[coreboot] r3269 - trunk/payloads/libpayload/libc

[svn at coreboot.org]

Author: jcrouse
Date: 2008-04-26 01:08:47 +0200 (Sat, 26 Apr 2008)
New Revision: 3269

Modified:
   trunk/payloads/libpayload/libc/malloc.c
Log:
libpayload:  Fix malloc allocation

Apparently the previous version worked on luck.  Fix the allocation
and add parens to better guide the compiler.  Also, halt() if 
the heap is poisoned (like by an overrun).  Finally, fix calloc()
so that it actually works.

Signed-off-by: Jordan Crouse <jordan.crouse at amd.com>
Acked-by: Peter Stuge <peter at stuge.se>



Modified: trunk/payloads/libpayload/libc/malloc.c
===================================================================
--- trunk/payloads/libpayload/libc/malloc.c	2008-04-25 23:07:39 UTC (rev 3268)
+++ trunk/payloads/libpayload/libc/malloc.c	2008-04-25 23:08:47 UTC (rev 3269)
@@ -67,7 +67,8 @@
 
 static void setup(void)
 {
-	int size = (unsigned int)(_heap - _eheap) - HDRSIZE;
+	int size = (unsigned int)(&_eheap - &_heap) - HDRSIZE;
+
 	*((hdrtype_t *) hstart) = FREE_BLOCK(size);
 }
 
@@ -91,9 +92,12 @@
 		header = *((hdrtype_t *) ptr);
 		int size = SIZE(header);
 
+		if (!HAS_MAGIC(header) || size == 0)
+			halt();
+
 		if (header & FLAG_FREE) {
 			if (len <= size) {
-				void *nptr = ptr + HDRSIZE + len;
+				void *nptr = ptr + (HDRSIZE + len);
 				int nsize = size - (len + 8);
 
 				/* Mark the block as used. */
@@ -102,6 +106,7 @@
 				/* If there is still room in this block,
 				 * then mark it as such.
 				 */
+
 				if (nsize > 0)
 					*((hdrtype_t *) nptr) =
 					    FREE_BLOCK(nsize - 4);
@@ -184,8 +189,8 @@
 
 void *calloc(size_t nmemb, size_t size)
 {
-	unsigned int total = (nmemb * size);
-	void *ptr = alloc(size);
+	size_t total = nmemb * size;
+	void *ptr = alloc(total);
 
 	if (ptr)
 		memset(ptr, 0, total);