[Cbe-oss-dev] [PATCH 15/17]MARS/modules/task: Context save stricter error checking

[Yuji Mano]

This adds a bit more strict error checking of user supplied context save unit
list parameter when calling mars_task_create.

Signed-off-by: Yuji Mano <yuji.mano at am.sony.com>

---
 modules/task/src/host/lib/task.c |   17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

--- a/modules/task/src/host/lib/task.c
+++ b/modules/task/src/host/lib/task.c
@@ -155,18 +155,28 @@ int mars_task_create(struct mars_context
 
 	/* calculate save unit count and save area size */
 	while (p->size) {
+		/* check for valid addr/size alignment and high addr boundary */
 		if (p->addr & MARS_TASK_CONTEXT_SAVE_UNIT_ADDR_ALIGN_MASK ||
-			p->size & MARS_TASK_CONTEXT_SAVE_UNIT_SIZE_ALIGN_MASK) {
+			p->size & MARS_TASK_CONTEXT_SAVE_UNIT_SIZE_ALIGN_MASK ||
+			p->addr + p->size > MARS_TASK_CONTEXT_SAVE_SIZE_MAX) {
 			ret = MARS_ERROR_PARAMS;
 			goto error_context_save_unit_addr_align;
 		}
 
+		/* increment save area size and check size limit */
 		context_save_area_size += p->size;
-		context_save_unit_count++;
-		p++;
+		if (context_save_area_size > MARS_TASK_CONTEXT_SAVE_SIZE_MAX) {
+			ret = MARS_ERROR_PARAMS;
+			goto error_context_save_area_size_limit;
+		}
 
+		/* increment save unit count and check count limit */
+		context_save_unit_count++;
 		if (context_save_unit_count == MARS_TASK_CONTEXT_SAVE_UNIT_MAX)
 			break;
+
+		/* increment save unit pointer */
+		p++;
 	}
 
 	/* allocate context save unit storage */
@@ -211,6 +221,7 @@ error_workload_queue_add_end:
 error_malloc_context_save_area:
 	mars_ea_free(task->context_save_unit_ea);
 error_malloc_context_save_unit:
+error_context_save_area_size_limit:
 error_context_save_unit_addr_align:
 	mars_ea_unmap(task->exec_ea, task->exec_size);
 error_map_exec: