This is an automated email from the ASF dual-hosted git repository. acassis pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit 113bb02568eecee700605bebc1ed13a38b77f2db Author: ligd <[email protected]> AuthorDate: Thu Sep 11 18:28:57 2025 +0800 checkstack: fix access overflow when checkstack We should check length first, and then check the value Signed-off-by: ligd <[email protected]> --- arch/arm/src/common/arm_checkstack.c | 2 +- arch/arm64/src/common/arm64_checkstack.c | 2 +- arch/avr/src/avr/avr_checkstack.c | 2 +- arch/ceva/src/common/ceva_checkstack.c | 2 +- arch/or1k/src/common/or1k_checkstack.c | 2 +- arch/risc-v/src/common/riscv_checkstack.c | 2 +- arch/sim/src/sim/sim_checkstack.c | 2 +- arch/sparc/src/common/sparc_checkstack.c | 2 +- arch/tricore/src/common/tricore_checkstack.c | 2 +- arch/x86_64/src/intel64/intel64_checkstack.c | 2 +- arch/xtensa/src/common/xtensa_checkstack.c | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/arch/arm/src/common/arm_checkstack.c b/arch/arm/src/common/arm_checkstack.c index 6b80918e9bb..450b82c14a8 100644 --- a/arch/arm/src/common/arm_checkstack.c +++ b/arch/arm/src/common/arm_checkstack.c @@ -119,7 +119,7 @@ size_t arm_stack_check(void *stackbase, size_t nbytes) */ for (ptr = (uint32_t *)start, mark = (nbytes >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/arm64/src/common/arm64_checkstack.c b/arch/arm64/src/common/arm64_checkstack.c index f89a3aa0370..ad949200094 100644 --- a/arch/arm64/src/common/arm64_checkstack.c +++ b/arch/arm64/src/common/arm64_checkstack.c @@ -101,7 +101,7 @@ size_t arm64_stack_check(void *stackbase, size_t nbytes) */ for (ptr = (uint32_t *)start, mark = (nbytes >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/avr/src/avr/avr_checkstack.c b/arch/avr/src/avr/avr_checkstack.c index 335afb3ca77..75f1a555442 100644 --- a/arch/avr/src/avr/avr_checkstack.c +++ b/arch/avr/src/avr/avr_checkstack.c @@ -108,7 +108,7 @@ size_t avr_stack_check(uintptr_t alloc, size_t size) */ for (ptr = (FAR uint8_t *)alloc, mark = size; - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/ceva/src/common/ceva_checkstack.c b/arch/ceva/src/common/ceva_checkstack.c index 2246241f186..e6c9dca599d 100644 --- a/arch/ceva/src/common/ceva_checkstack.c +++ b/arch/ceva/src/common/ceva_checkstack.c @@ -100,7 +100,7 @@ size_t ceva_stack_check(uintptr_t alloc, size_t size) */ for (ptr = (uint32_t *)alloc, mark = nwords; - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/or1k/src/common/or1k_checkstack.c b/arch/or1k/src/common/or1k_checkstack.c index 3dca5bc2035..59cccd36007 100644 --- a/arch/or1k/src/common/or1k_checkstack.c +++ b/arch/or1k/src/common/or1k_checkstack.c @@ -115,7 +115,7 @@ size_t or1k_stack_check(uintptr_t alloc, size_t size) size = end - start; for (ptr = (uint32_t *)start, mark = (size >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* Return our guess about how much stack space was used */ diff --git a/arch/risc-v/src/common/riscv_checkstack.c b/arch/risc-v/src/common/riscv_checkstack.c index 68dc1a26417..df3db64f812 100644 --- a/arch/risc-v/src/common/riscv_checkstack.c +++ b/arch/risc-v/src/common/riscv_checkstack.c @@ -117,7 +117,7 @@ size_t riscv_stack_check(uintptr_t alloc, size_t size) */ for (ptr = (uint32_t *)start, mark = (size >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/sim/src/sim/sim_checkstack.c b/arch/sim/src/sim/sim_checkstack.c index 492eb39716b..0e78a7d33e0 100644 --- a/arch/sim/src/sim/sim_checkstack.c +++ b/arch/sim/src/sim/sim_checkstack.c @@ -91,7 +91,7 @@ size_t sim_stack_check(void *alloc, size_t size) */ for (ptr = (uint32_t *)start, mark = (size >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/sparc/src/common/sparc_checkstack.c b/arch/sparc/src/common/sparc_checkstack.c index c989f2c0f05..b3be90390ba 100644 --- a/arch/sparc/src/common/sparc_checkstack.c +++ b/arch/sparc/src/common/sparc_checkstack.c @@ -115,7 +115,7 @@ size_t sparc_stack_check(void *stackbase, size_t nbytes) */ for (ptr = (uint32_t *)start, mark = (nbytes >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack diff --git a/arch/tricore/src/common/tricore_checkstack.c b/arch/tricore/src/common/tricore_checkstack.c index 8d2563c2792..f404ae6c288 100644 --- a/arch/tricore/src/common/tricore_checkstack.c +++ b/arch/tricore/src/common/tricore_checkstack.c @@ -93,7 +93,7 @@ size_t tricore_stack_check(uintptr_t alloc, size_t size) */ for (ptr = (uint32_t *)start, mark = (size >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* Return our guess about how much stack space was used */ diff --git a/arch/x86_64/src/intel64/intel64_checkstack.c b/arch/x86_64/src/intel64/intel64_checkstack.c index a1593ca8420..01ce8123f22 100644 --- a/arch/x86_64/src/intel64/intel64_checkstack.c +++ b/arch/x86_64/src/intel64/intel64_checkstack.c @@ -86,7 +86,7 @@ size_t x86_64_stack_check(void *stackbase, size_t nbytes) */ for (ptr = (uint32_t *)start, mark = (nbytes >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* Return our guess about how much stack space was used */ diff --git a/arch/xtensa/src/common/xtensa_checkstack.c b/arch/xtensa/src/common/xtensa_checkstack.c index 2aad524b2b9..4173a0c1260 100644 --- a/arch/xtensa/src/common/xtensa_checkstack.c +++ b/arch/xtensa/src/common/xtensa_checkstack.c @@ -116,7 +116,7 @@ size_t xtensa_stack_check(uintptr_t alloc, size_t size) */ for (ptr = (uint32_t *)start, mark = (size >> 2); - *ptr == STACK_COLOR && mark > 0; + mark > 0 && *ptr == STACK_COLOR; ptr++, mark--); /* If the stack is completely used, then this might mean that the stack
