On 4/25/19 9:22 PM, Simon Goldschmidt wrote:
> If the malloc range passed to mem_malloc_init() is at the end of address
> range and 'start + size' overflows to 0, following allocations fail as
> mem_malloc_end is zero (which looks like uninitialized).
>
> Fix this by subtracting 1 of 'start + size' overflows to zero.
>
> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschm...@gmail.com>
> ---
>
> Changes in v5:
> - this patch was 1/2 in v4 but is now 2/2 as the 2nd patch of v4 has
> already been accepted
> - rearrange the code to make it only 8 bytes plus in code size for arm
> (which fixes smartweb SPL overflowing)
>
> common/dlmalloc.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/common/dlmalloc.c b/common/dlmalloc.c
> index 6f12a18d54..38859ecbd4 100644
> --- a/common/dlmalloc.c
> +++ b/common/dlmalloc.c
> @@ -601,8 +601,12 @@ void *sbrk(ptrdiff_t increment)
> void mem_malloc_init(ulong start, ulong size)
> {
> mem_malloc_start = start;
> - mem_malloc_end = start + size;
> mem_malloc_brk = start;
> + mem_malloc_end = start + size;
> + if (size > mem_malloc_end) {
> + /* overflow: malloc area is at end of address range */
> + mem_malloc_end--;
Does this mean a memory wrap-around happened ?
I don't think decrementing malloc area size by 1 is a proper solution.
You can have it overflow by 2 and decrementing by 1 won't help.
> + }
>
> debug("using memory %#lx-%#lx for malloc()\n", mem_malloc_start,
> mem_malloc_end);
>
--
Best regards,
Marek Vasut
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
