From 0337ceb442f80ad14f7062622dc91e1488e68723 Mon Sep 17 00:00:00 2001 From: guohao15 Date: Fri, 4 Jul 2025 17:43:27 +0800 Subject: [PATCH] node/driver: make SIZEOF_NOTE_START return the right size The value returned by sizeof(struct note_start_s) is larger than the actual memory footprint of struct note_start_s. This causes the length calculated in sched_note_start to be larger than the actual memory size,which further leads to out-of-bounds reads in note_common. Signed-off-by: guohao15 --- drivers/note/note_driver.c | 4 ++-- include/nuttx/sched_note.h | 10 ---------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/drivers/note/note_driver.c b/drivers/note/note_driver.c index b695153512586..8cbcb0c1bb6dc 100644 --- a/drivers/note/note_driver.c +++ b/drivers/note/note_driver.c @@ -117,9 +117,9 @@ struct note_startalloc_s }; #if CONFIG_TASK_NAME_SIZE > 0 -# define SIZEOF_NOTE_START(n) (sizeof(struct note_start_s) + (n) - 1) +# define SIZEOF_NOTE_START(n) (sizeof(struct note_common_s) + (n)) #else -# define SIZEOF_NOTE_START(n) (sizeof(struct note_start_s)) +# define SIZEOF_NOTE_START(n) (sizeof(struct note_common_s)) #endif #if CONFIG_DRIVERS_NOTE_TASKNAME_BUFSIZE > 0 diff --git a/include/nuttx/sched_note.h b/include/nuttx/sched_note.h index 5c13eee3ea3ff..23b2982e7e083 100644 --- a/include/nuttx/sched_note.h +++ b/include/nuttx/sched_note.h @@ -324,16 +324,6 @@ struct note_common_s clock_t nc_systime; /* Time when note was buffered */ }; -/* This is the specific form of the NOTE_START note */ - -struct note_start_s -{ - struct note_common_s nst_cmn; /* Common note parameters */ -#if CONFIG_TASK_NAME_SIZE > 0 - char nst_name[1]; /* Start of the name of the thread/task */ -#endif -}; - /* This is the specific form of the NOTE_STOP note */ struct note_stop_s