Add stack size validation in SecureContext_AllocateContext

Validate that ulSecureStackSize + securecontextSTACK_SEAL_SIZE does not
overflow before calling pvPortMalloc in the ARMv8-M secure context ports.

Reported by Jordan Mecom (Block, Inc.)

Author: patrzhan

portable/ARMv8M/secure/context/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM23/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM33/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM35P/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM52/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM55/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_CM85/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/GCC/ARM_STAR_MC3/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/IAR/ARM_CM23/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {

portable/IAR/ARM_CM33/secure/secure_context.c

@@ -214,7 +214,14 @@ secureportNON_SECURE_CALLABLE void SecureContext_Init( void )
         if( ulSecureContextIndex < secureconfigMAX_SECURE_CONTEXTS )
         {
             /* Allocate the stack space. */
-            pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+            if( ulSecureStackSize > ( UINT32_MAX - securecontextSTACK_SEAL_SIZE ) )
+                {
+                    pucStackMemory = NULL;
+                }
+                else
+                {
+                    pucStackMemory = pvPortMalloc( ulSecureStackSize + securecontextSTACK_SEAL_SIZE );
+                }
 
             if( pucStackMemory != NULL )
             {