You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by gn...@apache.org on 2020/06/29 23:10:37 UTC

[incubator-nuttx] branch releases/9.1 updated (c6f8a6b -> 201f920)

This is an automated email from the ASF dual-hosted git repository.

gnutt pushed a change to branch releases/9.1
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git.


    from c6f8a6b  tools: cxd56: nxstyle fixes
     new 3b1dca8  mm: Do not memcopy more than oldsize when realloc
     new 201f920  nxstyle: fixup style issues in mm_realloc.c

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 mm/mm_heap/mm_realloc.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

[incubator-nuttx] 01/02: mm: Do not memcopy more than oldsize when realloc

Posted by gn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

gnutt pushed a commit to branch releases/9.1
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git

commit 3b1dca8167d8abc22a7e0c71759bfc560c4e71c5
Author: Brennan Ashton <ba...@brennanashton.com>
AuthorDate: Sun Jun 28 11:57:38 2020 -0700

    mm: Do not memcopy more than oldsize when realloc
    
    When realloc up from a mem area to a larger one where a new node
    is needed. The the larger memory region is copied from the source
    this can both leak data as well as cause memory faults accesssing
    invalid data.
    
    This was first reported by Kwonsk
    
    Signed-off-by: Brennan Ashton <ba...@brennanashton.com>
---
 mm/mm_heap/mm_realloc.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mm/mm_heap/mm_realloc.c b/mm/mm_heap/mm_realloc.c
index 8b983b0..1f83ee7 100644
--- a/mm/mm_heap/mm_realloc.c
+++ b/mm/mm_heap/mm_realloc.c
@@ -270,17 +270,17 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
                                     (next->preceding & MM_ALLOC_BIT);
             }
 
-          /* Now we want to return newnode */
-
-          oldnode = newnode;
-          oldsize = newnode->size;
-
           /* Now we have to move the user contents 'down' in memory.  memcpy
            * should be safe for this.
            */
 
           newmem = (FAR void *)((FAR char *)newnode + SIZEOF_MM_ALLOCNODE);
           memcpy(newmem, oldmem, oldsize - SIZEOF_MM_ALLOCNODE);
+
+          /* Now we want to return newnode */
+
+          oldnode = newnode;
+          oldsize = newnode->size;
         }
 
       /* Extend into the next free chunk */

[incubator-nuttx] 02/02: nxstyle: fixup style issues in mm_realloc.c

Posted by gn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

gnutt pushed a commit to branch releases/9.1
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git

commit 201f920c3b5de64e0eb8c8a76a50ae2fcc4f6a2e
Author: Brennan Ashton <ba...@brennanashton.com>
AuthorDate: Sun Jun 28 12:13:00 2020 -0700

    nxstyle: fixup style issues in mm_realloc.c
    
    Signed-off-by: Brennan Ashton <ba...@brennanashton.com>
---
 mm/mm_heap/mm_realloc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/mm/mm_heap/mm_realloc.c b/mm/mm_heap/mm_realloc.c
index 1f83ee7..3e58cd1 100644
--- a/mm/mm_heap/mm_realloc.c
+++ b/mm/mm_heap/mm_realloc.c
@@ -1,7 +1,7 @@
 /****************************************************************************
  * mm/mm_heap/mm_realloc.c
  *
- *   Copyright (C) 2007, 2009, 2013-2014, 2017 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2007, 2009, 2013-2014, 2017 Gregory Nutt.
  *   Author: Gregory Nutt <gn...@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -256,7 +256,9 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
               next->preceding    = newnode->size |
                                    (next->preceding & MM_ALLOC_BIT);
 
-              /* Return the previous free node to the nodelist (with the new size) */
+              /* Return the previous free node to the nodelist
+               * (with the new size)
+               */
 
               mm_addfreechunk(heap, prev);
             }
@@ -294,7 +296,8 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
            * chunk)
            */
 
-          andbeyond = (FAR struct mm_allocnode_s *)((FAR char *)next + nextsize);
+          andbeyond = (FAR struct mm_allocnode_s *)
+                      ((FAR char *)next + nextsize);
 
           /* Remove the next node.  There must be a predecessor, but there
            * may not be a successor node.
@@ -311,7 +314,7 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
 
           oldnode->size = oldsize + takenext;
           newnode       = (FAR struct mm_freenode_s *)
-                            ((FAR char *)oldnode + oldnode->size);
+                          ((FAR char *)oldnode + oldnode->size);
 
           /* Did we consume the entire preceding chunk? */
 
@@ -344,7 +347,9 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
       return newmem;
     }
 
-  /* The current chunk cannot be extended.  Just allocate a new chunk and copy */
+  /* The current chunk cannot be extended.
+   * Just allocate a new chunk and copy
+   */
 
   else
     {