Patrick Georgi submitted this change.

View Change



2 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

Approvals: build bot (Jenkins): Verified Martin L Roth: Looks good to me, approved Eric Lai: Looks good to me, approved 
malloc/memalign: Return NULL if the request is too large

It's what this function family is defined to do, we currently don't
usually run into the case (see: not too many die() instances going
around), it's more useful to try to recover, and the JPEG parser can run
into it if the work buffer size exceeds the remaining heap, whereas its
sole user (the bootsplash code) knows what to do when seeing a NULL.

Use xmalloc() if you want an allocation that either works or dies.

tl;dr: That code path isn't usually taken. Right now it crashes. With
this patch it _might_ survive. There is a use-case for doing it like
that now.

Change-Id: I262fbad7daae0ca3aab583fda00665a2592deaa8
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80226
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Reviewed-by: Eric Lai <ericllai@google.com>
---
M src/lib/malloc.c
M tests/lib/malloc-test.c
2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/lib/malloc.c b/src/lib/malloc.c
index 052a53e..3029806 100644
--- a/src/lib/malloc.c
+++ b/src/lib/malloc.c
@@ -44,7 +44,10 @@
 				p, free_mem_ptr);
 		printk(BIOS_ERR, "but free_mem_end_ptr is %p\n",
 				free_mem_end_ptr);
-		die("Error! %s: Out of memory (free_mem_ptr >= free_mem_end_ptr)", __func__);
+		printk(BIOS_ERR, "Error! %s: Out of memory "
+				"(free_mem_ptr >= free_mem_end_ptr)",
+				__func__);
+		return NULL;
 	}
 
 	MALLOCDBG("%s %p\n", __func__, p);
diff --git a/tests/lib/malloc-test.c b/tests/lib/malloc-test.c
index 452d74f..f5d528e 100644
--- a/tests/lib/malloc-test.c
+++ b/tests/lib/malloc-test.c
@@ -34,11 +34,6 @@
 TEST_SYMBOL(_heap, _test_heap);
 TEST_SYMBOL(_eheap, _etest_heap);
 
-void die(const char *msg, ...)
-{
-	function_called();
-}
-
 static int setup_test(void **state)
 {
 	free_mem_ptr = &_heap;
@@ -56,9 +51,8 @@
 
 static void test_malloc_out_of_memory(void **state)
 {
-	/* Expect die() call if out of memory */
-	expect_function_call(die);
-	cb_malloc(TEST_HEAP_SZ);
+	void *ptr = cb_malloc(TEST_HEAP_SZ);
+	assert_ptr_equal(ptr, NULL);
 }
 
 static void test_malloc_zero(void **state)
@@ -102,8 +96,8 @@
 
 static void test_memalign_out_of_memory(void **state)
 {
-	expect_function_call(die);
-	cb_memalign(16, TEST_HEAP_SZ);
+	void *ptr = cb_memalign(16, TEST_HEAP_SZ);
+	assert_ptr_equal(ptr, NULL);
 }
 
 static void test_memalign_zero(void **state)

To view, visit change 80226. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I262fbad7daae0ca3aab583fda00665a2592deaa8
Gerrit-Change-Number: 80226
Gerrit-PatchSet: 4
Gerrit-Owner: Patrick Georgi <patrick@coreboot.org>
Gerrit-Reviewer: Brandon Weeks <bweeks@google.com>
Gerrit-Reviewer: Eric Lai <ericllai@google.com>
Gerrit-Reviewer: Jakub Czapiga <czapiga@google.com>
Gerrit-Reviewer: Julius Werner <jwerner@chromium.org>
Gerrit-Reviewer: Martin L Roth <gaumless@gmail.com>
Gerrit-Reviewer: Patrick Georgi <patrick@coreboot.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-MessageType: merged