Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-06-02 01:21:26 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

sched/irq: Avoid negative array index in irqchain_dispatch

Browse Source 
IRQ_TO_NDX() may return a negative value when the IRQ number is invalid
or not mapped. Using this negative value directly as an array index for
g_irqvector causes undefined behavior and potential memory corruption.

This patch adds a bounds check to ensure ndx is non-negative before
accessing the g_irqvector array, returning the error code if invalid.

Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
This commit is contained in:
pangzhen1
2025-09-02 20:56:00 +08:00
committed by Xiang Xiao
parent 5331d5a905
commit 927cccb278
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sched/irq/irq_chain.c
+7
View File
@@ -80,6 +80,12 @@ static int irqchain_dispatch(int irq, FAR void *context, FAR void *arg)
int ndx = IRQ_TO_NDX(irq); int ndx = IRQ_TO_NDX(irq);
int ret = 0; int ret = 0;
if (ndx < 0)
{
ret = ndx;
}
else
{
curr = g_irqvector[ndx].arg; curr = g_irqvector[ndx].arg;
while (curr != NULL) while (curr != NULL)
{ {
@@ -87,6 +93,7 @@ static int irqchain_dispatch(int irq, FAR void *context, FAR void *arg)
curr = curr->next; curr = curr->next;
ret |= prev->handler(irq, context, prev->arg); ret |= prev->handler(irq, context, prev->arg);
} }
}
return ret; return ret;
} }