You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2020/02/13 08:07:34 UTC

[GitHub] [incubator-nuttx] yamt opened a new pull request #265: mm: Fix memory corruption issues in realloc

yamt opened a new pull request #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265
 
 
   Also, add a bunch of assertions.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [incubator-nuttx] yamt closed pull request #265: mm: Fix memory corruption issues in realloc

Posted by GitBox <gi...@apache.org>.

yamt closed pull request #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [incubator-nuttx] patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc

Posted by GitBox <gi...@apache.org>.

patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265#discussion_r378859739
 
 

 ##########
 File path: mm/mm_heap/mm_realloc.c
 ##########
 @@ -213,6 +215,28 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
             }
         }
 
+      /* Note that a free node can't be smaller than SIZEOF_MM_FREENODE.
+       * We have to either take the whole node, or leave at least
+       * SIZEOF_MM_FREENODE bytes.
+       * When we can't leave SIZEOF_MM_FREENODE bytes, just take the whole
+       * node. It might end up with returning a larger chunk than the
+       * caller requested. It should be ok.
+       */
+      DEBUGASSERT(prevsize >= takeprev);
+      DEBUGASSERT(nextsize >= takenext);
+      if (prevsize - takeprev < SIZEOF_MM_FREENODE)
+        {
+          takeprev = prevsize;
+        }
+      if (nextsize - takenext < SIZEOF_MM_FREENODE)
 
 Review comment:
   Coding standard requires that all terminating right braces be followed by a blank line.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [incubator-nuttx] patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc

Posted by GitBox <gi...@apache.org>.

patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265#discussion_r378859408
 
 

 ##########
 File path: mm/mm_heap/mm_realloc.c
 ##########
 @@ -213,6 +215,28 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
             }
         }
 
+      /* Note that a free node can't be smaller than SIZEOF_MM_FREENODE.
+       * We have to either take the whole node, or leave at least
+       * SIZEOF_MM_FREENODE bytes.
+       * When we can't leave SIZEOF_MM_FREENODE bytes, just take the whole
+       * node. It might end up with returning a larger chunk than the
+       * caller requested. It should be ok.
+       */
+      DEBUGASSERT(prevsize >= takeprev);
 
 Review comment:
   Coding standard requires that all comments be followed by a blank line.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [incubator-nuttx] patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc

Posted by GitBox <gi...@apache.org>.

patacongo commented on a change in pull request #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265#discussion_r378859855
 
 

 ##########
 File path: mm/mm_heap/mm_realloc.c
 ##########
 @@ -213,6 +215,28 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
             }
         }
 
+      /* Note that a free node can't be smaller than SIZEOF_MM_FREENODE.
+       * We have to either take the whole node, or leave at least
+       * SIZEOF_MM_FREENODE bytes.
+       * When we can't leave SIZEOF_MM_FREENODE bytes, just take the whole
+       * node. It might end up with returning a larger chunk than the
+       * caller requested. It should be ok.
+       */
+      DEBUGASSERT(prevsize >= takeprev);
+      DEBUGASSERT(nextsize >= takenext);
+      if (prevsize - takeprev < SIZEOF_MM_FREENODE)
+        {
+          takeprev = prevsize;
+        }
+      if (nextsize - takenext < SIZEOF_MM_FREENODE)
+        {
+          takenext = nextsize;
+        }
+      DEBUGASSERT(prevsize == takeprev ||
 
 Review comment:
   Needs a blank line

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [incubator-nuttx] yamt commented on issue #265: mm: Fix memory corruption issues in realloc

Posted by GitBox <gi...@apache.org>.

yamt commented on issue #265: mm: Fix memory corruption issues in realloc
URL: https://github.com/apache/incubator-nuttx/pull/265#issuecomment-585625790
 
 
   hm, it seems the real issue was not here. MM_MIN_CHUNK was broken for clang. i'm closing this for now.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services