You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2020/07/29 17:49:47 UTC
[GitHub] [incubator-nuttx] patacongo opened a new issue #1481: Illegal Usage of free() in the OS
patacongo opened a new issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481
malloc() and free() should never be used within the OS. This will work in the FLAT build because there is only a single heap, but will cause crashes in PROTECTED and KERNEL build modes where there are separate heaps for user and kernel memory.
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c: free(data);
./drivers/lcd/st7032.c: free(data);
./drivers/mkrd.c: free(buffer);
./drivers/net/telnet.c: free(priv);
./drivers/wireless/bluetooth/bt_uart_bcm4343x.c: free(din);
./drivers/wireless/ieee802154/mrf24j40/mrf24j40.c: free(dev);
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo commented on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo commented on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668715277
Even worse. In these cases, malloc() is used to allocate memory. Calls to malloc are also not legal within the OS code:
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c:
./drivers/lcd/st7032.c: free(data);
Another related and forbidden function, zalloc() is used here:
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
The remaining were allocated using kmm_malloc() or kmm_zalloc(), but freed with free(). These are address in PR #1507
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo edited a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo edited a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668718374
Evern worse. In all of these functions, memory is allocated for use in the OS using the user-space allocator malloc() or zalloc() interfaces:
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c: free(data);
./drivers/lcd/st7032.c: free(data);
In these cases, malloc(), zalloc(), and free() need to be replaced with kmm_malloc(), kmm_zalloc(), and kmm_free(). Fixed with PR #1510
In the other cases, the memory is already allocated with kmm_malloc() or kmm_zalloc(), but freed with free(). That is fixed in PR #1507
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] Ouss4 closed issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
Ouss4 closed issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo removed a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo removed a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668715277
Even worse. In these cases, malloc() is used to allocate memory. Calls to malloc are also not legal within the OS code:
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c:
./drivers/lcd/st7032.c: free(data);
Another related and forbidden function, zalloc() is used here:
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
The remaining were allocated using kmm_malloc() or kmm_zalloc(), but freed with free(). These are address in PR #1507
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo edited a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo edited a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668724072
This Issue cannot be closed yet. Additional calls to malloc()/zalloc() were found in the OS.
Memory is never free. Possible memory leak:
./boards/arm/cxd56xx/common/src/cxd56_crashdump.c: pdump = malloc(sizeof(fullcontext_t));
Memory allocated with malloc(), but freed with kmm_free():
./drivers/usbhost/usbhost_composite.c: cfgbuffer = (FAR uint8_t *)malloc(CUSTOM_CONFIG_BUFSIZE);
Memory is never freed in these cases. It is allocated in the driver initialization logic, but there is no corresponding uninitialization logic; memory is not freed on error conditions:
./arch/arm/src/lc823450/lc823450_i2s.c: priv = (struct lc823450_i2s_s *)zalloc(sizeof(struct lc823450_i2s_s));
./arch/arm/src/sam34/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/samv7/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
Memory is allocated with zalloc() but freed on error conditions with kmm_free():
./arch/arm/src/sama5/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/samv7/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/stm32/stm32_i2s.c: priv = (struct stm32_i2s_s *)zalloc(sizeof(struct stm32_i2s_s));
Memory is never freed:
./drivers/spi/spi_bitbang.c: priv = (FAR struct spi_bitbang_s *)zalloc(sizeof(struct spi_bitbang_s));
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo edited a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo edited a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668724072
This Issue cannot be closed yet. Additional calls to malloc()/zalloc() were found in the OS. No matching free()?
./boards/arm/cxd56xx/common/src/cxd56_crashdump.c: pdump = malloc(sizeof(fullcontext_t));
./drivers/usbhost/usbhost_composite.c: cfgbuffer = (FAR uint8_t *)malloc(CUSTOM_CONFIG_BUFSIZE);
./arch/arm/src/lc823450/lc823450_i2s.c: priv = (struct lc823450_i2s_s *)zalloc(sizeof(struct lc823450_i2s_s));
./arch/arm/src/sam34/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/samv7/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/samv7/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/stm32/stm32_i2s.c: priv = (struct stm32_i2s_s *)zalloc(sizeof(struct stm32_i2s_s));
./drivers/spi/spi_bitbang.c: priv = (FAR struct spi_bitbang_s *)zalloc(sizeof(struct spi_bitbang_s));
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo commented on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo commented on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668724072
Additional calls to malloc()/zalloc() in the OS. No matching free()?
./boards/arm/cxd56xx/common/src/cxd56_crashdump.c: pdump = malloc(sizeof(fullcontext_t));
./drivers/usbhost/usbhost_composite.c: cfgbuffer = (FAR uint8_t *)malloc(CUSTOM_CONFIG_BUFSIZE);
./arch/arm/src/lc823450/lc823450_i2s.c: priv = (struct lc823450_i2s_s *)zalloc(sizeof(struct lc823450_i2s_s));
./arch/arm/src/sam34/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/samv7/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/samv7/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/stm32/stm32_i2s.c: priv = (struct stm32_i2s_s *)zalloc(sizeof(struct stm32_i2s_s));
./drivers/spi/spi_bitbang.c: priv = (FAR struct spi_bitbang_s *)zalloc(sizeof(struct spi_bitbang_s));
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo commented on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo commented on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668718374
Evern worse. In all of these functions, memory is allocated for use in the OS using the user-space allocator malloc() or zalloc() interfaces:
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c: free(data);
./drivers/lcd/st7032.c: free(data);
In these cases, malloc(), zalloc(), and free() need to be replaceds with kmm_malloc(), kmm_zalloc(), and kmm_free().
In the other cases, the memory is already allocated with kmm_malloc() or kmm_zalloc(), but freed with free(). That is fixed in PR #1507
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo edited a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo edited a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668724072
This Issue cannot be closed yet. Additional calls to malloc()/zalloc() were found in the OS.
Memory is never free. Possible memory leak:
./boards/arm/cxd56xx/common/src/cxd56_crashdump.c: pdump = malloc(sizeof(fullcontext_t));
Memory allocated with malloc(), but freed with kmm_free():
./drivers/usbhost/usbhost_composite.c: cfgbuffer = (FAR uint8_t *)malloc(CUSTOM_CONFIG_BUFSIZE);
Memory is never freed in these cases. It is allocated in the driver initialization logic, but there is no corresponding uninitialization logic; memory is not freed on error conditions:
./arch/arm/src/lc823450/lc823450_i2s.c: priv = (struct lc823450_i2s_s *)zalloc(sizeof(struct lc823450_i2s_s));
./arch/arm/src/sam34/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
./arch/arm/src/sama5/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/samv7/sam_spi.c: spics = (struct sam_spics_s *)zalloc(sizeof(struct sam_spics_s));
Memory is allocated with zalloc() but freed on error conditions with kmm_free():
./arch/arm/src/samv7/sam_ssc.c: priv = (struct sam_ssc_s *)zalloc(sizeof(struct sam_ssc_s));
./arch/arm/src/stm32/stm32_i2s.c: priv = (struct stm32_i2s_s *)zalloc(sizeof(struct stm32_i2s_s));
Memory is never freed:
./drivers/spi/spi_bitbang.c: priv = (FAR struct spi_bitbang_s *)zalloc(sizeof(struct spi_bitbang_s));
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-nuttx] patacongo edited a comment on issue #1481: Illegal Usage of free() in the OS
Posted by GitBox <gi...@apache.org>.
patacongo edited a comment on issue #1481:
URL: https://github.com/apache/incubator-nuttx/issues/1481#issuecomment-668718374
Evern worse. In all of these functions, memory is allocated for use in the OS using the user-space allocator malloc() or zalloc() interfaces:
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(buf);
./arch/arm/src/cxd56xx/cxd56_gnss.c: free(priv->cepbuf);
./arch/arm/src/xmc4/xmc4_spi.c: free(spics);
./crypto/blake2s.c: free(in);
./drivers/lcd/pcf8574_lcd_backpack.c: free(data);
./drivers/lcd/st7032.c: free(data);
In these cases, malloc(), zalloc(), and free() need to be replaced with kmm_malloc(), kmm_zalloc(), and kmm_free().
In the other cases, the memory is already allocated with kmm_malloc() or kmm_zalloc(), but freed with free(). That is fixed in PR #1507
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org