public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Fix incorrect cast in nano malloc
@ 2017-01-09 15:22 Corinna Vinschen
  0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2017-01-09 15:22 UTC (permalink / raw)
  To: newlib-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=83c39aedacc8f743b76f40723e4b02fcf0fd1a4d

commit 83c39aedacc8f743b76f40723e4b02fcf0fd1a4d
Author: Joe Seymour <joe.s@somniumtech.com>
Date:   Tue Jan 3 14:50:53 2017 +0000

    Fix incorrect cast in nano malloc
    
    As described in nano-mallocr.c, chunks of heap are represented in memory
    as a size (of type long), followed by some optional padding containing a
    negative offset to size, followed by the data area.
    
    get_chunk_from_ptr is responsible for taking a pointer to the data area
    (as returned by malloc) and finding the start of the chunk. It does this
    by assuming there is no padding and trying to read the size, if the size
    is negative then it uses that as an offset to find the true size.
    Crucially, it reads the padding area as a long.
    
    nano_malloc is responsible for populating the optional padding area. It
    does so by casting a pointer to an (int *) and writing the negative
    offset into it.
    
    This means that padding is being written as an int but read as a long.
    
    On msp430 an int is 2 bytes, while a long is 4 bytes. This means that 2
    bytes are written to the padding, but 4 bytes are read from it: it has
    only been partially initialised.
    
    nano_malloc is the default malloc implementation for msp430.
    
    This patch changes the cast from (int *) to (long *). The change to
    nano_malloc has has been observed to fix a TI Energia project that
    had been malfunctioning because malloc was returning invalid addresses.
    The change to nano_memalign is based entirely on code inspection.
    
    I've built and tested as follows:
      Configured (gcc+newlib) with: --target=msp430-elf --enable-languages=c
      gcc testsuite variations:
        msp430-sim/-mcpu=msp430
        msp430-sim/-mcpu=msp430x
        msp430-sim/-mcpu=msp430x/-mlarge/-mdata-region=either/-mcode-region=either
        msp430-sim/-mhwmult=none
        msp430-sim/-mhwmult=f5series
    My testing has shown no regressions, however I don't know if the gcc
    testsuite provides sufficient coverage for this patch?
    
    I don't have write access, so if this patch is acceptable after review,
    I would appreciate it if someone would commit it for me.
    
    Thanks,
    
    2017-01-XX  Joe Seymour  <joe.s@somniumtech.com>
    
    	newlib/
    	* libc/stdlib/nano-mallocr.c (nano_malloc): Fix incorrect cast.
    	(nano_memalign): Likewise.

Diff:
---
 newlib/libc/stdlib/nano-mallocr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c
index 0b5631c..457eb88 100644
--- a/newlib/libc/stdlib/nano-mallocr.c
+++ b/newlib/libc/stdlib/nano-mallocr.c
@@ -314,7 +314,7 @@ void * nano_malloc(RARG malloc_size_t s)
 
     if (offset)
     {
-        *(int *)((char *)r + offset) = -offset;
+        *(long *)((char *)r + offset) = -offset;
     }
 
     assert(align_ptr + size <= (char *)r + alloc_size);
@@ -587,7 +587,7 @@ void * nano_memalign(RARG size_t align, size_t s)
             /* Padding is used. Need to set a jump offset for aligned pointer
             * to get back to chunk head */
             assert(offset >= sizeof(int));
-            *(int *)((char *)chunk_p + offset) = -offset;
+            *(long *)((char *)chunk_p + offset) = -offset;
         }
     }


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-01-09 15:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-09 15:22 [newlib-cygwin] Fix incorrect cast in nano malloc Corinna Vinschen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).