mirror of
https://github.com/apache/nuttx.git
synced 2025-01-13 05:08:41 +08:00
libs/libc/obstack: fix allocated chunk overrun due to invalid limit
This primarily fixes allocated memory overrun due to invalidly calculated limit of the chunk. The function here allocates chunk of size that includes required header. The error was that size of the chunk was invalidly again added when limit was being calculated. This was causing memory overrun and issues especially with object growing (reallocation). The secondary fix here is to the algorithm that rounds the required size to the multiple of chunk size. In short chunk size must be reduced by one to get the correct mask. The condition that was generating the mask was also invalid because it must perform shift with at most one less than number of bits (not bytes).
This commit is contained in:
parent
36b891c1e1
commit
b851916d76
2 changed files with 14 additions and 8 deletions
|
@ -314,7 +314,7 @@ void obstack_free(FAR struct obstack *h, FAR void *object);
|
||||||
* size: number of bytes to be free for growth
|
* size: number of bytes to be free for growth
|
||||||
*
|
*
|
||||||
* Assumptions/Limitations:
|
* Assumptions/Limitations:
|
||||||
* The obstack's chunk_size is expected to be power of two. This helps to
|
* The obstack's chunk_size is rounded up to be power of two. This helps to
|
||||||
* eliminate division that might not be implemented in the HW and thus
|
* eliminate division that might not be implemented in the HW and thus
|
||||||
* inefficient.
|
* inefficient.
|
||||||
*
|
*
|
||||||
|
|
|
@ -27,6 +27,8 @@
|
||||||
#include <obstack.h>
|
#include <obstack.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <sys/param.h>
|
||||||
|
#include <syslog.h>
|
||||||
#include "lib_obstack_malloc.h"
|
#include "lib_obstack_malloc.h"
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
|
@ -47,7 +49,7 @@
|
||||||
* size: number of bytes to be free for growth
|
* size: number of bytes to be free for growth
|
||||||
*
|
*
|
||||||
* Assumptions/Limitations:
|
* Assumptions/Limitations:
|
||||||
* The obstack's chunk_size is expected to be power of two. This helps to
|
* The obstack's chunk_size is rounded up to be power of two. This helps to
|
||||||
* eliminate division that might not be implemented in the HW and thus
|
* eliminate division that might not be implemented in the HW and thus
|
||||||
* inefficient.
|
* inefficient.
|
||||||
*
|
*
|
||||||
|
@ -69,13 +71,18 @@ void obstack_make_room(FAR struct obstack *h, size_t size)
|
||||||
|
|
||||||
size += object_size + sizeof(struct _obstack_chunk);
|
size += object_size + sizeof(struct _obstack_chunk);
|
||||||
|
|
||||||
/* Note: this is rounding up to the multiple of chunk size that is power of
|
/* Note: this is rounding up to the multiple of chunk size that is rounded
|
||||||
* two. Thus this creates limitation that chunks can be only power of two.
|
* up to the power of two.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
mask = h->chunk_size;
|
DEBUGASSERT(h->chunk_size > 0);
|
||||||
for (i = 1; i < sizeof(size_t); i <<= 1)
|
mask = h->chunk_size - 1;
|
||||||
|
|
||||||
|
for (i = 1; i < sizeof(size_t) * 8; i <<= 1)
|
||||||
|
{
|
||||||
mask |= mask >> i;
|
mask |= mask >> i;
|
||||||
|
}
|
||||||
|
|
||||||
size = (size + mask) & ~mask;
|
size = (size + mask) & ~mask;
|
||||||
|
|
||||||
if (h->chunk == NULL ||
|
if (h->chunk == NULL ||
|
||||||
|
@ -100,8 +107,7 @@ void obstack_make_room(FAR struct obstack *h, size_t size)
|
||||||
h->chunk = lib_obstack_realloc(h->chunk, size);
|
h->chunk = lib_obstack_realloc(h->chunk, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
h->chunk->limit =
|
h->chunk->limit = (FAR char *)h->chunk + size;
|
||||||
(FAR char *)h->chunk + sizeof(struct _obstack_chunk) + size;
|
|
||||||
h->object_base = (FAR char *)h->chunk + sizeof(struct _obstack_chunk);
|
h->object_base = (FAR char *)h->chunk + sizeof(struct _obstack_chunk);
|
||||||
h->next_free = h->object_base + object_size;
|
h->next_free = h->object_base + object_size;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue