Fix integer overflow bug

Signed-off-by: volcano <[email protected]>
intel · Apr 3, 2023 · 33a1ec1 · 33a1ec1
1 parent 0471aae
commit 33a1ec1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/sdk/sign_tool/SignTool/manage_metadata.cpp b/sdk/sign_tool/SignTool/manage_metadata.cpp
@@ -1221,7 +1221,7 @@ bool CMetadata::build_layout_table()
         // The memory reservation in emalloc.c also reserve two guard pages around the target
         // memory region in each reservation, so we need an extra 0x10000B each time.
         // Therefore, the total overhead should be (2^reserve_cnt - 1 + reserve_cnt) * 0x10000B.
-        uint64_t user_region_size = ((1 << reserve_cnt) - 1 + reserve_cnt) << 16;
+        uint64_t user_region_size = ((uint64_t)((1 << reserve_cnt) - 1 + reserve_cnt)) << 16;
         se_trace(SE_TRACE_ERROR, "RTS bookkeeping overhead: 0x%016llX\n", user_region_size);
 
         if (m_create_param.user_region_size > 0)

diff --git a/sdk/trts/ema_init.cpp b/sdk/trts/ema_init.cpp
@@ -42,7 +42,7 @@ static int build_rts_context_nodes(layout_entry_t *entry, uint64_t offset)
     assert(IS_PAGE_ALIGNED(rva));
 
     size_t addr = (size_t)get_enclave_base() + rva;
-    size_t size = entry->page_count << SE_PAGE_SHIFT;
+    size_t size = ((size_t)entry->page_count) << SE_PAGE_SHIFT;
 
     // entry is guard page or has EREMOVE, build a reserved ema
     if ((entry->si_flags == 0) ||
@@ -83,8 +83,7 @@ static int build_rts_context_nodes(layout_entry_t *entry, uint64_t offset)
             commit_direction = SGX_EMA_GROWSDOWN;
         }
 
-        int ret = mm_alloc((void*)addr,
-                         ((size_t)entry->page_count) << SE_PAGE_SHIFT,
+        int ret = mm_alloc((void*)addr, size,
                          SGX_EMA_COMMIT_ON_DEMAND | commit_direction
                          | SGX_EMA_SYSTEM | SGX_EMA_FIXED | type,
                          NULL, NULL, NULL);