[coreboot] [patch 2/4] libpayload: Fix malloc allocation

[jordan.crouse at amd.com]

Here's a chunk of patches fixing various bugs in libpayload.  
Content-Disposition: inline; filename=fix-malloc.patch

Apparently the previous version worked on luck.  Fix the allocation
and add parens to better guide the compiler.  Also, halt() if 
the heap is poisoned (like by an overrun).  Finally, fix calloc()
so that it actually works/

Signed-off-by: Jordan Crouse <jordan.crouse at amd.com>
Index: libpayload/libc/malloc.c
===================================================================
--- libpayload.orig/libc/malloc.c	2008-04-24 17:59:10.000000000 -0600
+++ libpayload/libc/malloc.c	2008-04-24 17:58:36.000000000 -0600
@@ -67,7 +67,8 @@
 
 static void setup(void)
 {
-	int size = (unsigned int)(_heap - _eheap) - HDRSIZE;
+	int size = (unsigned int)(&_eheap - &_heap) - HDRSIZE;
+
 	*((hdrtype_t *) hstart) = FREE_BLOCK(size);
 }
 
@@ -91,9 +92,12 @@
 		header = *((hdrtype_t *) ptr);
 		int size = SIZE(header);
 
+		if (!HAS_MAGIC(header) || size == 0)
+			halt();
+
 		if (header & FLAG_FREE) {
 			if (len <= size) {
-				void *nptr = ptr + HDRSIZE + len;
+				void *nptr = ptr + (HDRSIZE + len);
 				int nsize = size - (len + 8);
 
 				/* Mark the block as used. */
@@ -102,6 +106,7 @@
 				/* If there is still room in this block,
 				 * then mark it as such.
 				 */
+
 				if (nsize > 0)
 					*((hdrtype_t *) nptr) =
 					    FREE_BLOCK(nsize - 4);
@@ -184,8 +189,8 @@
 
 void *calloc(size_t nmemb, size_t size)
 {
-	unsigned int total = (nmemb * size);
-	void *ptr = alloc(size);
+	size_t total = nmemb * size;
+	void *ptr = alloc(total);
 
 	if (ptr)
 		memset(ptr, 0, total);

-- 
Jordan Crouse
Systems Software Development Engineer 
Advanced Micro Devices, Inc.