From 0455ea28ce2bfa83ca36ec37b9c9fb00c54bbe54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torbj=C3=B6rn=20SVENSSON?= Date: Tue, 30 Aug 2022 15:56:25 +0200 Subject: [PATCH] Used chunk needs to be removed from free_list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using nano malloc and the remaning heap space is not big enough to fullfill the allocation, malloc will attempt to merge the last chunk in the free list with a new allocation in order to create a bigger chunk. This is successful, but the chunk still remains in the free_list, so any later call to malloc can give out the same region without it first being freed. Possible sequence to verify: void *p1 = malloc(3000); void *p2 = malloc(4000); void *p3 = malloc(5000); void *p4 = malloc(6000); void *p5 = malloc(7000); free(p2); free(p4); void *p6 = malloc(35000); free(p6); void *p7 = malloc(42000); void *p8 = malloc(32000); Without the change, p7 and p8 points to the same address. Requirement, after malloc(35000), there is less than 42000 bytes available on the heap. Contributed by STMicroelectronics Signed-off-by: Torbjörn SVENSSON --- newlib/libc/stdlib/nano-mallocr.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c index 99ad60dd0..43eb20e07 100644 --- a/newlib/libc/stdlib/nano-mallocr.c +++ b/newlib/libc/stdlib/nano-mallocr.c @@ -336,6 +336,15 @@ void * nano_malloc(RARG malloc_size_t s) if (sbrk_aligned(RCALL alloc_size) != (void *)-1) { p->size += alloc_size; + + /* Remove chunk from free_list */ + r = free_list; + while (r && p != r->next) + { + r = r->next; + } + r->next = NULL; + r = p; } else