Description
There are several instances in the codebase where the return value of CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc is not checked before being used.
|
uint8_t* LocalTP = (uint8_t*)CXPLAT_ALLOC_NONPAGED(CxPlatTlsTPHeaderSize + LocalTPLength, QUIC_POOL_TLS_TRANSPARAMS); |
|
CxPlatZeroMemory(LocalTP, LocalTPLength); |
|
PreallocChunk = (QUIC_RECV_CHUNK*)CXPLAT_ALLOC_NONPAGED( |
|
sizeof(QUIC_RECV_CHUNK) + AllocBufferLength, |
|
QUIC_POOL_RECVBUF); // Use the recv buffer pool tag as this memory is moved to the recv buffer. |
|
QuicRecvChunkInitialize(PreallocChunk, AllocBufferLength, (uint8_t*)(PreallocChunk + 1), FALSE); |
|
AppOwnedBuffer = (uint8_t *)CXPLAT_ALLOC_NONPAGED(VirtualBufferLength, QUIC_POOL_TEST); |
|
auto* Chunk = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool); |
|
QuicRecvChunkInitialize(Chunk, AllocBufferLength, AppOwnedBuffer, TRUE); |
|
auto* Chunk = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool); |
|
QuicRecvChunkInitialize(Chunk, AllocBufferLength, AppOwnedBuffer, TRUE); |
|
auto* Chunk2 = (QUIC_RECV_CHUNK *)CxPlatPoolAlloc(&AppBufferChunkPool); |
|
QuicRecvChunkInitialize(Chunk2, VirtualBufferLength - AllocBufferLength, AppOwnedBuffer + AllocBufferLength, TRUE); |
|
CxPlatListInsertTail(&ChunkList, &Chunk2->Link); |
|
Context->ReceivedSessionTicket.Buffer = // N.B - Add one so we don't ever allocate zero bytes. |
|
(uint8_t*)CXPLAT_ALLOC_NONPAGED(TicketLength+1, QUIC_POOL_CRYPTO_RESUMPTION_TICKET); |
|
Context->ReceivedSessionTicket.Length = TicketLength; |
|
if (TicketLength != 0) { |
|
CxPlatCopyMemory( |
|
Context->ReceivedSessionTicket.Buffer, |
|
Ticket, |
|
TicketLength); |
|
} |
Suggested Fix
Add a null check immediately after each CXPLAT_ALLOC_NONPAGED and CxPlatPoolAlloc call, and handle the failure case appropriately
Description
There are several instances in the codebase where the return value of
CXPLAT_ALLOC_NONPAGEDandCxPlatPoolAllocis not checked before being used.msquic/src/perf/lib/Tcp.cpp
Lines 706 to 707 in a6fe43d
msquic/src/core/unittest/RecvBufferTest.cpp
Lines 55 to 58 in a6fe43d
msquic/src/core/unittest/RecvBufferTest.cpp
Lines 77 to 79 in a6fe43d
msquic/src/core/unittest/RecvBufferTest.cpp
Lines 78 to 79 in a6fe43d
msquic/src/core/unittest/RecvBufferTest.cpp
Lines 82 to 84 in a6fe43d
msquic/src/platform/unittest/TlsTest.cpp
Lines 588 to 596 in a6fe43d
Suggested Fix
Add a null check immediately after each
CXPLAT_ALLOC_NONPAGEDandCxPlatPoolAlloccall, and handle the failure case appropriately