@@ -515,6 +515,21 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
515
515
// Setting a static upper bound on the maximum buffer size allocation for regular sized messages (not large).
516
516
static_assert (PacketBuffer::kMaxSizeWithoutReserve <= UINT16_MAX, " kMaxSizeWithoutReserve should not exceed UINT16_MAX." );
517
517
518
+ #if INET_CONFIG_ENABLE_TCP_ENDPOINT
519
+ // Setting a static upper bound on the maximum buffer size allocation for
520
+ // large messages.
521
+ #if CHIP_SYSTEM_CONFIG_USE_LWIP
522
+ // LwIP based systems are internally limited to using a u16_t type as the size of a buffer.
523
+ static_assert (PacketBuffer::kLargeBufMaxSizeWithoutReserve <= UINT16_MAX,
524
+ " In LwIP, max size for Large payload buffers cannot exceed UINT16_MAX!" );
525
+ #else
526
+ // Messages over TCP are framed using a length field that is 32 bits in
527
+ // length.
528
+ static_assert (PacketBuffer::kLargeBufMaxSizeWithoutReserve <= UINT32_MAX,
529
+ " Max size for Large payload buffers cannot exceed UINT32_MAX" );
530
+ #endif // CHIP_SYSTEM_CONFIG_USE_LWIP
531
+ #endif // INET_CONFIG_ENABLE_TCP_ENDPOINT
532
+
518
533
// Ensure that aAvailableSize is bound within a max and is not big enough to cause overflow during
519
534
// subsequent addition of all the sizes.
520
535
if (aAvailableSize > UINT32_MAX)
@@ -547,7 +562,11 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
547
562
#if CHIP_SYSTEM_CONFIG_USE_LWIP
548
563
// LwIP based APIs have a maximum buffer size of UINT16_MAX. Ensure that
549
564
// limit is met during allocation.
550
- VerifyOrDieWithMsg (sumOfAvailAndReserved < UINT16_MAX, chipSystemLayer, " LwIP based systems can handle only up to UINT16_MAX!" );
565
+ if (sumOfAvailAndReserved > UINT16_MAX)
566
+ {
567
+ ChipLogError (chipSystemLayer, " LwIP based systems can handle only up to UINT16_MAX!" );
568
+ return PacketBufferHandle ();
569
+ }
551
570
#endif // CHIP_SYSTEM_CONFIG_USE_LWIP
552
571
553
572
// sumOfAvailAndReserved is no larger than sumOfSizes, which we checked can be cast to
@@ -557,7 +576,7 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
557
576
558
577
CHIP_SYSTEM_FAULT_INJECT (FaultInjection::kFault_PacketBufferNew , return PacketBufferHandle ());
559
578
560
- if (lAllocSize > PacketBuffer::kMaxSizeWithoutReserve )
579
+ if (lAllocSize > PacketBuffer::kMaxAllocSize )
561
580
{
562
581
ChipLogError (chipSystemLayer, " PacketBuffer: allocation exceeding buffer capacity limits." );
563
582
return PacketBufferHandle ();
@@ -621,18 +640,15 @@ PacketBufferHandle PacketBufferHandle::New(size_t aAvailableSize, uint16_t aRese
621
640
PacketBufferHandle PacketBufferHandle::NewWithData (const void * aData, size_t aDataSize, size_t aAdditionalSize,
622
641
uint16_t aReservedSize)
623
642
{
624
- if (aDataSize > UINT16_MAX)
625
- {
626
- ChipLogError (chipSystemLayer, " PacketBuffer: allocation too large." );
627
- return PacketBufferHandle ();
628
- }
629
643
// Since `aDataSize` fits in uint16_t, the sum `aDataSize + aAdditionalSize` will not overflow.
630
644
// `New()` will only return a non-null buffer if the total allocation size does not overflow.
631
645
PacketBufferHandle buffer = New (aDataSize + aAdditionalSize, aReservedSize);
632
646
if (buffer.mBuffer != nullptr )
633
647
{
634
648
memcpy (buffer.mBuffer ->payload , aData, aDataSize);
635
649
#if CHIP_SYSTEM_CONFIG_USE_LWIP
650
+ // Checks in the New() call catches buffer allocations greater
651
+ // than UINT16_MAX for LwIP based platforms.
636
652
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = static_cast <uint16_t >(aDataSize);
637
653
#else
638
654
buffer.mBuffer ->len = buffer.mBuffer ->tot_len = aDataSize;
@@ -755,18 +771,18 @@ PacketBufferHandle PacketBufferHandle::CloneData() const
755
771
size_t originalDataSize = original->MaxDataLength ();
756
772
uint16_t originalReservedSize = original->ReservedSize ();
757
773
758
- if (originalDataSize + originalReservedSize > PacketBuffer::kMaxSizeWithoutReserve )
774
+ if (originalDataSize + originalReservedSize > PacketBuffer::kMaxAllocSize )
759
775
{
760
776
// The original memory allocation may have provided a larger block than requested (e.g. when using a shared pool),
761
777
// and in particular may have provided a larger block than we are able to request from PackBufferHandle::New().
762
778
// It is a genuine error if that extra space has been used.
763
- if (originalReservedSize + original->DataLength () > PacketBuffer::kMaxSizeWithoutReserve )
779
+ if (originalReservedSize + original->DataLength () > PacketBuffer::kMaxAllocSize )
764
780
{
765
781
return PacketBufferHandle ();
766
782
}
767
783
// Otherwise, reduce the requested data size. This subtraction can not underflow because the above test
768
- // guarantees originalReservedSize <= PacketBuffer::kMaxSizeWithoutReserve .
769
- originalDataSize = PacketBuffer::kMaxSizeWithoutReserve - originalReservedSize;
784
+ // guarantees originalReservedSize <= PacketBuffer::kMaxAllocSize .
785
+ originalDataSize = PacketBuffer::kMaxAllocSize - originalReservedSize;
770
786
}
771
787
772
788
PacketBufferHandle clone = PacketBufferHandle::New (originalDataSize, originalReservedSize);
0 commit comments