fix store sbrk heap bounds handling

danielinux · danielinux · commit 73b5ad46c926 · 2026-03-16T09:32:51.000+01:00
F/725
diff --git a/src/pkcs11_store.c b/src/pkcs11_store.c
@@ -24,6 +24,7 @@
 #include <string.h>
 
 #include "hal.h"
+#include "store_sbrk.h"
 
 #ifdef SECURE_PKCS11
 
@@ -72,17 +73,7 @@ void * _sbrk(unsigned int incr)
 {
     static uint8_t *heap = NULL;
     static uint32_t heapsize = (uint32_t)&_heap_size;
-    void *old_heap = heap;
-    (void)heapsize;
-    if (((incr >> 2) << 2) != incr)
-        incr = ((incr >> 2) + 1) << 2;
-
-    if (heap == NULL) {
-        heap = (uint8_t*)&_start_heap;
-        old_heap = heap;
-    } else
-        heap += incr;
-    return old_heap;
+    return wolfboot_store_sbrk(incr, &heap, (uint8_t *)&_start_heap, heapsize);
 }
 #endif
 
diff --git a/src/psa_store.c b/src/psa_store.c
@@ -24,6 +24,7 @@
 #include <string.h>
 
 #include "hal.h"
+#include "store_sbrk.h"
 
 #ifdef WOLFCRYPT_TZ_PSA
 
@@ -71,17 +72,7 @@ void * _sbrk(unsigned int incr)
 {
     static uint8_t *heap = NULL;
     static uint32_t heapsize = (uint32_t)&_heap_size;
-    void *old_heap = heap;
-    (void)heapsize;
-    if (((incr >> 2) << 2) != incr)
-        incr = ((incr >> 2) + 1) << 2;
-
-    if (heap == NULL) {
-        heap = (uint8_t*)&_start_heap;
-        old_heap = heap;
-    } else
-        heap += incr;
-    return old_heap;
+    return wolfboot_store_sbrk(incr, &heap, (uint8_t *)&_start_heap, heapsize);
 }
 #endif
 
diff --git a/src/store_sbrk.c b/src/store_sbrk.c
@@ -0,0 +1,25 @@
+#include <stddef.h>
+
+#include "store_sbrk.h"
+
+void *wolfboot_store_sbrk(unsigned int incr, uint8_t **heap,
+    uint8_t *heap_base, uint32_t heap_size)
+{
+    uint8_t *heap_limit = heap_base + heap_size;
+    void *old_heap = *heap;
+
+    if (((incr >> 2) << 2) != incr)
+        incr = ((incr >> 2) + 1) << 2;
+
+    if (*heap == NULL) {
+        *heap = heap_base;
+        old_heap = *heap;
+    }
+
+    if ((uint32_t)(heap_limit - *heap) < incr)
+        return (void *)-1;
+
+    *heap += incr;
+
+    return old_heap;
+}
diff --git a/src/store_sbrk.h b/src/store_sbrk.h
@@ -0,0 +1,9 @@
+#ifndef WOLFBOOT_STORE_SBRK_H
+#define WOLFBOOT_STORE_SBRK_H
+
+#include <stdint.h>
+
+void *wolfboot_store_sbrk(unsigned int incr, uint8_t **heap,
+    uint8_t *heap_base, uint32_t heap_size);
+
+#endif
diff --git a/tools/unit-tests/Makefile b/tools/unit-tests/Makefile
@@ -48,7 +48,7 @@ TESTS:=unit-parser unit-extflash unit-string unit-spi-flash unit-aes128 \
        unit-enc-nvm-flagshome unit-delta unit-update-flash \
        unit-update-flash-enc unit-update-ram unit-pkcs11_store unit-psa_store unit-disk \
        unit-update-disk unit-multiboot unit-boot-x86-fsp unit-qspi-flash unit-tpm-rsa-exp \
-       unit-image-nopart unit-image-sha384 unit-image-sha3-384 \
+       unit-image-nopart unit-image-sha384 unit-image-sha3-384 unit-store-sbrk \
        unit-tpm-blob
 
 all: $(TESTS)
@@ -132,6 +132,9 @@ unit-tpm-blob: ../../include/target.h unit-tpm-blob.c
 		-DWOLFBOOT_HASH_SHA256 \
 		-ffunction-sections -fdata-sections $(LDFLAGS) -Wl,--gc-sections
 
+unit-store-sbrk: unit-store-sbrk.c ../../src/store_sbrk.c
+	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)
+
 unit-string: ../../include/target.h unit-string.c
 	gcc -o $@ $^ $(CFLAGS) -DDEBUG_UART -DPRINTF_ENABLED $(LDFLAGS)
 
diff --git a/tools/unit-tests/unit-store-sbrk.c b/tools/unit-tests/unit-store-sbrk.c
@@ -0,0 +1,60 @@
+/* unit-store-sbrk.c
+ *
+ * Unit tests for store allocator helper.
+ */
+
+#include <check.h>
+#include <stdint.h>
+
+#include "../../src/store_sbrk.h"
+
+START_TEST(test_sbrk_first_call_advances_heap)
+{
+    uint8_t heap_buf[32];
+    uint8_t *heap = NULL;
+    void *ret;
+
+    ret = wolfboot_store_sbrk(5, &heap, heap_buf, sizeof(heap_buf));
+
+    ck_assert_ptr_eq(ret, heap_buf);
+    ck_assert_ptr_eq(heap, heap_buf + 8);
+}
+END_TEST
+
+START_TEST(test_sbrk_rejects_overflow)
+{
+    uint8_t heap_buf[16];
+    uint8_t *heap = NULL;
+    void *ret;
+
+    ret = wolfboot_store_sbrk(8, &heap, heap_buf, sizeof(heap_buf));
+    ck_assert_ptr_eq(ret, heap_buf);
+
+    ret = wolfboot_store_sbrk(16, &heap, heap_buf, sizeof(heap_buf));
+    ck_assert_ptr_eq(ret, (void *)-1);
+    ck_assert_ptr_eq(heap, heap_buf + 8);
+}
+END_TEST
+
+Suite *wolfboot_suite(void)
+{
+    Suite *s = suite_create("store-sbrk");
+    TCase *tcase = tcase_create("store_sbrk");
+
+    tcase_add_test(tcase, test_sbrk_first_call_advances_heap);
+    tcase_add_test(tcase, test_sbrk_rejects_overflow);
+    suite_add_tcase(s, tcase);
+    return s;
+}
+
+int main(void)
+{
+    int fails;
+    Suite *s = wolfboot_suite();
+    SRunner *sr = srunner_create(s);
+
+    srunner_run_all(sr, CK_NORMAL);
+    fails = srunner_ntests_failed(sr);
+    srunner_free(sr);
+    return fails;
+}
