From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 120468 invoked by alias); 3 Jan 2017 14:51:09 -0000 Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-owner@sourceware.org Received: (qmail 120448 invoked by uid 89); 3 Jan 2017 14:51:08 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=1.7.1, Joe, H*r:sk:newlib@, variations X-HELO: mail-wm0-f49.google.com Received: from mail-wm0-f49.google.com (HELO mail-wm0-f49.google.com) (74.125.82.49) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 03 Jan 2017 14:50:57 +0000 Received: by mail-wm0-f49.google.com with SMTP id a197so386438181wmd.0 for ; Tue, 03 Jan 2017 06:50:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=qLfqDMOCNmWin2RsYWa17JySYxjiIG4Gh57Vg6xu02U=; b=CEPOdU2vc0vMvgqWiOkqn1QdzOuqd9FFH7ajDRK1waPmpe7ZBNbCbpME03ihxcwW6a gjWAuC2KtwSvwFI2GqT0axXbOoYjhCHbjQlX0UXpbKIXLlULbzf0UJGPyMWIHINUvN6N W8wLaL1iPOXyn2sxBYBsMNH9AHbnA8xjuQBXV/P4fK54Rhkmdu9AJUWpPHJLwSlJQcLN eidos6+bajHBbSlWOVJErsDUJG2FQe9GQO7Y3rM7zIwkiXCmD8bPCRD0BhK2J08BFIJE JDwmLVmMYgqPmajcL09/+PYob1ce3kTtN0FPSbb0CgmBHCM+fsI29zdtt+glj60YEvPE 2GsA== X-Gm-Message-State: AIkVDXI0cAY3SRkjgBiU4m2ca++yGD10ZfxDgQLB11faSla5YTgd5C/wRRM4Gc8FLtKG4LzH X-Received: by 10.28.153.201 with SMTP id b192mr56165709wme.61.1483455055361; Tue, 03 Jan 2017 06:50:55 -0800 (PST) Received: from [10.0.39.100] ([31.24.222.134]) by smtp.gmail.com with ESMTPSA id g184sm89867276wme.23.2017.01.03.06.50.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jan 2017 06:50:54 -0800 (PST) To: newlib@sourceware.org From: Joe Seymour Subject: [PATCH 1/2] Fix incorrect cast in nano malloc Message-ID: Date: Tue, 03 Jan 2017 14:51:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-SW-Source: 2017/txt/msg00000.txt.bz2 As described in nano-mallocr.c, chunks of heap are represented in memory as a size (of type long), followed by some optional padding containing a negative offset to size, followed by the data area. get_chunk_from_ptr is responsible for taking a pointer to the data area (as returned by malloc) and finding the start of the chunk. It does this by assuming there is no padding and trying to read the size, if the size is negative then it uses that as an offset to find the true size. Crucially, it reads the padding area as a long. nano_malloc is responsible for populating the optional padding area. It does so by casting a pointer to an (int *) and writing the negative offset into it. This means that padding is being written as an int but read as a long. On msp430 an int is 2 bytes, while a long is 4 bytes. This means that 2 bytes are written to the padding, but 4 bytes are read from it: it has only been partially initialised. nano_malloc is the default malloc implementation for msp430. This patch changes the cast from (int *) to (long *). The change to nano_malloc has has been observed to fix a TI Energia project that had been malfunctioning because malloc was returning invalid addresses. The change to nano_memalign is based entirely on code inspection. I've built and tested as follows: Configured (gcc+newlib) with: --target=msp430-elf --enable-languages=c gcc testsuite variations: msp430-sim/-mcpu=msp430 msp430-sim/-mcpu=msp430x msp430-sim/-mcpu=msp430x/-mlarge/-mdata-region=either/-mcode-region=either msp430-sim/-mhwmult=none msp430-sim/-mhwmult=f5series My testing has shown no regressions, however I don't know if the gcc testsuite provides sufficient coverage for this patch? I don't have write access, so if this patch is acceptable after review, I would appreciate it if someone would commit it for me. Thanks, 2017-01-XX Joe Seymour newlib/ * libc/stdlib/nano-mallocr.c (nano_malloc): Fix incorrect cast. (nano_memalign): Likewise. --- newlib/libc/stdlib/nano-mallocr.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c index 0b5631c..457eb88 100644 --- a/newlib/libc/stdlib/nano-mallocr.c +++ b/newlib/libc/stdlib/nano-mallocr.c @@ -314,7 +314,7 @@ void * nano_malloc(RARG malloc_size_t s) if (offset) { - *(int *)((char *)r + offset) = -offset; + *(long *)((char *)r + offset) = -offset; } assert(align_ptr + size <= (char *)r + alloc_size); @@ -587,7 +587,7 @@ void * nano_memalign(RARG size_t align, size_t s) /* Padding is used. Need to set a jump offset for aligned pointer * to get back to chunk head */ assert(offset >= sizeof(int)); - *(int *)((char *)chunk_p + offset) = -offset; + *(long *)((char *)chunk_p + offset) = -offset; } } -- 1.7.1