@@ -530,12 +530,19 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
530
530
531
531
CHIP_SYSTEM_FAULT_INJECT (FaultInjection::kFault_PacketBufferNew , return PacketBufferHandle ());
532
532
533
- // TODO: Change the max to a lower value
534
- if (aAvailableSize > UINT32_MAX || lAllocSize > PacketBuffer::kMaxSizeWithoutReserve || lBlockSize > UINT32_MAX)
533
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
534
+ if (lAllocSize > CHIP_CONFIG_MAX_LARGE_PAYLOAD_SIZE_BYTES || lBlockSize > UINT32_MAX)
535
+ {
536
+ ChipLogError (chipSystemLayer, " PacketBuffer: allocation exceeds limit for large payload size." );
537
+ return PacketBufferHandle ();
538
+ }
539
+ #else
540
+ if (lAllocSize > PacketBuffer::kMaxSizeWithoutReserve || lBlockSize > UINT16_MAX)
535
541
{
536
542
ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
537
543
return PacketBufferHandle ();
538
544
}
545
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
539
546
540
547
#if CHIP_SYSTEM_CONFIG_USE_LWIP
541
548
@@ -593,7 +600,11 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
593
600
PacketBufferHandle PacketBufferHandle::NewWithData (const void * aData, size_t aDataSize, size_t aAdditionalSize,
594
601
uint16_t aReservedSize)
595
602
{
603
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
604
+ if (aDataSize > UINT32_MAX)
605
+ #else
596
606
if (aDataSize > UINT16_MAX)
607
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
597
608
{
598
609
ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
599
610
return PacketBufferHandle ();
@@ -605,6 +616,8 @@ PacketBufferHandle PacketBufferHandle::NewWithData(const void * aData, size_t aD
605
616
{
606
617
memcpy (buffer.mBuffer ->payload , aData, aDataSize);
607
618
#if CHIP_SYSTEM_CONFIG_USE_LWIP
619
+ // The VerifyOrDie() in the New() call catches buffer allocations greater
620
+ // than UINT16_MAX for LwIP based platforms.
608
621
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = static_cast <uint16_t >(aDataSize);
609
622
#else
610
623
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = aDataSize;
@@ -727,18 +740,24 @@ PacketBufferHandle PacketBufferHandle::CloneData() const
727
740
size_t originalDataSize = original->MaxDataLength ();
728
741
uint16_t originalReservedSize = original->ReservedSize ();
729
742
730
- if (originalDataSize + originalReservedSize > PacketBuffer::kMaxSizeWithoutReserve )
743
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
744
+ uint32_t maxSize = CHIP_CONFIG_MAX_LARGE_PAYLOAD_SIZE_BYTES;
745
+ #else
746
+ uint32_t maxSize = PacketBuffer::kMaxSizeWithoutReserve ;
747
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
748
+
749
+ if (originalDataSize + originalReservedSize > maxSize)
731
750
{
732
751
// The original memory allocation may have provided a larger block than requested (e.g. when using a shared pool),
733
752
// and in particular may have provided a larger block than we are able to request from PackBufferHandle::New().
734
753
// It is a genuine error if that extra space has been used.
735
- if (originalReservedSize + original->DataLength () > PacketBuffer:: kMaxSizeWithoutReserve )
754
+ if (originalReservedSize + original->DataLength () > maxSize )
736
755
{
737
756
return PacketBufferHandle ();
738
757
}
739
758
// Otherwise, reduce the requested data size. This subtraction can not underflow because the above test
740
- // guarantees originalReservedSize <= PacketBuffer::kMaxSizeWithoutReserve .
741
- originalDataSize = PacketBuffer:: kMaxSizeWithoutReserve - originalReservedSize;
759
+ // guarantees originalReservedSize <= maxSize .
760
+ originalDataSize = maxSize - originalReservedSize;
742
761
}
743
762
744
763
PacketBufferHandle clone = PacketBufferHandle::New (originalDataSize, originalReservedSize);
0 commit comments