[OpenBIOS] [commit] r1119 - trunk/openbios-devel/libopenbios
repository service
svn at openbios.org
Fri Apr 19 09:03:29 CEST 2013
Author: mcayland
Date: Fri Apr 19 09:03:26 2013
New Revision: 1119
URL: http://tracker.coreboot.org/trac/openbios/changeset/1119
Log:
OFMEM: Fix selection of reusable memory areas from the internal malloc() freelist.
The existing code would incorrectly allow freelist memory to be reused if the
requested size were 0x1000 greater than the freelist item size, rather than the
freelist item size being 0x1000 greater than the requested size.
Since internal memory allocations could be smaller than requested, it would be
possible for a caller to clobber over the internal memory heap causing a crash or
internal memory corruption.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland at ilande.co.uk>
Modified:
trunk/openbios-devel/libopenbios/ofmem_common.c
Modified: trunk/openbios-devel/libopenbios/ofmem_common.c
==============================================================================
--- trunk/openbios-devel/libopenbios/ofmem_common.c Fri Apr 19 09:03:20 2013 (r1118)
+++ trunk/openbios-devel/libopenbios/ofmem_common.c Fri Apr 19 09:03:26 2013 (r1119)
@@ -107,7 +107,7 @@
}
/* waste at most 4K by taking an entry from the freelist */
- if( *pp && (**pp).size < size + 0x1000 ) {
+ if( *pp && (**pp).size > size + 0x1000 ) {
/* Alignment should be on physical not virtual address */
pa = va2pa((uintptr_t)*pp + sizeof(alloc_desc_t));
pa = align_ptr(pa, alignment);
More information about the OpenBIOS
mailing list