arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-23 08:45:22 +03:00
Code Activity

Fixes occasional UMM_POISON failure (#8953)

Browse Source 
* Fixes occasional UMM_POISON failure

Bug introduced with PR fix #8914.
When a reallocated pointer could not grow in place, a replacement
allocation was created. Then UMM_POISON was written to the wrong block.

* Fix umm_poison data corruption on realloc when memory move is used.

Bug introduced with PR fix #8914

* refactored to resolve unused error in some build contexts
This commit is contained in:
M Hightower
2023-07-18 14:34:42 -07:00
committed by GitHub
parent 521ae60a89
commit dcceee8cbd
2 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cores/esp8266/umm_malloc/umm_malloc.cpp
View File

@ -928,7 +928,7 @@ void *umm_realloc(void *ptr, size_t size) {
uint16_t c; uint16_t c;
size_t curSize; [[maybe_unused]] size_t curSize;
UMM_CHECK_INITIALIZED(); UMM_CHECK_INITIALIZED();
@ -1089,7 +1089,8 @@ void *umm_realloc(void *ptr, size_t size) {
STATS__FREE_BLOCKS_UPDATE(-prevBlockSize); STATS__FREE_BLOCKS_UPDATE(-prevBlockSize);
STATS__FREE_BLOCKS_ISR_MIN(); STATS__FREE_BLOCKS_ISR_MIN();
blockSize += prevBlockSize; blockSize += prevBlockSize;
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); // Fix allocation so ISR poison check is good // Fix new allocation such that poison checks from an ISR pass.
POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize); UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
ptr = (void *)&UMM_DATA(c); ptr = (void *)&UMM_DATA(c);
@ -1111,7 +1112,7 @@ void *umm_realloc(void *ptr, size_t size) {
#else #else
blockSize += (prevBlockSize + nextBlockSize); blockSize += (prevBlockSize + nextBlockSize);
#endif #endif
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize); UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
ptr = (void *)&UMM_DATA(c); ptr = (void *)&UMM_DATA(c);
@ -1123,7 +1124,7 @@ void *umm_realloc(void *ptr, size_t size) {
void *oldptr = ptr; void *oldptr = ptr;
if ((ptr = umm_malloc_core(_context, size))) { if ((ptr = umm_malloc_core(_context, size))) {
DBGLOG_DEBUG("realloc %i to a bigger block %i, copy, and free the old\n", blockSize, blocks); DBGLOG_DEBUG("realloc %i to a bigger block %i, copy, and free the old\n", blockSize, blocks);
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); (void)POISON_CHECK_SET_POISON(ptr, size);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMCPY(ptr, oldptr, curSize); UMM_POISON_MEMCPY(ptr, oldptr, curSize);
UMM_CRITICAL_RESUME(id_realloc); UMM_CRITICAL_RESUME(id_realloc);
@ -1186,7 +1187,8 @@ void *umm_realloc(void *ptr, size_t size) {
blockSize = blocks; blockSize = blocks;
#endif #endif
} }
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); // Fix new allocation such that poison checks from an ISR pass.
POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize); UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
ptr = (void *)&UMM_DATA(c); ptr = (void *)&UMM_DATA(c);
@ -1204,7 +1206,7 @@ void *umm_realloc(void *ptr, size_t size) {
void *oldptr = ptr; void *oldptr = ptr;
if ((ptr = umm_malloc_core(_context, size))) { if ((ptr = umm_malloc_core(_context, size))) {
DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks); DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); (void)POISON_CHECK_SET_POISON(ptr, size);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMCPY(ptr, oldptr, curSize); UMM_POISON_MEMCPY(ptr, oldptr, curSize);
UMM_CRITICAL_RESUME(id_realloc); UMM_CRITICAL_RESUME(id_realloc);
@ -1230,7 +1232,7 @@ void *umm_realloc(void *ptr, size_t size) {
void *oldptr = ptr; void *oldptr = ptr;
if ((ptr = umm_malloc_core(_context, size))) { if ((ptr = umm_malloc_core(_context, size))) {
DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks); DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
POISON_CHECK_SET_POISON((void *)&UMM_DATA(c), size); (void)POISON_CHECK_SET_POISON(ptr, size);
UMM_CRITICAL_SUSPEND(id_realloc); UMM_CRITICAL_SUSPEND(id_realloc);
UMM_POISON_MEMCPY(ptr, oldptr, curSize); UMM_POISON_MEMCPY(ptr, oldptr, curSize);
UMM_CRITICAL_RESUME(id_realloc); UMM_CRITICAL_RESUME(id_realloc);

20
cores/esp8266/umm_malloc/umm_malloc_cfg.h
View File

@ -619,8 +619,16 @@ extern bool umm_poison_check(void);
void *umm_poison_realloc_fl(void *ptr, size_t size, const char *file, int line); void *umm_poison_realloc_fl(void *ptr, size_t size, const char *file, int line);
void umm_poison_free_fl(void *ptr, const char *file, int line); void umm_poison_free_fl(void *ptr, const char *file, int line);
#define POISON_CHECK_SET_POISON(p, s) get_poisoned(p, s) #define POISON_CHECK_SET_POISON(p, s) get_poisoned(p, s)
#define UMM_POISON_SKETCH_PTR(p) ((void*)((uintptr_t)p + sizeof(UMM_POISONED_BLOCK_LEN_TYPE) + UMM_POISON_SIZE_BEFORE)) #define POISON_CHECK_SET_POISON_BLOCKS(p, s) \
#define UMM_POISON_SKETCH_PTRSZ(s) (s - sizeof(UMM_POISONED_BLOCK_LEN_TYPE) - UMM_POISON_SIZE_BEFORE - UMM_POISON_SIZE_AFTER) do { \
size_t super_size = (s * sizeof(umm_block)) - (sizeof(((umm_block *)0)->header)); \
get_poisoned(p, super_size); \
} while (false)
#define UMM_POISON_SKETCH_PTR(p) ((void *)((uintptr_t)p + sizeof(UMM_POISONED_BLOCK_LEN_TYPE) + UMM_POISON_SIZE_BEFORE))
#define UMM_POISON_SKETCH_PTRSZ(p) (*(UMM_POISONED_BLOCK_LEN_TYPE *)p)
#define UMM_POISON_MEMMOVE(t, p, s) memmove(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
#define UMM_POISON_MEMCPY(t, p, s) memcpy(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
#if defined(UMM_POISON_CHECK_LITE) #if defined(UMM_POISON_CHECK_LITE)
/* /*
* We can safely do individual poison checks at free and realloc and stay * We can safely do individual poison checks at free and realloc and stay
@ -641,13 +649,11 @@ void umm_poison_free_fl(void *ptr, const char *file, int line);
#define POISON_CHECK() 1 #define POISON_CHECK() 1
#define POISON_CHECK_NEIGHBORS(c) do {} while (false) #define POISON_CHECK_NEIGHBORS(c) do {} while (false)
#define POISON_CHECK_SET_POISON(p, s) (p) #define POISON_CHECK_SET_POISON(p, s) (p)
#define UMM_POISON_SKETCH_PTR(p) (p) #define POISON_CHECK_SET_POISON_BLOCKS(p, s)
#define UMM_POISON_SKETCH_PTRSZ(s) (s) #define UMM_POISON_MEMMOVE(t, p, s) memmove((t), (p), (s))
#define UMM_POISON_MEMCPY(t, p, s) memcpy((t), (p), (s))
#endif #endif
#define UMM_POISON_MEMMOVE(t, p, s) memmove(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(s))
#define UMM_POISON_MEMCPY(t, p, s) memcpy(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(s))
#if defined(UMM_POISON_CHECK) || defined(UMM_POISON_CHECK_LITE) #if defined(UMM_POISON_CHECK) || defined(UMM_POISON_CHECK_LITE)
/* /*
* Overhead adjustments needed for free_blocks to express the number of bytes * Overhead adjustments needed for free_blocks to express the number of bytes