[coreboot] [patch 2/4] libpayload: Fix malloc allocation
jordan.crouse at amd.com
jordan.crouse at amd.com
Fri Apr 25 17:52:11 CEST 2008
Here's a chunk of patches fixing various bugs in libpayload.
Content-Disposition: inline; filename=fix-malloc.patch
Apparently the previous version worked on luck. Fix the allocation
and add parens to better guide the compiler. Also, halt() if
the heap is poisoned (like by an overrun). Finally, fix calloc()
so that it actually works/
Signed-off-by: Jordan Crouse <jordan.crouse at amd.com>
Index: libpayload/libc/malloc.c
===================================================================
--- libpayload.orig/libc/malloc.c 2008-04-24 17:59:10.000000000 -0600
+++ libpayload/libc/malloc.c 2008-04-24 17:58:36.000000000 -0600
@@ -67,7 +67,8 @@
static void setup(void)
{
- int size = (unsigned int)(_heap - _eheap) - HDRSIZE;
+ int size = (unsigned int)(&_eheap - &_heap) - HDRSIZE;
+
*((hdrtype_t *) hstart) = FREE_BLOCK(size);
}
@@ -91,9 +92,12 @@
header = *((hdrtype_t *) ptr);
int size = SIZE(header);
+ if (!HAS_MAGIC(header) || size == 0)
+ halt();
+
if (header & FLAG_FREE) {
if (len <= size) {
- void *nptr = ptr + HDRSIZE + len;
+ void *nptr = ptr + (HDRSIZE + len);
int nsize = size - (len + 8);
/* Mark the block as used. */
@@ -102,6 +106,7 @@
/* If there is still room in this block,
* then mark it as such.
*/
+
if (nsize > 0)
*((hdrtype_t *) nptr) =
FREE_BLOCK(nsize - 4);
@@ -184,8 +189,8 @@
void *calloc(size_t nmemb, size_t size)
{
- unsigned int total = (nmemb * size);
- void *ptr = alloc(size);
+ size_t total = nmemb * size;
+ void *ptr = alloc(total);
if (ptr)
memset(ptr, 0, total);
--
Jordan Crouse
Systems Software Development Engineer
Advanced Micro Devices, Inc.
More information about the coreboot
mailing list