Skip to content

Commit

Permalink
fix(freertos): Limit idle task name length copy operation
Browse files Browse the repository at this point in the history
This commit limits the idle task name length copy operation to prevent
Out-of-bounds memory access warnings from static code analyzers.

Signed-off-by: Sudeep Mohanty <[email protected]>
  • Loading branch information
sudeep-mohanty committed Dec 9, 2024
1 parent 974351f commit d847f2c
Showing 1 changed file with 13 additions and 30 deletions.
43 changes: 13 additions & 30 deletions tasks.c
Original file line number Diff line number Diff line change
Expand Up @@ -3521,26 +3521,12 @@ static BaseType_t prvCreateIdleTasks( void )
{
BaseType_t xReturn = pdPASS;
BaseType_t xCoreID;
char cIdleName[ configMAX_TASK_NAME_LEN ];
char cIdleName[ configMAX_TASK_NAME_LEN ] = { 0 };
TaskFunction_t pxIdleTaskFunction = NULL;
BaseType_t xIdleTaskNameIndex;

for( xIdleTaskNameIndex = ( BaseType_t ) 0; xIdleTaskNameIndex < ( BaseType_t ) configMAX_TASK_NAME_LEN; xIdleTaskNameIndex++ )
{
cIdleName[ xIdleTaskNameIndex ] = configIDLE_TASK_NAME[ xIdleTaskNameIndex ];

/* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
* configMAX_TASK_NAME_LEN characters just in case the memory after the
* string is not accessible (extremely unlikely). */
if( cIdleName[ xIdleTaskNameIndex ] == ( char ) 0x00 )
{
break;
}
else
{
mtCOVERAGE_TEST_MARKER();
}
}
/* Copy the name of the idle task up to configMAX_TASK_NAME_LEN - 1 characters, leaving room for the null-terminator */
strncpy( cIdleName, configIDLE_TASK_NAME, configMAX_TASK_NAME_LEN - 1 );
cIdleName[ configMAX_TASK_NAME_LEN - 1 ] = '\0';

/* Add each idle task at the lowest priority. */
for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) configNUMBER_OF_CORES; xCoreID++ )
Expand Down Expand Up @@ -3570,20 +3556,17 @@ static BaseType_t prvCreateIdleTasks( void )
* only one idle task. */
#if ( configNUMBER_OF_CORES > 1 )
{
BaseType_t uxIdleNameLength = strlen( cIdleName );

/* Convert the core ID to a string. */
char cCoreIDStr[ 11 ];
snprintf( cCoreIDStr, sizeof( cCoreIDStr ), "%d", xCoreID );
BaseType_t uxCoreIDStrLength = strlen( cCoreIDStr );

/* Append the idle task number to the end of the name if there is space. */
if( xIdleTaskNameIndex < ( BaseType_t ) configMAX_TASK_NAME_LEN )
if( uxIdleNameLength + uxCoreIDStrLength < ( BaseType_t ) configMAX_TASK_NAME_LEN )
{
cIdleName[ xIdleTaskNameIndex ] = ( char ) ( xCoreID + '0' );

/* And append a null character if there is space. */
if( ( xIdleTaskNameIndex + 1 ) < ( BaseType_t ) configMAX_TASK_NAME_LEN )
{
cIdleName[ xIdleTaskNameIndex + 1 ] = '\0';
}
else
{
mtCOVERAGE_TEST_MARKER();
}
strncat( cIdleName, cCoreIDStr, configMAX_TASK_NAME_LEN - uxIdleNameLength - 1 );
}
else
{
Expand Down

0 comments on commit d847f2c

Please sign in to comment.