node/driver: make SIZEOF_NOTE_START return the right size

The value returned by sizeof(struct note_start_s) is larger than the actual memory footprint of struct note_start_s. This causes the length calculated in sched_note_start to be larger than the actual memory size,which further leads to out-of-bounds reads in note_common. Signed-off-by: guohao15 <guohao15@xiaomi.com>
2026-02-06 04:01:54 +08:00 · 2025-07-04 17:43:27 +08:00
parent 172dd3959a
commit 029a5f5383
2 changed files with 2 additions and 12 deletions
--- a/drivers/note/note_driver.c
+++ b/drivers/note/note_driver.c
@@ -117,9 +117,9 @@ struct note_startalloc_s
 };

 #if CONFIG_TASK_NAME_SIZE > 0
-#  define SIZEOF_NOTE_START(n) (sizeof(struct note_start_s) + (n) - 1)
+#  define SIZEOF_NOTE_START(n) (sizeof(struct note_common_s) + (n))
 #else
-#  define SIZEOF_NOTE_START(n) (sizeof(struct note_start_s))
+#  define SIZEOF_NOTE_START(n) (sizeof(struct note_common_s))
 #endif

 #if CONFIG_DRIVERS_NOTE_TASKNAME_BUFSIZE > 0
--- a/include/nuttx/sched_note.h
+++ b/include/nuttx/sched_note.h
@@ -324,16 +324,6 @@ struct note_common_s
  clock_t nc_systime;          /* Time when note was buffered */
 };

-/* This is the specific form of the NOTE_START note */
-
-struct note_start_s
-{
-  struct note_common_s nst_cmn; /* Common note parameters */
-#if CONFIG_TASK_NAME_SIZE > 0
-  char    nst_name[1];          /* Start of the name of the thread/task */
-#endif
-};
-
 /* This is the specific form of the NOTE_STOP note */

 struct note_stop_s