forked from nuttx/nuttx-update
mm/heap: fix heap crash when use KASAN SW_TAG
Signed-off-by: ligd <liguiding1@xiaomi.com>
This commit is contained in:
parent
26dc3b297a
commit
5258e48be6
3 changed files with 5 additions and 2 deletions
|
@ -116,7 +116,8 @@ void mm_delayfree(FAR struct mm_heap_s *heap, FAR void *mem, bool delay)
|
|||
|
||||
/* Map the memory chunk into a free node */
|
||||
|
||||
node = (FAR struct mm_freenode_s *)((FAR char *)mem - MM_SIZEOF_ALLOCNODE);
|
||||
node = (FAR struct mm_freenode_s *)
|
||||
((FAR char *)kasan_reset_tag(mem) - MM_SIZEOF_ALLOCNODE);
|
||||
nodesize = MM_SIZEOF_NODE(node);
|
||||
|
||||
/* Sanity check against double-frees */
|
||||
|
|
|
@ -141,6 +141,8 @@ FAR void *mm_memalign(FAR struct mm_heap_s *heap, size_t alignment,
|
|||
kasan_poison((FAR void *)rawchunk,
|
||||
mm_malloc_size(heap, (FAR void *)rawchunk));
|
||||
|
||||
rawchunk = (uintptr_t)kasan_reset_tag((FAR void *)rawchunk);
|
||||
|
||||
/* We need to hold the MM mutex while we muck with the chunks and
|
||||
* nodelist.
|
||||
*/
|
||||
|
|
|
@ -132,7 +132,7 @@ FAR void *mm_realloc(FAR struct mm_heap_s *heap, FAR void *oldmem,
|
|||
/* Map the memory chunk into an allocated node structure */
|
||||
|
||||
oldnode = (FAR struct mm_allocnode_s *)
|
||||
((FAR char *)oldmem - MM_SIZEOF_ALLOCNODE);
|
||||
((FAR char *)kasan_reset_tag(oldmem) - MM_SIZEOF_ALLOCNODE);
|
||||
|
||||
/* We need to hold the MM mutex while we muck with the nodelist. */
|
||||
|
||||
|
|
Loading…
Reference in a new issue