketBuffer::kLargeBufMaxSizeWithoutReserve <= UINT32_MAX,
529
+ " Max size for Large payload buffers cannot exceed UINT32_MAX" );
530
+ #endif // CHIP_SYSTEM_CONFIG_USE_LWIP
531
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
532
+
518
533
// Ensure that aAvailableSize is bound within a max and is not big enough to cause overflow during
519
534
// subsequent addition of all the sizes.
520
535
if (aAvailableSize > UINT32_MAX)
@@ -547,7 +562,14 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
547
562
#if CHIP_SYSTEM_CONFIG_USE_LWIP
548
563
// LwIP based APIs have a maximum buffer size of UINT16_MAX. Ensure that
549
564
// limit is met during allocation.
550
- VerifyOrDieWithMsg (sumOfAvailAndReserved < UINT16_MAX, chipSystemLayer, " LwIP based systems can handle only up to UINT16_MAX!" );
565
+ if (sumOfAvailAndReserved > UINT16_MAX)
566
+ {
567
+ ChipLogError (chipSystemLayer,
568
+ " LwIP based systems require total buffer size to be less than UINT16_MAX!."
569
+ " Attempted allocation size = " ChipLogFormatX64,
570
+ ChipLogValueX64 (sumOfAvailAndReserved));
571
+ return PacketBufferHandle ();
572
+ }
551
573
#endif // CHIP_SYSTEM_CONFIG_USE_LWIP
552
574
553
575
// sumOfAvailAndReserved is no larger than sumOfSizes, which we checked can be cast to
@@ -557,7 +579,7 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
557
579
558
580
CHIP_SYSTEM_FAULT_INJECT (FaultInjection::kFault_PacketBufferNew , return PacketBufferHandle ());
559
581
560
- if (lAllocSize > PacketBuffer::kMaxSizeWithoutReserve )
582
+ if (lAllocSize > PacketBuffer::kMaxAllocSize )
561
583
{
562
584
ChipLogError (chipSystemLayer, " PacketBuffer: allocation exceeding buffer capacity limits." );
563
585
return PacketBufferHandle ();
@@ -621,18 +643,15 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
621
643
PacketBufferHandle PacketBufferHandle::NewWithData (const void * aData, size_t aDataSize, size_t aAdditionalSize,
622
644
uint16_t aReservedSize)
623
645
{
624
- if (aDataSize > UINT16_MAX)
625
- {
626
- ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
627
- return PacketBufferHandle ();
628
- }
629
646
// Since `aDataSize` fits in uint16_t, the sum `aDataSize + aAdditionalSize` will not overflow.
630
647
// `New()` will only return a non-null buffer if the total allocation size does not overflow.
631
648
PacketBufferHandle buffer = New (aDataSize + aAdditionalSize, aReservedSize);
632
649
if (buffer.mBuffer != nullptr )
633
650
{
634
651
memcpy (buffer.mBuffer ->payload , aData, aDataSize);
635
652
#if CHIP_SYSTEM_CONFIG_USE_LWIP
653
+ // Checks in the New() call catch buffer allocations greater
654
+ // than UINT16_MAX for LwIP based platforms.
636
655
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = static_cast <uint16_t >(aDataSize);
637
656
#else
638
657
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = aDataSize;
@@ -755,18 +774,18 @@ PacketBufferHandle PacketBufferHandle::CloneData() const
755
774
size_t originalDataSize = original->MaxDataLength ();
756
775
uint16_t originalReservedSize = original->ReservedSize ();
757
776
758
- if (originalDataSize + originalReservedSize > PacketBuffer::kMaxSizeWithoutReserve )
777
+ if (originalDataSize + originalReservedSize > PacketBuffer::kMaxAllocSize )
759
778
{
760
779
// The original memory allocation may have provided a larger block than requested (e.g. when using a shared pool),
761
780
// and in particular may have provided a larger block than we are able to request from PackBufferHandle::New().
762
781
// It is a genuine error if that extra space has been used.
763
- if (originalReservedSize + original->DataLength () > PacketBuffer::kMaxSizeWithoutReserve )
782
+ if (originalReservedSize + original->DataLength () > PacketBuffer::kMaxAllocSize )
764
783
{
765
784
return PacketBufferHandle ();
766
785
}
767
786
// Otherwise, reduce the requested data size. This subtraction can not underflow because the above test
768
- // guarantees originalReservedSize <= PacketBuffer::kMaxSizeWithoutReserve .
769
- originalDataSize = PacketBuffer::kMaxSizeWithoutReserve - originalReservedSize;
787
+ // guarantees originalReservedSize <= PacketBuffer::kMaxAllocSize .
788
+ originalDataSize = PacketBuffer::kMaxAllocSize - originalReservedSize;
770
789
}
771
790
772
791
PacketBufferHandle clone = PacketBufferHandle::New (originalDataSize, originalReservedSize);
0 commit comments