[coreboot] [patch 2/4] libpayload: Fix malloc allocation
Peter Stuge
peter at stuge.se
Fri Apr 25 20:55:11 CEST 2008
On Fri, Apr 25, 2008 at 09:52:11AM -0600, jordan.crouse at amd.com wrote:
> Here's a chunk of patches fixing various bugs in libpayload.
> Content-Disposition: inline; filename=fix-malloc.patch
Something seems broken in your thingy that sends out patches.
> Apparently the previous version worked on luck. Fix the allocation
> and add parens to better guide the compiler. Also, halt() if
> the heap is poisoned (like by an overrun). Finally, fix calloc()
> so that it actually works/
>
> Signed-off-by: Jordan Crouse <jordan.crouse at amd.com>
Acked-by: Peter Stuge <peter at stuge.se>
> Index: libpayload/libc/malloc.c
> ===================================================================
> --- libpayload.orig/libc/malloc.c 2008-04-24 17:59:10.000000000 -0600
> +++ libpayload/libc/malloc.c 2008-04-24 17:58:36.000000000 -0600
> @@ -67,7 +67,8 @@
>
> static void setup(void)
> {
> - int size = (unsigned int)(_heap - _eheap) - HDRSIZE;
> + int size = (unsigned int)(&_eheap - &_heap) - HDRSIZE;
> +
> *((hdrtype_t *) hstart) = FREE_BLOCK(size);
> }
>
> @@ -91,9 +92,12 @@
> header = *((hdrtype_t *) ptr);
> int size = SIZE(header);
>
> + if (!HAS_MAGIC(header) || size == 0)
> + halt();
> +
> if (header & FLAG_FREE) {
> if (len <= size) {
> - void *nptr = ptr + HDRSIZE + len;
> + void *nptr = ptr + (HDRSIZE + len);
> int nsize = size - (len + 8);
>
> /* Mark the block as used. */
> @@ -102,6 +106,7 @@
> /* If there is still room in this block,
> * then mark it as such.
> */
> +
> if (nsize > 0)
> *((hdrtype_t *) nptr) =
> FREE_BLOCK(nsize - 4);
> @@ -184,8 +189,8 @@
>
> void *calloc(size_t nmemb, size_t size)
> {
> - unsigned int total = (nmemb * size);
> - void *ptr = alloc(size);
> + size_t total = nmemb * size;
> + void *ptr = alloc(total);
>
> if (ptr)
> memset(ptr, 0, total);
More information about the coreboot
mailing list